On 25th May 2021, the Grand Chamber (“GC”) of the European Court of Human Rights (“ECtHR”) ruled in the joined cases Big Brother Watch and Others v. United Kingdom (Big Brother Watch v. UK) that some aspects of the UK’s surveillance regime violated Articles 8 and 10 of the European Convention on Human Rights (“ECHR”). After the ruling, Big Brother Watch – one of the organisations which challenged the law – tweeted that the GC’s finding “vindicates Snowden’s whistleblowing”. But is the GC’s ruling truly a ‘win’ for the right to privacy, or has the ECtHR, as the three concurring judges to the ruling put it, “missed an excellent opportunity to fully uphold” it?
Big Brother Watch is the first decision on mass surveillance since Snowden revelations and sets a standard against which many other bulk interception and data sharing regimes in Europe and beyond will be examined. I argue that this standard, however, is a thin one. Grounded in what I call “procedural fetishism”, it endorses the legality of bulk surveillance operations.
The ECtHR Rulings: Chamber, Grand Chamber, Concurs and Dissents
The Big Brother Watch case first went to the Chamber. On 13 September 2018, it ruled that some aspects of the UK surveillance regime violated Articles 8 and 10 of the Convention due to insufficient procedural safeguards. Importantly, however, bulk interception was not per se impermissible and governments enjoyed a wide “margin of appreciation” in deciding which measures are necessary to guarantee national security (Chamber ¶¶ 314-315, 387). While judicial authorisation in bulk interception regimes was “highly desirable”, it was not prerequisite for complying with Article 8 (Chamber ¶ 381).
The applicants thought the decision “did not go far enough” and referred it to the GC, which delivered the final ruling on the 25th May 2021. The GC first identified three “fundamental deficiencies” in the UK’s interception regime. Namely, (i) that the bulk interception was not authorised by a body independent of the executive (but rather by the Secretary of State), (ii) that categories of search terms defining the kinds of communications to be examined were not specified, and finally, (iii) that use of specific identifiers (“subject selectors linked to an individual”) had not been authorised (¶ 425). Judicial authorisation was not necessary for the legality of bulk interception programmes, albeit authorisation by a body independent from the executive (though not necessarily a judicial one) is necessary (¶ 351). The GC thus held that UK’ bulk interception regime failed to satisfy the “quality of law” requirement, violating Article 8 of the ECHR (¶¶ 425-426).
Next, the GC agreed with the Chamber that the UK’s acquisition of communications data from communication service providers also breached Article 8 because it was not “in accordance with law”; the authorities’ access to data retained by communications service providers was not limited to the purpose of combating “serious crime”, and access was not subject to prior review by an independent body (¶¶ 518-522). The GC further ruled, in line with the Chamber’s findings, that both the regime’s bulk interception of communications and the acquisition of data from communications service providers violated Article 10 of the ECHR because they lacked safeguards in relation to journalistic sources and confidential journalistic material (¶¶ 456-458, 524-528). Finally, the system of information sharing, through which the UK authorities received material from US intelligence services, did not violate Articles 8 or 10 of the ECHR (¶¶ 510-514, 515-516). In the Court’s view, intelligence sharing is permissible, provided that there are “adequate safeguards” against abuse in place and that the regime is subject to independent oversight and ex post facto review (¶ 13).
Some judges partially concurred that the ruling had not gone far enough. For example, Judges Lemmens, Vehabović and Bošnjak claimed that the GC should have “attach[ed] significantly more weight to private life in general, and to confidentiality of correspondence in particular” (separate “Joint Partly Concurring Opinion” ¶ 10), that the judgment does not provide “any clear substantive protection against disproportionate interference” (ibid ¶ 14), and should require judicial authorization for bulk interception (ibid ¶¶ 23-24). In contrast to the GC majority, the three partially concurring judges, along with Judge Ranzoni, also argued that UK’s receipt of intelligence from foreign intelligence services did, in fact, violate Articles 8 and 10 (¶ 1).
The judgment is complex one, and I will only cover a few issues in this post.
