The EU framework directive on the retention of communications data contains some potentially serious flaws which if implemented in the UK could amount to a direct breach of the European Convention on Human Rights (ECHR), according to civil liberties group Privacy International.
The UK's controversial snooper's charter, which proposes a number of extensions to the Regulation of Investigatory Powers Act, intends to "create a legal basis for comprehensive surveillance of communications data". The regulations, which were toned down following a series of complaints, allow a number of government bodies and departments to access communications data — including all websites visited, emails sent and telephone calls made. Companies, including ISPs and telcos, will therefore be obliged to retain customer data for a specified period.
But a 21-page legal opinion compiled by international law firm Covington & Burling on behalf of Privacy International unequivocally concludes that incorporating such retention plans across a total of 10 European states would be unlawful.
"The data retention regime envisaged by the [EU] framework decision, and now appearing in various forms at member state level, is unlawful," states the document.
"Article 8 of the ECHR guarantees every individual the right to respect for his or her private life, subject only to narrow exceptions where government action is imperative. The framework decision and national laws [based on it] would interfere with this right, by requiring the accumulation of large amounts of information bearing individuals' private activities.
"The indiscriminate collection of traffic data offends a core principle of the rule of law that citizens should have notice of the circumstance in which the state may conduct surveillance so that they can regulate their behaviour to avoid unwanted intrusions.
"Moreover, the data retention requirement would be so extensive as to be out of all proportion to the law enforcement objectives served. Under the case law of the European Court of Human Rights, such a disproportionate interference in the private lives of individuals cannot be said to be necessary in a democratic society," the opinion concludes.
The document goes on to highlight a series of case law rulings against the use of "indiscriminate surveillance of communications".
"This is an important legal analysis. It clearly exposes the government's intention not only to snoop unnecessarily on innocent people, but also to force unwilling companies to be complicit in an unprecedented and disproportionate surveillance regime," said Simon Davies, director of Privacy International, which has been campaigning against the regulations since the Act was introduced back in 2000.
Privacy International intends to bring test cases in two European countries, the first of which is likely to be Denmark. It is currently looking for litigants from within the industry.
The group today lodged a complaint with the Information Commission regarding the so-called 'blanket rules'. Davies hopes the action will push the Commissioner to support a referral to the Committee on Human Rights.
"The government's plans are illegal," concluded Davies.