What has the EU ever done for us? Well, I’ll tell you what. Two current case studies show how instrumental EU legislation is in protecting our right to privacy.
The Watson Case
Last week, Tom Watson’s legal challenge to the government’s Data Retention and Investigatory Powers Act (DRIPA) saw success in the UK Court of Appeal. The court ruled that DRIPA failed to restrict bulk surveillance by the government to serious crimes and didn’t include sufficient independent oversight. Crucially, these shortcomings were incompatible with EU law, and it was on this basis that the Act was ruled unlawful.
The case had previously been heard in the EU’s European Court of Justice, which also ruled DRIPA incompatible with EU law and then handed it back to the UK Court of Appeal to apply the ruling. Although DRIPA itself is now out of date, having been superseded by the Investigatory Powers Act of 2016, it contained similar features to the current legal framework for UK surveillance. It could mean that the Investigatory Powers Act, which proved so controversial because it allowed for widespread use of mass surveillance, is also incompatible with EU law. This would be a major win for privacy advocates and for the protection of the population’s personal data.
The General Data Protection Regulation
The scourge of internet marketers everywhere, the EU’s General Data Protection Regulation (GDPR) is coming into force this May and provides for a major overhaul of the existing EU-wide data protection laws. As the UK still has to adhere to EU law for the time being, we’re obligated to implement it (and, in fact, the government has said it would implement it irrespective of Brexit and will stick to it afterwards).
The law better protects our personal data, allowing us to more easily request access to data that companies hold about us and get that data deleted. It also enforces much stricter consent requirements for data processing, meaning (hopefully) an end to the deluge of emails that you don’t remember ever subscribing to. Even companies based outside the EU have to comply, meaning Facebook, Google, and the other internet giants are all affected. Though it may cause some headaches along the way, the GDPR is set to revolutionise data protection, making it fit for the digital age.
Both these cases illustrate just how important EU legislation can be in protecting our rights. It’s therefore vital that we ensure the government doesn’t water down EU-derived legislation after Brexit. It’s also going to be important for the UK to take future developments in EU legislation and court rulings into account when devising our own laws and making our own legal rulings, otherwise incompatibility could affect things like data sharing (which the EU would not allow if the UK’s standards were dramatically lower than theirs).
Andrew Noakes is the Director of LCHR