On July 15, the United Kingdom Parliament passed a new data collection bill called the Data Retention and Investigatory Powers (DRIP) Act. Both the legislation itself and the unusual circumstances surrounding its passage have drawn considerable controversy.
Using ‘metadata’ to protect against terrorism and organized crime
The bill provides a new legal framework for the retention of customer data, frequently called ‘metadata’, by communications companies and its release to UK law enforcemen. The level of data that can now be intercepted includes records of when, where, how, and with whom customers are communicating, but not the content of a telephone call or an email.
Critics argue that such information can be used to track and surveil any individual with a mobile phone and create profiles of their private lives.
Communications companies are now required to collect and retain this metadata for 12 months. The bill also ensures that service providers not based in the UK, such as Yahoo and Facebook, are legally bound to share information about their users’ electronic activities if those customers are in the UK.
The passing of the bill has been justified on the grounds of national security, and non-terrorism criminal threats.
“The threats faced by the UK from terrorism and organised crime remain considerable and the government would have been negligent if it had not made sure the people and the organisations that keep us safe have the powers and capabilities they need,” said Home Secretary Theresa May.
She continued: “If we had not acted immediately, investigations could have suddenly gone dark overnight. Criminals and terrorists would have been able to go about their work unimpeded, and innocent lives would have been lost.”
Peculiar circumstances surround passage of DRIP Act
The controversy surrounding the DRIP Act stems not just from criticisms about the bill itself, but also from a number of peculiar conditions that accompanied its passage into law.
The DRIP Act was rushed through the UK Parliament in only three days, not giving Members of Parliament (MPs) enough time to carefully scrutinize the proposed bill. It was also introduced right before Parliament’s summer recess, which began July 22, ensuring that calls for more debate would not be met and that it could be fast-tracked through Parliament with less remark by MPs eager to go on holiday.
The DRIP Act was also pushed through at the same time that the UK government rolled out a major cabinet reshuffle, which received the bulk of the press coverage instead.
Lastly, the bill was presented as ‘emergency legislation’, despite the fact that the DRIP Act was responding to a ruling made by the European Court of Justice (ECJ) back in April. It had been months since the ECJ ruled that the UK’s previous data retention policy violated the EU’s Charter of Fundamental Rights.
Critics argue DRIP Act violates privacy rights
Despite passing with cross-party support, the DRIP Act is not being accepted by all MPs. Labour MP Tom Watson and Conservative MP David Davis are launching a request for a judicial review of the new legislation. Human rights organization Liberty announced that it will be spearheading the legal challenge on behalf of the two MPs.
“This Act of Parliament was driven through the House of Commons with ridiculous and unnecessary haste to meet a completely artificial emergency,” said Davis. He added that the overall aim of new legislation should be to create a law “which [..] protects the security of our citizens without unnecessarily invading their privacy.”
Liberty and the MPs argue that the DRIP Act is incompatible with privacy rights set out in both the European Convention on Human Rights and the EU Charter of Fundamental Rights.
James Welch, Legal Director for Liberty, stated: “The Government has shown contempt for both the rule of law and Parliamentary Sovereignty, and this private cross party stitch-up, railroaded onto the statute book inside three days, is ripe for challenge in the Courts.”
During the same week that the DRIP Act was rushed through Parliament, the UN High Commissioner for Human Rights, Navi Pillay, released a report on the right to privacy in the digital age. Many of the report’s findings directly challenge arguments used to justify the DRIP Act, as well as mass surveillance programs in other countries.
The report argues that mandatory mass data retention is neither a necessary nor proportionate measure to take to safeguard against threats and that the distinction between communications ‘content’ and ‘metadata’ is not persuasive when it comes to privacy rights.
As such, it is decidedly unclear if the new DRIP law will protect UK citizens or merely violate their fundamental rights to privacy. Moreover, with the slew of peculiar – perhaps even suspicious – circumstances surrounding the passage of the ‘emergency’ legislation, it is also unclear how much attention the bill’s supporters are actually paying to the legal democratic processes that are supposed to underpin our society.