Some emergency: Why Whitehall won't give up control over your personal data

Guy Herbert

ACCORDING to the Home Office, the Prime Minister, and other senior politicians, it is important that police and officials of all kinds should be able to look at your telephone and internet records. In fact, it is so important that Parliament must act today to pre-empt the application of an April ruling by the European Court of Justice (ECJ), which struck down the EU directive requiring phone and internet firms to retain communication data for 12 months. The April ruling would have allowed old records to be deleted.

The government wants to replace the Data Retention Regulations 2009 with emergency legislation (which, at the time of writing, I have not seen – almost nobody has – but which may be half way to law before you read this article).

This is a double irony of timing. It comes just days after a civil service document emerged, revealed by Rachel Sylvester of The Times, showing how Whitehall departments manage to pursue their own policies regardless of ministerial mandate. It also comes just days before the ninth anniversary of a Home Office coup: those same EU regulations, struck down by the ECJ, were initiated by British ministers in mid July 2005 using the sense of emergency occasioned by the 7/7 London bombings.

This story is less well-known than it should be. Perhaps there is absurdity enough in one set of ministers reading off their cue cards in 2009 that Britain’s data retention regulations were EU obligations, and another now proclaiming it an “emergency” that the ECJ has decided the same regulations are unlawful. But we only have these regulations because the EU’s arm was twisted by the UK.

The regulations have been in effect for a little over five years. We managed without them before 2009. The Danish Ministry of Justice announced last year that its rigorous data retention had proved useless and unwieldy. In Germany, counterintuitively, North Rhine-Westphalia police solved internet crime more efficiently after they stopped data retention – which they did in 2010. Some emergency.

Only Whitehall actively wants this. The pretext is adapted according to circumstance; the policy ambition is unwavering. The only emergency now is the possibility, always avoided, of questioning that ambition.

It goes back further, but plans for data retention as now came from the Home Office in 2003, when they were roundly rejected by Parliament’s All-Party Internet Group. It said at the time:

“The government had underestimated the costs of the scheme, that billing databases would migrate abroad to escape regulation, and that there were few incentives for industry to help the government track technical change… The scheme appeared to be in breach of Human Rights legislation and, despite a year of effort by the Home Office, no solution was in sight. [The All-Party Internet Group] recommends that the Home Office scrap their plans altogether and start negotiations on a lower impact scheme of targeted “data preservation” instead.”

Targeted data preservation – get a warrant to keep a suspect’s information for the purpose of a specific investigation – is something few civil libertarians object to. Curiously, the Home Office does.

So when, in July 2005, dozens of people were murdered in London – by terrorists it later turned out were already known to the authorities – the Home Office had a plan. It was exactly the same plan rejected by the All-Party Internet Group in 2003. But this time, the Home Office would avoid Parliament.

Home secretary Charles Clarke went to an emergency meeting of EU home affairs ministers on 12-13 July 2005, demanding EU laws to require fingerprint-bearing ID cards (something else MPs were being awkward about) and retention of telecoms and internet records. The latter, after table-banging, was put forward to the European Commission for a proposal, and in due course emerged as the Data Retention Directive 2006/24/EC. As a directive, it would become law in Britain as regulations, nominally approved by Parliament, but without debate.

2006/24/EC is not undebated in other EU countries. Ireland and Slovakia challenged its legality directly in 2008 as not within the EU’s remit. It was held unconstitutional in Romania in 2009, disapplied in Germany in 2010 and this year struck down by the ECJ. None of those places wanted it in the first place. Their democratic processes were overridden to suit the Home Office too.

The coalition agreement said that “we will end the storage of internet and email records without good reason”. Now David Cameron says that there is no time for debate, but these new/old plans will have a sunset clause. By 2016, the government will have reviewed them properly – promise. But the Home Office has never changed its mind, and has never got round to anything like evidence for its policies. Whoever does rule Britain in 2017, my bet is that they will still be able to know when you call your mother.