Data retention directive "invalid"
Peter Fairbrother
zenadsl6186 at zen.co.uk
Wed Apr 9 05:39:26 BST 2014
On 08/04/14 17:05, Andrew Cormack wrote:
>>Francis Davey <fjmd1a at gmail.com> writes
>>> Although I haven't had any practical involvement in this
>>> regulatory area for many years, my inclination is that UK
>>> regulations predate the transposition of the Directive, and that
>>> Plan B in the UK would be to fall back onto voluntary
>>> arrangements made in the immediate aftermath of 9/11.
>>>
>>> The Data Retention (EC Directive) Regulations 2007 and 2009 _are_
>>> the transposition of the EU directive.
>>
>> Did they repeal the earlier Regs? -- Roland Perry
>
> The post-9/11 stuff is UK primary legislation - the Anti-Terrorism,
> Crime and Security Act 2001. As far as I can see that would need a UK
> court to declare incompatibility under the Human Rights Act. That's
> the normal way UK primary legislation is challenged. Until Parliament
> responds to a declaration by amending the law, ATCSA will stay.
A voluntary Code of Practice for communications data retention
www.opsi.gov.uk/si/si2003/draft/5b.pdf
was issued under ATCSA Part 11 s.102, but as far as I know no mandatory
Directions relating to data retention were ever issued under ATCSA.
While AFAICS the s.102 power to revise the CoP still exists, the power
of the SoS to make an order containing such directions has lapsed (ATCSA
s.105).
I'll just mention another issue, "serious crime" vs "national security",
which I think may get complicated.
The EU Court of Justice said that the Directive was deficient in that
the restrictions to the right to privacy caused by the Directive were
not proportionate to what it is was trying to achieve, the prevention,
investigation, detection and prosecution of serious crime [1]
(including terrorism [2]).
[1]
http://www.scribd.com/doc/216980523/Judgment-of-the-ECJ-in-Digital-Rights-Ireland-data-retention-challenge
para 18 and 41.
[2] ibid, para 24
However, while some measure like the Directive may be disproportionate
to achieving the prevention etc of serious crime, it may be
proportionate (or otherwise made lawful) when used to achieve the aim of
safeguarding National Security.
eg see ACTSA ss.102(3)(a) and ss.102(3)(b), also referred to in ss.
104(1), though ss.102(3)(b) is a bit wooly -
"necessary—
(a)for the purpose of safeguarding national security; or
(b)for the purposes of prevention or detection of crime or the
prosecution of offenders which may relate directly or indirectly to
national security."
does the crime or just the offender have to (may?) relate to national
security?
Actually Part 11 of ATCSA is all pretty wooly as to the reasons for
retaining data, eg cf 102(5) "... the retention of any communications
data is justified on the grounds that failure to retain the data would
be likely to prejudice national security, the prevention or detection of
crime or the prosecution of offenders" with 102(3), above.
-- Peter Fairbrother
More information about the ukcrypto
mailing list