The Court of Justice of the European Union (CJEU) has ruled that the UK’s Data Retention and Investigatory Powers Act 2014 (DRIPA), a temporary emergency law which expired on 21 December 2016, was unlawful.
DRIPA was enacted in July 2014 after 3 days’ scrutiny, allowing UK authorities to request that communications companies retain communications data for purposes such as economic well-being and tax collection. The UK Court of Appeal invoked the preliminary reference procedure, and the CJEU ruled that any request to retain data for any purpose other than fighting serious crime is unlawful.
DRIPA gave the UK government the power to require communications companies to retain ‘communications data’ for up to 12 months. ‘Communications data’ included the time and date an email was sent or a phone call was made, as well as user location data, but not the contents of the communications themselves. These provisions were challenged in the UK courts by Labour MP Tom Watson, supported by the human rights organisation Liberty.
The claimant argued that bulk retention of data violated the right to private life and the protection of personal data, as guaranteed by Articles 7 and 8 of the EU Charter of Fundamental Rights (the Charter). The data was subject to what Liberty criticised as a “lax access regime”, which allowed government agencies to grant themselves access. The claimant was successful in the High Court; the State appealed to the Court of Appeal, which sought a preliminary ruling. The issue at hand was whether the EU’s e-Privacy Directive, read in light of the Charter, precluded authorities accessing retained data where national legislation does not restrict access to the objective of preventing serious crime, and the access request is not subject to prior review …
This is an extract from the PILA Bulletin of 18 January 2017