UK data law is good news for Ireland’s tech sector
Privacy advocates Digital Rights Ireland succeeded in challenging Irish data retention laws
A year of revelations from Edward Snowden about the secretive mass data-gathering activities of the UK’s secretive spy agency GCHQ hang as a grotesque background to the UK proposals
When earlier this year, the European Court of Justice threw out the EU’s data retention directive on the grounds that it was not fit for purpose and grossly disproportionate to needs – in effect, imposing surveillance on the entire European population without justification – the UK had a problem.
Since its enactment in 2006, the directive had required European telecommunications and internet companies to retain customers’ communications data for what have now been deemed excessive periods, without adequate safeguards or oversight.
The judgment that rejected the directive was largely the result of the constitutional challenge on data retention, taken against the Irish Government by privacy advocates Digital Rights Ireland (DRI). The case was referred to the European Court of Justice by Ireland’s High Court.
Unlike other EU states, though, the British government had never bothered to bring in a law based on the directive. British data retention law instead has existed on the basis of a ministerial order that directly transposed the directive.
Thus, once the court declared in strong terms the existing directive was unlawful, Britain’s legislation ceased to have any legal basis because it was in essence, only the directive and nothing but the directive.
Other EU states had brought in, or modified, specific national data retention laws, which transposed the directive but also had distinct national elements. All of these national laws, including Ireland’s, can now be challenged within national courts on the grounds they are largely based on an unlawful directive.
That’s exactly what DRI, represented by McGarr Solicitors, will carry on doing in the High Court. But whatever headaches this creates for the Irish Government, they pale compared to Britain’s conundrum.
The UK has no grounds on which to retain data, a serious problem for law enforcement which has no proper legal basis to ask for call data held by telecommunications operators, even within the six months allowed by data protection laws.
Meanwhile, a year of revelations from Edward Snowden about the secretive mass data-gathering activities of the UK’s secretive spy agency GCHQ – which made many of the the National Security Agency’s actions seem moderate – hang as a grotesque background to the UK proposals. The British government has utterly failed to respond to, or open any sort of public conversation about, GCHQ’s activities. Its stance has consistently been that it has total confidence in GCHQ and the adequacy of oversight of its activities.