European Commissioner For Human Rights And Key EU Privacy Committee Strongly Condemn Mass Surveillance And Bulk Data Retention
from the neither-lawful-nor-ethically-acceptable dept
As we wrote recently, the UK’s Investigatory Powers Tribunal ruled that GCHQ surveillance doesn’t violate human rights. That’s hardly surprising, given IPT’s track record in approving pretty much everything that GCHQ does. But the global reach of the spying carried out by GCHQ and the NSA means that there are plenty of other bodies that are prepared to condemn what they have been doing. Here, for example, is an important report from the commissioner for human rights at the Council of Europe, entitled “The Rule of Law on the Internet in the Wider Digital World“. It’s an extremely thorough exploration of this complex area, touching on key issues that have often been discussed here on Techdirt: privatized law enforcement, suspicionless mass data retention, cross-border exchange of data by law enforcement agencies, and global surveillance by national security agencies. The Guardian summarizes the commissioner’s views as follows:
The “secret, massive and indiscriminate” surveillance conducted by intelligence services and disclosed by the former US intelligence contractor Edward Snowden cannot be justified by the fight against terrorism, the most senior human rights official in Europe has warned.
In a direct challenge to the United Kingdom and other states, Nils Muižnieks, the commissioner for human rights at the Council of Europe, calls for greater transparency and stronger democratic oversight of the way security agencies monitor the internet. He also said that so-called Five Eyes intelligence-sharing treaty between the UK, US, Australia, New Zealand and Canada should be published.
“Suspicionless mass retention of communications data is fundamentally contrary to the rule of law ? and ineffective,” the Latvian official argues in a 120-page report, The Rule of Law on the Internet in the Wider Digital World. “Member states should not resort to it or impose compulsory retention of data by third parties.”
As the article notes, the commissioner has the power to intervene at the European Court of Human Rights; given the tenor of his report, Muižnieks may well choose to do that in the important case involving GCHQ’s spying activities. The commissioner’s report is also likely to bolster recent recommendations from the slightly obscure “Article 29 Working Party”, an independent advisory body for the European Union on data protection and privacy. The recommendations have been issued in the form of a “joint statement“, and, like Muižnieks, the Working Party has no hesitation in criticizing every aspect of the mass surveillance currently being conducted by the UK, US and the other Five Eyes nations, aided and abetted by Internet and telecoms companies. Here are some of its key points:
1. The protection of personal data is a fundamental right. Personal data (which includes metadata) may not be treated solely as an object of trade, an economic asset or a common good.
6. Secret, massive and indiscriminate surveillance of individuals in Europe, whether by public or private players acting in an EU Member State or from elsewhere, is neither lawful with regard to the EU Treaties and legislations nor ethically acceptable.
8. Unrestricted bulk retention of personal data for security purposes is not acceptable in a democratic society. Retention, access and use of data by national competent authorities should be limited to what is strictly necessary and proportionate in a democratic society, and be subject to effective substantive and procedural safeguards.
10. None of the provisions of the European instruments designed to frame international data transfers between private parties provide a legal basis for the transfer of data to a third country authority for the purpose of massive and indiscriminate surveillance (whether Safe Harbor, binding corporate rules or standard contractual clauses).
13. The European level of protection of personal data should not be eroded, wholly or in part, by bilateral or international agreements, including agreements on trade in goods or services with third countries.
As those points make clear, the group not only rejects mass surveillance, but also bulk data retention, the Safe Harbor agreement with the US, and the inclusion of chapters harmful to privacy in trade agreements such as TAFTA/TTIP and TISA. Like the commissioner for human rights at the Council of Europe, the Article 29 Working Party has no power to implement any of its recommendations directly, but its strongly-worded condemnation of just about every aspect of the widespread surveillance and data retention in place today adds to growing pressure for both to be drastically reduced.