Data retention directive "invalid"

Peter Fairbrother zenadsl6186 at zen.co.uk
Wed Apr 9 05:39:26 BST 2014 

On 08/04/14 17:05, Andrew Cormack wrote:
>>Francis Davey <fjmd1a at gmail.com> writes
>>> Although I haven't had any practical involvement in this
>>> regulatory area for many years, my inclination is that UK
>>> regulations predate the transposition of the Directive, and that
>>> Plan B in the UK would be to fall back onto voluntary
>>> arrangements made in the immediate aftermath of 9/11.
>>>
>>> The Data Retention (EC Directive) Regulations 2007 and 2009 _are_
>>> the transposition of the EU directive.
>>
>> Did they repeal the earlier Regs? -- Roland Perry
>
> The post-9/11 stuff is UK primary legislation - the Anti-Terrorism,
> Crime and Security Act 2001. As far as I can see that would need a UK
> court to declare incompatibility under the Human Rights Act. That's
> the normal way UK primary legislation is challenged. Until Parliament
> responds to a declaration by amending the law, ATCSA will stay.

A voluntary Code of Practice for communications data retention

www.opsi.gov.uk/si/si2003/draft/5b.pdf

was issued under ATCSA Part 11 s.102, but as far as I know no mandatory 
Directions relating to data retention were ever issued under ATCSA.

While AFAICS the s.102 power to revise the CoP still exists, the power 
of the SoS to make an order containing such directions has lapsed (ATCSA 
s.105).






I'll just mention another issue, "serious crime" vs "national security", 
which I think may get complicated.

The EU Court of Justice said that the Directive was deficient in that 
the restrictions to the right to privacy caused by the Directive were 
not proportionate to what it is was trying to achieve, the prevention, 
investigation, detection and  prosecution of serious crime [1] 
(including terrorism [2]).

[1] 
http://www.scribd.com/doc/216980523/Judgment-of-the-ECJ-in-Digital-Rights-Ireland-data-retention-challenge 
  para 18 and 41.

[2] ibid, para 24


However, while some measure like the Directive may be disproportionate 
to achieving the prevention etc of serious crime, it may be 
proportionate (or otherwise made lawful) when used to achieve the aim of 
safeguarding National Security.


eg see ACTSA ss.102(3)(a) and ss.102(3)(b), also referred to in ss. 
104(1), though ss.102(3)(b) is a bit wooly -

"necessary—
(a)for the purpose of safeguarding national security; or
(b)for the purposes of prevention or detection of crime or the 
prosecution of offenders which may relate directly or indirectly to 
national security."

does the crime or just the offender have to (may?) relate to national 
security?

Actually Part 11 of ATCSA is all pretty wooly as to the reasons for 
retaining data, eg cf 102(5) "... the retention of any communications 
data is justified on the grounds that failure to retain the data would 
be likely to prejudice national security, the prevention or detection of 
crime or the prosecution of offenders" with 102(3), above.




-- Peter Fairbrother

More information about the ukcrypto mailing list