A UK court has declared that UK spy agencies’ collection of private data was carried out illegally.
The harvested data, collected through the use of the Telecommunications Act 1984, was obtained in a way that now breaches EU law, according to the Investigatory Powers Tribunal (IPT).
UK spy agencies collected the data under section 94 of the Act, which has since been repealed by the Investigatory Powers Act 2016. This now makes it incompatible with the law in Europe and human rights standards.
On 22 July 2020, the IPT issued a declaration on a challenge by the campaign group Privacy International (PI) highlighting this and the legality of the data collection.
The incompatibility means that around a decade’s worth of data harvested by UK intelligence agencies is now breaching EU law, and further legal challenges are likely to be brought forward by PI and Liberty.
In a statement on its website, PI stated that the declaration is a “welcome milestone” in the bulk communications data litigation saga, but that the fight “is far from over”.
“We have already asked the IPT to reopen this case following new information that came to light. In parallel, we are seeking disclosure of the judicial dissents given in ‘closed’ in the judgment of 23 July 2018 by way of judicial review proceedings,” PI said.
“We will continue our work to bolster and protect the right to privacy,” they added.
Commenting on last week’s ruling, Ilia Siatitsa, programme director for Privacy International, added that the declaration had set the record straight “over the continuous violation of human rights standards by the UK government for many years”.
“From a democratic society and rule of law perspective, it is very important. It sends a clear message to governments that they should always ensure there is an appropriate legal framework, accountability and transparency when using surveillance capabilities,” she said.
The data collected by UK agencies does not include the content of emails and phone calls, but could still build up a ‘detailed picture’ of an individual, which raises serious privacy questions.
- GCHQ snooping deemed unlawful
- Warning issued over the emergence of ‘triple extortion’ ransomware
- Google set to ban Sugar Daddy apps from Play Store
In its decleration, IPT said: “The wording of section 94 was exceptionally broad. It permitted directions to be made under which general and indiscriminate transmission of communications data was required. The legislation did not lay down either the substantive or procedural conditions governing the use of BCD.”
The declaration continued: “It did not rely on ‘objective criteria’ in order to define the circumstances and conditions under which the security and intelligence agencies were to be granted access to that data. It could not, therefore, be shown that section 94 was ‘strictly necessary’.”
Additionally, the IPT judgment found that the government accepted that the rules governing the scope and application of Section 94 were not sufficiently clear and precise.
This latest ruling comes just weeks after news of a major spying operation using the Pegasus software rocked journalists and governments around the world.
Israeli-made spyware, originally designed to target criminals, has been used by governments to spy on dissenting voices, journalists and human rights activists.
News reports revealed a list of around 50,000 phone numbers believed to be “of interest” to authoritarian leaders was released as part of the ‘Pegasus Project’.