As a result of an Open Rights Group campaign, over 1300 customers have written to their internet service providers (ISPs) to ask why they are still retaining their web, email, SMS and phone data. This is despite the European Court of Justice striking down the Data Retention Directive in April because it breached our rights to privacy and protection of personal data. The ruling means there is likely no legal basis for the continuing retention of data. Most experts believe that the Data Retention Regulations 2009, which oblige ISPs to keep these records, are now invalid.
Open Rights Group’s Legal Director Elizabeth Knight said:
‘The Government needs to give a full explanation of the grounds on which it is advising ISPs to continue to retain data. The response to Open Rights Group’s campaign shows that customers also want answers. It’s time that ISPs seek clarity from the courts instead of blindly following the Government’s advice.'
Open Rights Group is looking into the possibility of taking legal action against the Government if it continues to implement data retention.
In the view of Open Rights Group, the UK Data Retention (EC Directive) Regulations 2009 are 'ultra vires', meaning they are, and have always been, outside the Government's powers. The Data Retention Regulations were made under the European Communities Act 1972. As a result, the Government enjoyed the power to make the Regulations only because they were made pursuant to an EU Directive. When the European Court of Justice declared the Data Retention Directive invalid for breaching fundamental rights, the decision had retrospective effect. This means the Data Retention Directive was never valid. As a result the Government did not have the power to make the Data Retention Regulations in the first place.