UK “spying” laws overruled – what does it mean for you?
Posted on Wednesday, January 4, 2017
The government’s approach to data retention by the government has always been a source of concern for privacy advocates. And it would appear that the European Court of Justice (ECJ) agrees.
Recent changes to UK legislation effectively legalised many of the data collection processes already in use by the security services. Under the Investigatory Powers Act 2016 (IPA also known as the Snooper’s Charter), many firms are required to collect data from their clients and make it available to the Police and security services for analysis.
Importantly, this collection was to be indiscriminate – data for all users has to be retained.
CTOs breathe a sigh of relief
Having looked at the IPA, European judges ruled that collection and monitoring of data is legal – for specific individuals and groups. However, their final ruling (PDF, 178kB) also said that blanket data retention "exceeds the limits of what is strictly necessary and cannot be considered to be justified within a democratic society".
For the CTO this is great news. The information deemed important by the UK government often conflicted with that deemed critical to business interests – and yet they still had to store everything. They were also responsible for building frameworks and processes that permitted government agencies to access that information, as well as diverting resources to fulfil every request.
Under IPA, corporate data stores would need to grow at an even faster rate to hold non-essential data for the government ‘just in case’ they ever needed it. With IPA struck down, CTOs can now return to planning according to their own capacity growth goals, rather than those of the UK government.
One more thing. The UK government is appealing the ECJ ruling, so there may yet be more twists in this tale, particularly if Britain does leave the European Union at some point in the near future.
For more help and advice about data centers and big data, please get in touch.