The collection of communications data from telecoms firms by the UK’s security agencies breached EU law, a top lawyer has concluded.
National security laws allow bodies such as MI5, MI6 and GCHQ to force mobile firms such as Vodafone and O2 to hand over data on customers.
But in a preliminary opinion Campos Sanchez Bordona, advocate general at the Court of Justice of the European Union, ruled that these actions contravened EU law.
Bordona stated that the bloc’s regulations on personal data protection should override national laws that allow for the mass collection of information.
However, he acknowledged that national legislation should allow for data collection in “exceptional circumstances” where the country is forced to declare a state of emergency.
UK security chiefs have long argued that their organisations should be exempt from data privacy laws, as the collection of communications information was key in fighting terrorist threats.
But this has led to clashes with data privacy campaigners and the surveillance watchdog, which last year concluded that MI5’s collection of personal data was unlawful.
Bordona’s opinion, which came in response to a case put forward by charity Privacy International, also related to data collection by spooks in France and Belgium.
The opinion is non-binding, and the court is expected to issue its opinion in the coming months.
Main image credit: Getty