Privacy is a fundamental right, upon which our freedom of speech rests. Questions like the anonymity of sources, as well as the right to organise without intrusion, depend on privacy. In the digital age, privacy is also about the balance of power between us as citizens, and the state and corporations. Without privacy rights, and strong data protection regimes, our power to retain control over our lives is reduced, as information about us can be processed and used without our consent or control.
Intercept Modernisation Programme and Data Retention
IMP has raised its head again, merely months after the new coalition government took office. Details are not known, but documents clearly point to investment in a scheme that would aim to intercept online and mobile communications, and store ‘traffic data’, ie who communicates with whom.
We are working to make sure these plans are defeated. They would be an abuse of our fundamental rights, as well as largely pointless and a waste of money.
At the EU, data retention laws are being reviewed. These laws create duties for ISPs and communications providers to ‘retain’ the traffic data of their customers that they would generally routinely collect, for long periods. Civil liberties groups like ORG widely think they are an abuse of privacy rights. We expect to be heavily involved in these debates next year.
The EU’s Data Protection laws are under review. We have started analysis of the current directive and the debates surrounding it, and have contributed to the UK’s call for evidence.[i] Given the huge volumes of personal information now being processed publicly and privately, the Data Protection Directive is a core piece of legislation that protects citizens’ privacy rights. It is however out of date, and also needs to cover law enforcement, which has been brought within the EU’s remit.
In the UK, the problems are exacerbated by a weak implementation of the original directive. Problems include lack of damages for ‘moral harm’ from unfair processing, narrow definitions of ‘private data’, lack of independence, lack of a duty to comment on legislation and developments and weak enforcement powers.
The EU’s Commissioner, Viviane Reding, is pursuing the UK government over a number of privacy problems. She has announced that the UK will now be taken to court for failing to correctly implement interception measures. She has started the process with the Data Protection Directive.
While this is partly due to her strong personality and desire to protect EU citizens’ rights, the timing is particularly helpful as it must make the UK’s position weaker in terms of the demands we may wish to make. Given the current state of data protection in the UK, which has weaker laws and controls than the original EU legislation, the UK may well press for a weaker directive.