The heart of tech is coming to the heart of the Mediterranean. Join TNW in València this March 🇪🇸

This article was published on July 10, 2014

UK’s emergency data retention law: Balancing security and fundamental rights is a tricky business

UK’s emergency data retention law: Balancing security and fundamental rights is a tricky business
Ben Woods
Story by

Ben Woods

Europe Editor

Ben is a technology journalist with a specialism in mobile devices and a geeky love of mobile spectrum issues. Ben used to be a professional Ben is a technology journalist with a specialism in mobile devices and a geeky love of mobile spectrum issues. Ben used to be a professional online poker player. You can contact him via Twitter or on Google+.

The UK’s Prime Minister David Cameron and Deputy Prime Minister Nick Clegg have just wrapped up a press conference explaining why emergency security legislation had to be put into place to ensure that ISPs and other communications providers continued to keep records of users’ activity for up to 12 months.

Behind the rushed decision was a Court of Justice of the European Union (CJEU) ruling in April that the existing European Data Retention Directive was unlawful as it breached European human rights regarding the blanket storage of communications data. As UK law was based on this European law, it too was invalidated by this decision.

Cameron argued today that, as a result, temporary measures needed to be put into place to ensure that service providers (ISPs/mobile operators) didn’t start destroying their records in the near future. And why is keeping those records necessary at all? In the interests of national security and preventing serious crime, we’re told.


“The emergency Data Retention and Investigation Powers Bill will enable agencies to maintain existing capabilities… Without action, our law enforcement and intelligence agencies will lose sight of data that is crucial for protecting national security and preventing serious crime, and lose track of some dangerous individuals as a result,” the government said in a statement.

Today’s decision, put simply, keeps things exactly as they have been previously – Cameron said that no new powers were introduced as part of the emergency legislation: providers will still be required to keep data for a up to 12 months. The passing of the legislation was also designed to provide “a clearer legal framework” for service providers – presumably one that isn’t contradictory to EU law.

Built into the emergency measures is a sunset clause, which means that by the end of 2016 the issue will have to be revisited. Before then, the government said it would also hold a full review of the Regulation of Investigatory Powers Act (RIPA).


Naturally, when something is deemed illegal by a European court and then the UK puts measures into place to ensure it can carry on in the same fashion, well, it might seem unsurprising if a few people are rankled by the decision.

Generally, the objection is about the oversight of any such operations, not a call for compromised national security – just a much needed transparent approach. However, another issue is around why these laws are being rushed through at all. After all, if the underlying European law has been deemed unlawful, then shouldn’t there be a discussion around the issue and how to manage it for the future, rather than a quick push to keep things the same?

“The government knows that since the CJEU ruling, there is no legal basis for making internet service providers retain our data so it is using the threat of terrorism as an excuse for getting this law passed. The Government has had since April to address the CJEU ruling but it is only now that organisations such as ORG are threatening legal action that this has become an ’emergency’,” Jim Killock, Executive Director of the Open Rights Group (ORG) told TNW.

The future discussion of the issue was a point re-iterated by Cameron and Clegg. There will be a discussion. When? That’s not exactly been specified, but presuming there’s no emergency extension to these ’emergency’ laws, then it will have to be before the end of 2016.

Secret Airbase RAF Menwith Hill

Unsurprisingly, ORG and other privacy organisations have been following the case closely and are (equally unsurprisingly) massively displeased by the decision.

“Not only will the proposed legislation infringe our right to privacy, it will also set a dangerous precedent where the government simply re-legislates every time it disagrees with a decision by the CJEU… Blanket surveillance needs to end. That is what the court has said.”

This is the problem for me. It’s not the retention of data, or even really the oversight issue. The need to balance transparency, security and appropriate safeguards of any such powers is a tricky, but nonetheless necessary, act to pull off. But convincing the voting populous that you’re not just going to create new laws every time you disagree with European decisions is a seemingly impossible battle in light of today’s announcement. With technology evolving at such a rapid pace, that’s a pretty worrying development.

Featured Image Credit – KHALED DESOUKI/AFP/Getty Images (2) (3)