On 10 July 2014, the UK Government announced emergency legislation in the form of the Data Retention and Investigations Powers Bill (“the Bill”), which would require communications service providers (“CSPs”) to retain communications data for up to 12 months. This was the result of a European Court of Justice decision declaring European Directive 2006/24/EC incompatible with Articles 7 and 8 of the Charter of Fundamental Rights of the European Union. The Directive was introduced in the wake of the 2004 and 2005 terrorist attacks to allow governments to prevent future attacks.
Some argue this change is purely to aid law enforcement enquiries. The UK Government claim the Bill will not grant any new powers to the police, the security services or expand existing legislation; rather it aims to keep the pre-ruling status quo. Further, it will not examine the content of the communications themselves and instead determines where and when communications took place and which websites specific IP addresses visited.
The Bill was agreed behind closed doors between the leaders of the three main political parties. It is expected to be passed within a couple of weeks. Although the Bill has been criticised for its quick passage through Parliament, safeguards have been built into it to prevent it from being abused. The legislation contains a ‘Sunset Clause’, forcing its expiration in 2016.
The story has attracted civil liberties campaigners, who warn the changes will invade people's privacy. The Bill sits among many high-profile privacy issues which have made the news over the last year, including the phone hacking enquiry, the Snowden scandal and various NSA and GCHQ spying accusations. Some argue this is another tool for governmental agencies’ arsenal to “snoop on everyone”, whilst others argue it is imperative in order to fight crime and prevent terrorism. A Privacy and Civil Liberties Board, based on an American counterpart, will be introduced to act as an oversight committee. It is hoped the Bill will provide a clearer legal framework than the existing EU Directive at the request of communications companies concerned at the increased exposure to legal proceedings resulting from the Snowden spying allegations. Can the legislation and its oversight committee achieve the correct balance between public interest and protection and the individual’s right to privacy?