UK – High Court rules data retention legislation unlawful

In July last year, Australia’s Attorney-General, George Brandis said:

“… I might point out to you as recently as yesterday, the House of Commons passed a new data retention statute. This is very much the way in which western nations are going”.

A month later, in August 2014, Labour MP Tom Watson and the Conservative MP David Davis, commenced a judicial challenge against this new data retention statute – the Data Retention and Investigatory Powers Act – known as DRIPA.

DRIPA had been rushed through Parliament in only 4 days by the government who claimed “emergency” legislation was necessary after the European Court of Justice ruled the EU Directive on Data Retention invalid.

Exactly a year after DRIPA received royal assent, on 17 July 2014, in a landmark ruling the High Court upheld this challenge and ruled that the key provision of DRIPA is inconsistent with the rights of privacy enshrined in European Union law and is therefore ‘disapplied’.

As Carly Nyst explained, the court ruled that the UK must comply with European law, which as set out in the European Court of Justice’s Digital Rights Ireland judgment,  forbids blanket data retention measures that are not accompanied by a strict regime regulating access to retained data.

The High Court set out two fundamental flaws with the data retention law:

  • access and use of communications data is permitted for purposes other than the prevention and detection of serious offences or the conduct of criminal prosecutions relating to such offences; and
  • access to the data is not made dependent on a prior review by a court or an independent administrative body whose decision limits access to and use of the data to what is strictly necessary for the purpose of attaining the objective pursued.

(Significantly, the High Court’s ruling also noted that: “The need for that approval to be by a judge or official wholly independent of the force or body making the application should not, provided the person responsible is properly trained or experienced, be particularly cumbersome.”)

This extremely lax access regime is very familiar …

In the Australian context, our data retention laws, passed on 26 March this year, similarly do not limit the access of communications data to cases involving serious offences.

Nor is access to retained communications data dependent on prior review by a court or an independent administrative body, except in the very limited (and very problematic) case of access to a journalist’s communications data to identify a source.

The order ‘disapplying’ the critical section of DRIPA was stayed until March 2016, to allow time for the Government to remedy the position. Leave to appeal was also granted.  Glyn Moody has reported that the  Home Office said that it will be appealing against the decision.

Our Attorney-General’s rhetoric that data retention is the way the west is going was, as Stilgherrian pointed out back in November last year, not even true – and it is becoming less true as time goes on.  David Anderson, the UK’s Independent Reviewer of Terrorism Legislation,  highlighted  that yesterday’s ruling “echoed decisions already made by national courts in the Netherlands, Belgium, Austria, Slovenia and Romania, which have themselves recently struck down national data retention laws in obedience to Digital Rights Ireland.”   

The Guardian  reported that Tom Watson, a former defence minister, said after the ruling:

“It’s a year to the day since Dripa received royal assent. Good governance is about allowing the legislature the room to make law. In this case it didn’t happen. Good opposition is about holding governments to account and that didn’t happen either.

“So we find ourselves in a position where the courts have had to say to parliament go back and start again.”

And with only a month until Australian telcos and internet service providers  are required to submit their data retention implementation plans to the Attorney-General’s Department, it’s clear that many of those affected still need guidance on what data is to be retained.

In Australia, we also need to hold our government to account.


[And yes, I’ll need to again update my table setting out the status of data retention laws in the EU]

* See also Lorna Wood’s  post from the LSE Media Policy Blog, explaining this ruling and its implications




  1. Thank you! That was great.

Leave a comment

Please be polite. We appreciate that. Your email address will not be published and required fields are marked