Access to Public Information, Privacy, Data Protection and Retention, Surveillance
Bartnicki v. Vopper
Closed Mixed Outcome
Global Freedom of Expression is an academic initiative and therefore, we encourage you to share and republish excerpts of our content so long as they are not used for commercial purposes and you respect the following policy:
Attribution, copyright, and license information for media used by Global Freedom of Expression is available on our Credits page.
The Data Retention and Investigatory Powers Act 2014 (DRIPA) was tested for validity under articles 7 and 8 of the ECHR. The High Court ruled that the law violated the ECHR and struck it down because: (1) it did not provide clear and precise rules on access to and use of retained communications data; and (2) access to data lacked judicial or independent administrative oversight.
DRIPA is a surveillance act that allows the Home Secretary to order communications companies to retain communications data for 12 months. The law allowed surveillance of anyone in the United Kingdom, including emails, calls, texts, and web activity that may be confidential or privileged.
Specifically, DRIPA allowed:
“1-The Secretary of State may by notice (a “retention notice”) require a public telecommunications operator to retain relevant communications data if the Secretary of State considers that the requirement is necessary and proportionate for one or more of the purposes falling within paragraphs (a) to (h) of section 22(2) of the Regulation of Investigatory Powers Act 2000 (purposes for which communications data may be obtained).
2- The Secretary of State may by regulations make further provision about the retention of relevant communications data.
3- Retention limited to 12 months.
4- A public telecommunications operator who retains relevant communications data by virtue of this section must not disclose the data except…” 
The law was challenged by three MPs who argued that it violated the ECHR articles 7 and 8. The MPs based their challenge to DRIPA in large part on the 2014 ECtHR decisions of Digital Rights Ireland Ltd v. Minister for Communications, Marine and Natural Resources.
 Section 1 of DRIPA
The High Court extrapolated from the Digital Rights Ireland case that legislation “establishing a general retention regime for communications data infringes rights under articles 7 and 8 of the EU Charter unless it is accompanied by an access regime (laid down at national level) which provides adequate safeguards for those rights.” 
The High Court specified that EU law established mandatory requirements for surveillance legislation that include:
-The legislation must clearly and precisely establish rules governing the scope and application of surveillance and impose minimum safeguards that sufficiently and effectively protect against the risk of abuse and against any unlawful access to and use of that data;
-“Any legislation establishing or permitting a general retention regime for personal data must expressly provide for access to and use of the data to be strictly restricted to the purpose of preventing and detecting precisely defined serious offences or of conducting criminal prosecutions relating to such offences”; and
-“‘Above all’, access by the competent national authority to the data retained must be made dependent on a prior review by a court or an independent administrative body whose decision seeks to limit access to the data and their use to what is strictly necessary for the purpose of attaining the objective pursued, and which intervenes following a reasoned request of those authorities.” 
Based on this, the High Court ruled that DIRPA violated the ECHR because it: (1) did not provide clear and precise rules on access to and use of retained communications data; and (2) access to data lacked judicial or independent administrative oversight.
 Paragraph 89 of the decision, https://www.judiciary.gov.uk/wp-content/uploads/2015/07/davis_judgment.pdf.
 Paragraph 91 of the decision, id.
Decision Direction indicates whether the decision expands or contracts expression based on an analysis of the case.
The High Court explicitly stated that it did not wish to participate in the debate over the necessity of surveillance, thus creating precedent for such issues being dismissed in the future. Nonetheless, it ruled that surveillance and data retention must meet strict controls and independent oversight.
Global Perspective demonstrates how the court’s decision was influenced by standards from one or many regions.
“…foreseeability in the special context of secret measures of surveillance, such as the interception of communications, cannot mean that an individual should be able to foresee when the authorities are likely to intercept his communications so that he can adapt his conduct accordingly. However, especially where a power vested in the executive is exercised in secret, the risks of arbitrariness are evident. It is therefore essential to have clear, detailed rules on interception of telephone conversations, especially as the technology available for use is continually becoming more sophisticated. The domestic law must be sufficiently clear in its terms to give citizens an adequate indication as to the circumstances in which and the conditions on which public authorities are empowered to resort to any such measures.”
“…even though they were members of a group of persons who were likely to be affected by measures of interception, were unable to demonstrate that the impugned measures had actually been applied to them. It reiterates, however, its findings in comparable cases to the effect that the mere existence of legislation which allows a system for the secret monitoring of communications entails a threat of surveillance for all those to whom the legislation may be applied. This threat necessarily strikes at freedom of communication between users of the telecommunications services and thereby amounts in itself to an interference with the exercise of the applicants’ rights under Article 8, irrespective of any measures actually taken against them.”
“Digital Rights Ireland the Court was not indicating that communications data can only be retained if they relate to particular geographical areas, or to particular individuals likely to be involved in serious crime. It was identifying the width of the Directive, which imposed no limits on the power to retain. But the Court was not, as we read the judgment, purporting to lay down any particular limitations on that power, as opposed to conditions of access.”
“the Digital Rights Ireland case established that legislation establishing a general retention regime for communications data infringes rights under Articles 7 and 8 of the EU Charter unless it is accompanied by an access regime (laid down at national level) which provides adequate safeguards for those rights.”
Case significance refers to how influential the case is and how its significance changes over time.
The decision reiterates the need for independent or judicial control in surveillance and data retention programs.
Let us know if you notice errors or if the case analysis needs revision.