GCHQ Violated People’s Rights with the mass data sharing.

Last Updated on August 23, 2023

The European Court of Human Rights has ruled that GCHQ violated people’s right to privacy when using mass data gathering techniques.
The court said that British intelligence – GCHQ violated people’s right to privacy when using mass data gathering techniques. They ruled the use of these methods, which included trawling through vast amounts of personal communications as a violation of human rights law and found it “unnecessary”.

In the judgment, the Court of Appeal said that GCHQ’s mass data-sharing violated Section 8 ?of the European Convention on Human Rights. The court ruled that “the rights guaranteed by Articles 7 and 8 of the ECHR cannot be overridden by a general public interest in national security” and that “GCHQ acted unlawfully in accessing personal data.”

The judgment is very important for British privacy law because it provides an alternative to blanket surveillance as well as narrow targeting which was previously thought to be necessary under Article 8. It also protects against arbitrary interference with private life without judicial oversight. Furthermore, unlike many other countries there are no laws regulating surveillance under British law so this ruling will have far reaching implications for how intelligence agencies operate within the United Kingdom and indeed the rest of the world.

The court also ruled on several other matters including the sharing of the digital data with other countries and agencies. In this aspect, the court ruled that this practice was not illegal but should be kept under careful review.

So What was this all About ?

The grand chamber judgment follows upon a legal challenge to the GCHQ’s bulk interception of communications from different organizations. It was instigated after revelations from Edward Snowden, without whom we possibly wouldn’t have even known about this mass data intercept.

Well, for three years, Big Brother Watch has been fighting to stop GCHQ from spying on innocent people.  Basically to stop all our data being trawled and intercepted in order to identify specific people and events.   Huge bulk gathering of innocent people’s date cannot be justified without strict authorisation and proper procedures.   Today is the day arguably that they have been proved right.

The court ruled that there were three fundamental flaws in the system.

  • Bulk surveillance was authorized by the secretary of state, not a body independent of the executive of government.
  • Categories of search terms determining the types of communications that would be subject to examination had not been included in an application for a warrant.
  • Same-term searches that seek individuals and use unique identifiers like email addresses or IPs should be subject to an internal authorization process.

From the judgement –

 “In order to minimise the risk of the bulk interception power being abused, the court considers that the process must be subject to “end-to-end safeguards”

This is of course, open to interpretation but it should mean that at the domestic level there should be assesments made at each stage.  These should assess the necessity and proportionality of any surveillance and intercept steps that are being taken.    This would be in addition to the independant authorisation at the beginning of the process.

Although it looks like a victory, it’s scope may be limited.  Many of the judges were of the opinion that the judgment hadn’t gone far enough to protect people’s privacy.  One comment concluded that it let open the gates for a digital ‘Big Briother’ in Europe.

There’s more and more evidence that even with these judgements mostly going the way of privacy campaigners there’s a sense of inevitability of the expansion of surveillance.  Simple guidelines and generic recommendations are easily either forgotten or bypassed by the security agencies.   There’s little in this judgement that GCHQ would probably be overly worried about and there’s probably teams coming up with new data interception techniques and justifications as you read this.

Be prepared, learn how to use VPNs and proxies to ensure that your personal data isn’t hoovered up with everyone elses.  We have a list of the best proxy providers here to start you off, although for personal privacy a VPN might be more appropriate.