The UK’s bulk interception powers, exposed by the whistleblower Edward Snowden, have been found to be illegal by the European Court of Human Rights.
In a landmark judgement, the court ruled agencies had violated rights as there were no proper safeguards.
The court crucially said bulk interception was legitimate and it had seen no evidence it had been abused.
Parliament reformed surveillance powers in 2016 and introduced a new watchdog. Critics say the system is still flawed.
What were the powers being challenged in court?
In 2013, Edward Snowden revealed that GCHQ – the UK’s eavesdropping agency – had been secretly collecting communications sent over the internet on an industrial scale.
Image copyright AFP/Getty Images Image caption The European Court of Human Rights in Strasbourg
The court also criticised powers to ask internet companies to hand over “communications data” – the basic technical facts of how people have exchanged information.
It said: “The content of an electronic communication might be encrypted and, even if it were decrypted, might not reveal anything of note about the sender or recipient.
“The related communications data, on the other hand, could reveal the identities and geographic location of the sender and recipient and the equipment through which the communication was transmitted.
“In bulk, the degree of intrusion is magnified, since the patterns that will emerge could be capable of painting an intimate picture of a person through the mapping of social networks, location tracking, internet browsing tracking, mapping of communication patterns, and insight into who a person interacted with.”
Is this system still in force?
In 2016, Parliament passed the Investigatory Powers Act in a massive overhaul of surveillance law.
A government spokeswoman said it would give “careful consideration” to the judgement – but added that new safeguards were already in place.
“The Investigatory Powers Act 2016 replaced large parts of the Regulation of Investigatory Powers Act (RIPA) which was the subject of this challenge,” she said.
“This includes the introduction of a ‘double lock’ which requires warrants for the use of these powers to be authorised by a secretary of state and approved by a judge.
“An Investigatory Powers Commissioner has also been created to ensure robust independent oversight of how these powers are used.”
UK surveillance powers explained
But Jim Killock of Open Rights Group – one of the bodies behind the challenge – said: “Viewers of the BBC drama, Bodyguard, may be shocked to know that the UK actually has the most extreme surveillance powers in a democracy.
“Since we brought this case in 2013, the UK has actually increased its powers to indiscriminately surveil our communications whether or not we are suspected of any criminal activity.
“In light of today’s judgment, it is even clearer that these powers do not meet the criteria for proportionate surveillance and that the UK government is continuing to breach our right to privacy.”
Silkie Carlo, of Big Brother Watch, added: “This landmark judgment confirming that the UK’s mass spying breached fundamental rights vindicates Mr Snowden’s courageous whistleblowing.”
Lord David Anderson QC, the former independent terror laws watchdog, said that judgement was “enormously important” because the court had backed the use of bulk interception powers that had so worried Edward Snowden.
“That should come as a relief – not only to the agencies who do this work, but the rest of us who they are trying to keep safe,” he told BBC Radio 4’s The World At One.
“I have looked pretty carefully at this over a number of years and there is no doubt in my mind that these powers are very useful – not just in counter-terrorism, but in cyber defence and at a much more everyday level they are useful for the police in fighting online sex crime, county lines and in a missing persons investigation.
“What they [the judges] are doing are holding the feet of our new super regulator to the fire, and saying if you are going to give government these powers, then you have to look really closely at how they are authorised, how they are used and what happens to the data after it’s been collected.”