Regulations being introduced in the UK and other European Union member states that allow a wide range of government bodies to access communications data may violate EU human rights law, according to a British privacy group.
A legal opinion commissioned by Privacy International, from law firm Covington & Burling, has found that the regulations -- known in the UK as the "snoopers' charter" -- contravene the European Convention on Human Rights (ECHR), which protects individual privacy aside from exceptional cases where government action is required.
The "snoopers' charter", a collection of Statutory Instruments modifying the Regulation of Investigatory Powers Act (RIPA), was originally placed before Parliament in summer 2002, but was withdrawn after it aroused a storm of controversy. RIPA requires communications providers such as ISPs to make communications data, including Internet addresses visited, telephone numbers called and locations of mobile phone handsets, available to government agencies. The "snoopers' charter" regulations would vastly expand the number of bodies with access to the data.
A revised version of the regulations submitted to parliament in September was virtually unchanged, according to critics.
The proposed RIPA extensions, and similar laws being introduced by other EU member states under an EU framework directive on the retention of communications data, breach human rights regulations because of their scale, according to Privacy International's legal opinion.
"The indiscriminate collection of traffic data offends a core principle of the rule of law: that citizens should have notice of the circumstances in which the state may conduct surveillance, so that they can regulate their behaviour to avoid unwanted intrusions," the opinion stated. "Moreover, the data retention requirement would be so extensive as to be out of all proportion to the law enforcement objectives served. Under the case law of the European Court of Human Rights, such a disproportionate interference in the private lives of individuals cannot be said to be necessary in a democratic society."
The privacy group said it is planning to pursue test cases in countries where mandatory data retention has already been implemented, and on Wednesday filed a complaint with the Information Commissioner alleging that the regulations breach the principles of the Data Protection Act.
"This is an important legal analysis," said Privacy International director Simon Davies in a statement. "It clearly exposes the government's intention not only to snoop unnecessarily on innocent people, but also to force unwilling companies to be complicit in an unprecedented and disproportionate surveillance regime."
Privacy International is calling on communications providers to resist the government's proposals.