The UK government has been forced to revise parts of its controversial surveillance legislation.
Under the Investigatory Powers Act 2016, nicknamed the 'Snoopers Charter', communications companies can be required to retain customers' communications data for up to 12 months. The government describes communications data as the who, where, when, how, and with whom of a communication, but does not include what was written or said.
But in December last year the European Court of Justice (ECJ) ruled that the powers of the UK's surveillance legislation were too wide and did not comply with EU law.
In response to the ECJ ruling, the government now plans to make a number of changes, such as introducing a new independent body to authorise communications data requests. Previously, senior police were able to authorise requests.
The use of communications data will also be restricted to investigations into serious crime that would carry a sentence of six months or more. To get access to web surfing data, authorities need to be investigating a crime that carries a sentence of at least a year.
Additional safeguards will be added that must be taken into account before a Data Retention Notice can be given to a telecoms company, and it will be made clearer when people should be notified if their data is accessed.
However, the government insisted that the judgment does not apply to the retention or acquisition of data for national security purposes "as national security is outside of the scope of EU law". A consultation on the changes is underway, and will run for the next seven weeks.
The UK government argues that communications data is used in 95 percent of serious and organised-crime prosecutions, and has figured in every major counter-terrorism investigation over the last decade. Critics argue that rather than introducing surveillance of the entire population, the authorities would be more effective by targeting suspects more closely.
In a statement, privacy campaigners the Open Rights Group (ORG) called the change a "major victory".
"Adding independent authorisation for communications data requests will make the police more effective, as corruption and abuse will be harder. It will improve operational effectiveness, even if less data is used during investigations and trust in the police should improve," said the ORG's executive director Jim Killock.
The ORG and other privacy campaigners met with the government this week, and Home Office staff warned that without communications data, police would have to rely on more intrusive surveillance techniques. But Killock said it's better to have suspects placed under targeted surveillance measures, rather than having the population at large kept under tabs through retained communications data.
"The world has trade offs, and we would suggest that this is a good one," he said.
The government wants to install black box-type devices on telecoms networks for unfettered access to UK metadata, which one rights group says will "become central to the new surveillance regime."
The law forces UK internet providers to store browsing histories -- including domains visited -- for one year, in case of police investigations.
READ MORE ON WEB SURVEILLANCE
- The government's encryption plans remain impossible to decipher
- The new art of war: How trolls, hackers and spies are rewriting the rules of conflict
- Inside the secret digital arms race: Facing the threat of a global cyberwar
- Surveillance laws need rethink, but bulk collection of web data will continue