International Intelligence Sharing
Big Brother Watch is the first decision on international intelligence sharing under the ECHR. The Court emphasised the need for “certain additional safeguards”. However, this “does not necessarily mean that the receiving State must have comparable protection to that of the transferring State, nor does it necessarily require that an assurance is given prior to every transfer.” (¶ 361-362). The GC focused solely on safeguards in the UK surrounding the receipt of communications data from foreign authorities, including the legal rules for requesting and receiving intelligence and the safeguards for examination, use, storage, transmission, erasure and destruction of the material received (¶¶ 500-516). The GC is silent on a reversed transfer scenario (when the UK would send intelligence abroad), and it is unclear whether the safeguards provided by third countries receiving information from the UK would also have to be scrutinized. In comparison, the recent CJEU decision in Schrems II, (July 2020), invalidated the EU-US Privacy Shield, which enabled transatlantic data transfers between the two regions, due to lack of adequate safeguards in the surveillance framework in the US. If in the reversed scenario, the GC’s emphasis would remain on internal safeguards only, ignoring those in the country with whom data is shared (e.g, USA), such a focus could leave UK residents vulnerable to the misuse of personal data by US authorities, without a remedy.
Endorsing the Legality of Bulk Surveillance
However, the real significance of the case lies in endorsing the legality of mass surveillance. Despite the finding of violation, the majority of the GC declared, just as the regular Chamber did in 2018, that mass-surveillance is not, in principle, unlawful and/or disproportionate. Only one judge of the 17, Judge Pinto de Albuquerque, disagreed with the necessity and proportionality of the bulk interception (separate “Partly Concurring and Partly Dissenting Opinion”, ¶¶ 58-60). While partially concurring Judges Lemmens, Vehabović and Bošnjak argued for more safeguards, they also accepted bulk interception in principle.
In contrast, the GC reinforced the Chamber’s assessment of bulk interception as a “valuable means of protecting against international crime and terrorism” (Chamber Judgment, ¶ 386), by recognising bulk interception is “a valuable technological capacity to identify new threats in the digital domain” (¶ 323). The GC asserted: “Article 8 […] does not prohibit [states’] use of bulk interception to protect national security and other essential national interests against serious external threats” and affirmed that States “enjoy a wide margin of appreciation in deciding what type of interception regime is necessary” (¶ 347).
The ECtHR’s endorsement of mass surveillance operations also became apparent in the related judgment of Centrum för Rättvisa v. Sweden, also delivered on the 25th May 2021. The GC has also found violation of Article 8, but explained that “bulk interception is of vital importance to Contracting States in identifying threats to their national security” and “no alternative or combination of alternatives would be sufficient to substitute for the bulk interception power” (Centrum för Rättvisa ¶ 365). It seems the ECtHR has now made its mind very clear – mass surveillance is ok.
ECtHR Proceduralist Approach: Eight New Criteria
Big Brother Watch (and Centrum för Rättvisa for that matter), focused on safeguards, while validating bulk surveillance operations. This focus reinforces and cements the proceduralist approach to mass surveillance developed in ECtHR’s earlier case law. In particular, the doctrine of “margin of appreciation” affords wide discretion to States when interpreting the ECHR, especially in the context of national security surveillance operations. A primary example is the 2006 case of Weber & Saravia v. Germany, in which the ECtHR rejected a complaint against German legislation that authorised federal intelligence agencies to record foreign telecommunications as part of State’s strategic monitoring operations. In that case, the Court consolidated “six Weber safeguards” for surveillance schemes, requiring domestic law to specify: (1) the nature of offences which may give rise to an interception order; (2) a definition of the categories of people liable to have their communications intercepted (3) a limit on the duration of interception; (4) the procedure to be followed for examining, using and storing the data obtained; (5) the precautions to be taken when communicating the data to other parties; and (6) the circumstances in which intercepted data may or must be erased or destroyed (Weber & Saravia v. Germany ¶ 95).
Big Brother Watch develops “a wider range of criteria than the six Weber safeguards”, requiring domestic law to clearly define:
- the grounds on which bulk interception may be authorised;
- the circumstances in which an individual’s communications may be intercepted;
- the procedure to be followed for granting authorisation;
- the procedures to be followed for selecting, examining and using intercept material;
- the precautions to be taken when communicating the material to other parties;
- the limits on the duration of interception, the storage of interceptmaterial and the circumstances in which such material must be erased and destroyed;
- the procedures and modalities for supervision by an independent authority of compliance with the above