right to privacy in the digital age-final
TRANSCRIPT
Right to Privacy in the Digital Age
Graham SmithData Protection and Privacy Commissioners’ Conference
Bird & Bird LLP16 October 2014
Legitimate aim, necessity and proportionality are important…
Page 2© Bird & Bird LLP 2014
but don’t forget quality of law
Human Rights Interferences
Page 3© Bird & Bird LLP 2014
Article 8 ECHR – privacy protectionNo interference by a public authority except such as is:● in accordance with the law and ● is necessary in a democratic society ● in the interests of
• national security, • public safety • or the economic well-being of the country, • for the prevention of disorder or crime, • for the protection of health or morals, • or for the protection of the rights and freedoms of others
● Proportionality
"In many countries … vague and broadly conceived legal provisions are being invoked to legitimize and
sanction the use of seriously intrusive techniques.
Without explicit laws authorizing such technologies and techniques, and defining the scope of their use,
individuals are not able to foresee – or even know about – their
application.“Special Rapporteur, 17 April 2013
Page 4© Bird & Bird LLP 2014
Human Rights Interferences
“… the law must be sufficiently accessible, clear and precise so that an individual may look to the
law and ascertain who is authorized to conduct data
surveillance and under what circumstances.”
Page 5© Bird & Bird LLP 2014
High Commissioner’s Report June 2014
Human Rights Interferences
Secrecy and quality of law are natural enemies
Page 6© Bird & Bird LLP 2014
Accessibility
Secret law is not law
Page 7© Bird & Bird LLP 2014
Page 8© Bird & Bird LLP 2014
ECHR “In accordance with the law”Existence and quality of law● Existence: some basis in domestic law (statute or
common law)● Quality of law – compatible with rule of law
• Accessibility and foreseeability of consequences- Publication, detail and precision
• Protection against arbitrary interference, having regard to the legitimate aim of the measure
• For surveillance, a law which confers a discretion must indicate with sufficient clarity the scope of that discretion and the manner of its exercise- Contrary to rule of law for executive discretion to be
expressed in terms of an unfettered power• Laws, regulations, manuals and instructions (if
sufficiently publicised) Liberty v UK• Independent supervision
Human Rights Act 1998
Page 9
© Bird & Bird LLP 2014
A real issuePre-1985No statutory framework
1984 Malone v UKPhone taps warranted by SoSNot "in accordance with the law"
IOCA 1985Public telecommunications
1997 Halford v UKUnwarranted tap of office phoneNot "in accordance with the law"
RIPA 2000Public and private networksWarranted and other interceptionUncertified and certified warrantsOutside and within UKCivil and criminal remediesCodes of Practice
2014TEMPORA, PRISM"in accordance with the law?"
2007 Copland v UKOffice e-mail, internet and phone useNot "in accordance with the law"2008 Liberty v UKExternal warrants - filteringNot "in accordance with the law"
2010 Kennedy v UKInternal warrants scheme"in accordance with the law"
Legal Challenges Landscape
Page 11© Bird & Bird LLP 2014
PRISM – sharing in accordance with law?Privacy International (UK Investigatory Powers Tribunal); Big Brother Watch (Strasbourg)● No legal regime with
• Sufficiently clear and detailed rules• Sufficient safeguards
● Secret and unpublished rules (if any)● Insufficient indication of scope of discretion● Oversight regime
● US FISA too broad/insufficient safeguards
● NL: Citizens v Plasterk (metadata v content, Art 8 applicability to sharing?)
Page 12© Bird & Bird LLP 2014
TEMPORA – in accordance with law?Privacy International (UK Investigatory Powers Tribunal); Big Brother Watch (Strasbourg), Bureau of Investigative Journalism (Strasbourg)RIPA external warrants provisions● Insufficiently specific or clear authorisation● Insufficient public safeguards● Lack of judicial or independent authority authorisation● Oversight regime
● Automated versus sentient?● Richer metadata?● Secret legal interpretations?● Professional/journalistic privilege
● DE: Harting - G10
Page 13© Bird & Bird LLP 2014
TEMPORA – in accordance with law?Privacy International (UK Investigatory Powers Tribunal); Big Brother Watch (Strasbourg), Bureau of Investigative Journalism (Strasbourg)RIPA external warrants provisions● Insufficiently specific or clear authorisation● Insufficient public safeguards● Lack of judicial or independent authority authorisation● Oversight regime
● Automated versus sentient?● Richer metadata?● Secret legal interpretations?● Professional/journalistic privilege
● DE: Harting - G10
“[UK gov’t] … accept that the interception under a s.8(4) warrant may be regarded as giving rise to a technical interference [with ECHR Art 8 rights] even if that communication is not and/or cannot be read, looked at or listened to by any person."
“ … the mere existence of legislation which allows a system for the secret monitoring of communications entails a threat of surveillance for all those to whom the legislation may be applied. This threat necessarily … amounts in itself to an interference with the exercise of the applicants’ rights under Article 8, irrespective of any measures actually taken against them” (Weber [78]).
But it’s not just Snowden
Page 15© Bird & Bird LLP 2014
Mandatory comms data retentionMember State responses to Digital Rights Ireland● Many never implemented in the first place, or were
invalidated by national constitutional courts e.g. GermanyPost CJEU● Slovakia: Constitutional Court temporary invalidity
declaration on retention aspects● Romania: Constitutional Court declared unconstitutional● Sweden: 4 operators ceased retention; regulator initially
decided not to pursue; changed following government committee; challenge by CSP
● UK: substantially enacted by Data Retention and Investigatory Powers Act• Threatened legal challenge by two Members of
Parliament• Professional/journalistic privilege > change in law?
… and watch out for the essence of the right
Page 16© Bird & Bird LLP 2014
“… any limitation to the right to privacy must not render the
essence of the right meaningless”
Page 17© Bird & Bird LLP 2014
High Commissioner’s Report June 2014
Page 18© Bird & Bird LLP 2014
EU Charter of Rights v ECHRArticle 52 Charter Article 8 ECHRLimitations permissible if Interference permissible if
1. Provided for by law In accordance with the law2. Respect the essence of the
right and freedom
3. Necessary Necessary in a democratic society4. And genuinely meet recognised
general interest objectivesin the interests of national security, public safety or the economic well-being of the country,
for the prevention of disorder or crime,
for the protection of health or morals,Or the need to protect rights and freedoms of others
or for the protection of the rights and freedoms of others.
5. Proportionate Proportionate (caselaw)
Page 19© Bird & Bird LLP 2014
Digital Rights Ireland (CJEU)
EU Data Retention Directive - mandatory retention of communications data by service providersEssence of right adversely affected? No.“does not permit acquisition of knowledge of the content of the electronic communications
as such”
Graham [email protected]
@cyberleagleBird & Bird is an international legal practice comprising Bird & Bird LLP and its affiliated and associated businesses.
Bird & Bird LLP is a limited liability partnership, registered in England and Wales with registered number OC340318 and is authorised and regulated by the Solicitors Regulation Authority. Its registered office and principal place of business is at 15 Fetter Lane, London EC4A 1JP. A
list of members of Bird & Bird LLP and of any non-members who are designated as partners, and of their respective professional qualifications, is open to inspection at that address.
twobirds.com
Thank you