Right to Privacy in the
Digital Age
Graham Smith
Data Protection and Privacy
Commissioners’ Conference
Bird & Bird LLP
16 October 2014
Human Rights Interferences
Legitimate aim, necessity and
proportionality are important…
but don’t forget quality of law
Page 2
© Bird & Bird LLP 2014
Article 8 ECHR – privacy protection
No interference by a public authority except such as is:
● in accordance with the law and
● is necessary in a democratic society
● in the interests of
• national security,
• public safety
• or the economic well-being of the country,
• for the prevention of disorder or crime,
• for the protection of health or morals,
• or for the protection of the rights and freedoms of others
● Proportionality
Page 3
© Bird & Bird LLP 2014
Human Rights Interferences
"In many countries … vague and
broadly conceived legal provisions are
being invoked to legitimize and sanction
the use of seriously intrusive techniques.
Without explicit laws authorizing such
technologies and techniques, and defining
the scope of their use, individuals are not
able to foresee – or even know about
– their application.“
Special Rapporteur, 17 April 2013
Page 4
© Bird & Bird LLP 2014
Human Rights Interferences
“… the law must be sufficiently
accessible, clear and precise so that
an individual may look to the law and
ascertain who is authorized to conduct
data surveillance and under what
circumstances.”
High Commissioner’s Report June 2014
Page 5
© Bird & Bird LLP 2014
Accessibility
Secrecy and quality of law
are natural enemies
Page 6
© Bird & Bird LLP 2014
Secret law is not law
Page 7
© Bird & Bird LLP 2014
ECHR “In accordance with the law”
Existence and quality of law
● Existence: some basis in domestic law (statute or common law)
● Quality of law – compatible with rule of law
• Accessibility and foreseeability of consequences
- Publication, detail and precision
• Protection against arbitrary interference, having regard
to the legitimate aim of the measure
• For surveillance, a law which confers a discretion must
indicate with sufficient clarity the scope of that
discretion and the manner of its exercise
- Contrary to rule of law for executive discretion to be
expressed in terms of an unfettered power
• Laws, regulations, manuals and instructions (if sufficiently
publicised) Liberty v UK
• Independent supervision
Page 8
© Bird & Bird LLP 2014
A real issue
Pre-1985
No statutory framework
IOCA 1985
Public telecommunications
1984 Malone v UK
Phone taps warranted by SoS
Not "in accordance with the law"
1997 Halford v UK
Unwarranted tap of office phone
Not "in accordance with the law"
2007 Copland v UK
Office e-mail, internet and phone use
Not "in accordance with the law"
Human Rights Act 1998
2008 Liberty v UK
External warrants - filtering
Not "in accordance with the law"
RIPA 2000
2010 Kennedy v UK
Public and private networks
Warranted and other interception
Uncertified and certified warrants
Outside and within UK
Civil and criminal remedies
Page 9
Codes of Practice
Internal warrants scheme
"in accordance with the law"
© Bird & Bird LLP 2014
2014
TEMPORA, PRISM
"in accordance with the law?"
Legal Challenges Landscape
PRISM – sharing in accordance with law?
Privacy International (UK Investigatory Powers
Tribunal); Big Brother Watch (Strasbourg)
● No legal regime with
• Sufficiently clear and detailed rules
• Sufficient safeguards
● Secret and unpublished rules (if any)
● Insufficient indication of scope of discretion
● Oversight regime
● US FISA too broad/insufficient safeguards
● NL: Citizens v Plasterk (metadata v content, Art 8
applicability to sharing?)
Page 11
© Bird & Bird LLP 2014
TEMPORA – in accordance with law?
Privacy International (UK Investigatory Powers Tribunal); Big Brother
Watch (Strasbourg), Bureau of Investigative Journalism (Strasbourg)
RIPA external warrants provisions
●
●
●
●
Insufficiently specific or clear authorisation
Insufficient public safeguards
Lack of judicial or independent authority authorisation
Oversight regime
●
●
●
●
Automated versus sentient?
Richer metadata?
Secret legal interpretations?
Professional/journalistic privilege
● DE: Harting - G10
Page 12
© Bird & Bird LLP 2014
TEMPORA – in accordance with law?
Privacy International (UK Investigatory Powers Tribunal); Big Brother
“ … the(Strasbourg),
mere existence
of legislation
which
allows a(Strasbourg)
system for
Watch
Bureau
of Investigative
Journalism
the secret
monitoring
of communications
entails a threat of
RIPA
external
warrants
provisions
surveillance for all those to whom the legislation may be applied.
● Insufficiently specific or clear authorisation
This threat necessarily … amounts in itself to an interference
●with
Insufficient
public
safeguards
the exercise
of the
applicants’ rights under Article 8,
●irrespective
Lack of judicial
independent
authority
authorisation
of anyor
measures
actually
taken against
them”
[78]).regime
●(Weber
Oversight
gov’t] … versus
acceptsentient?
that the interception under a s.8(4)
●“[UK
Automated
be regarded as giving rise to a technical
●warrant
Richermay
metadata?
interference [with ECHR Art 8 rights] even if that
● Secret legal interpretations?
communication is not and/or cannot be read, looked at or
●listened
Professional/journalistic
to by any person." privilege
● DE: Harting - G10
Page 13
© Bird & Bird LLP 2014
But it’s not just Snowden
Mandatory comms data retention
Member State responses to Digital Rights Ireland
● Many never implemented in the first place, or were invalidated by
national constitutional courts e.g. Germany
Post CJEU
● Slovakia: Constitutional Court temporary invalidity declaration on
retention aspects
● Romania: Constitutional Court declared unconstitutional
● Sweden: 4 operators ceased retention; regulator initially decided not
to pursue; changed following government committee; challenge by
CSP
● UK: substantially enacted by Data Retention and Investigatory
Powers Act
• Threatened legal challenge by two Members of Parliament
• Professional/journalistic privilege > change in law?
Page 15
© Bird & Bird LLP 2014
… and watch out for
the essence of the right
Page 16
© Bird & Bird LLP 2014
“… any limitation to the right to privacy
must not render the essence of the
right meaningless”
High Commissioner’s Report June 2014
Page 17
© Bird & Bird LLP 2014
EU Charter of Rights v ECHR
Article 52 Charter
Article 8 ECHR
Limitations permissible if
Interference permissible if
1.
Provided for by law
In accordance with the law
2.
Respect the essence of the right
and freedom
Necessary
Necessary in a democratic society
3.
4.
And genuinely meet recognised
general interest objectives
in the interests of national security, public
safety or the economic well-being of the
country,
for the prevention of disorder or crime,
for the protection of health or morals,
5.
Or the need to protect rights and
freedoms of others
or for the protection of the rights and
freedoms of others.
Proportionate
Proportionate (caselaw)
Page 18
© Bird & Bird LLP 2014
Digital Rights Ireland (CJEU)
EU Data Retention Directive - mandatory retention
of communications data by service providers
Essence of right adversely affected? No.
“does not permit acquisition of knowledge of the
content of the electronic communications as such”
Page 19
© Bird & Bird LLP 2014
Thank you
Graham Smith
graham.smith@twobirds.com
@cyberleagle
Bird & Bird is an international legal practice comprising Bird & Bird LLP and its affiliated and associated businesses.
Bird & Bird LLP is a limited liability partnership, registered in England and Wales with registered number OC340318 and is authorised and regulated by the
Solicitors Regulation Authority. Its registered office and principal place of business is at 15 Fetter Lane, London EC4A 1JP. A list of members of Bird & Bird LLP and
of any non-members who are designated as partners, and of their respective professional qualifications, is open to inspection at that address.
twobirds.com