"I am sure that your Lordships will agree that these measures will help to ensure a better informed public debate" as he fast-tracked the Data Retention and Investigatory Powers Bill (Drip) in the House of Lords this week.
The pace with which this legislation has passed through Parliament is quite staggering, giving no opportunity for civil society to provide any input into the debate and barely giving time for members of either house to give it proper scrutiny.
Drip deals with the retention of communications data by communications providers; that is, keeping records of who has contacted whom, when and for how long, but not the content of communications. It also makes alterations to the Regulation of Investigatory Powers Act (Ripa) which permits, with certain safeguards, the interception of communication content by the police and some other bodies. This is all aimed at supporting public authorities in preventing and investigating serious crime and terrorism.
The Government states that the urgency stems from a judgment by the Court of Justice in Europe (CJEU) declaring the EU Data Retention Directive to be invalid, which consequently makes the UK regulations deriving from it also invalid. This meant there was a risk that communications data would be deleted, making it very difficult to carry out investigations.
The urgency is also said to result from communications providers outside the UK resisting compliance with interception requests under Ripa. It is hard to see how these can have been allowed to become urgent. The CJEU judgment was made early in April and the reluctance of communications providers has been growing over a considerable period of time. If it has become urgent, it cannot have happened overnight.
Part of the justification for fast-tracking seems to be the Government's statement that this bill introduces no new powers. This statement is controversial. An open letter to Parliament signed by 15 distinguished internet law academics details five ways in which they believe it extends Ripa, in particular with respect to enforcing the compliance of organisations outside the UK. The European Digital Rights group also states that the Government's claim is "untruthful". The law in this area is very complex and is affected by both Data Protection and Human Rights legislation. This makes it very difficult to say with certainty whether new powers are involved as existing powers are unclear.
The lack of time for scrutiny has meant there has been no debate open to the public on the appropriateness of this bill or of whether it has addressed the concerns arising from the CJEU judgment. Probably the main issue in the judgment is that blanket retention of communications data, relating to everybody and not just suspected criminals giving major insights into the private lives of individuals, is considered to be in breach of the EU Charter and the European Convention on Human Rights (ECHR), with the latter giving rise to the UK Human Rights Act. It is hard to see how the blanket retention mandated in the current bill can be compliant with EU law and the ECHR.
It is accepted that this sort of data is invaluable in the investigation of terrorism and organised crime. However, it is arguable whether the value obtained from blanket collection of data outweighs the invasion of privacy. This, together with necessary safeguards, needs substantial public debate.
Since the Snowden revelations there has been a growing mistrust of government and "authorities" in the area of data and secrecy. While there may be valid reasons for fast-tracking this legislation, these have not been made clear and putting this through Parliament on the day of a major cabinet reshuffle is hardly the way to engender public confidence.
With the other members of the Law Society's Privacy Law Committee, I will monitor developments.