BIG BROTHER WATCH AND OTHERS v. THE UNITED KINGDOM JUDGMENT
If a network operator or service provider is instructed by a public authority to effect
an interference, the data so collected should be communicated only to the body
designated in the authorisation for that interference.”
4. The 2015 Report of the European Commission for Democracy
through Law (“the Venice Commission”) on the Democratic
Oversight of Signals Intelligence Agencies
196. The Venice Commission noted, at the outset, the value that bulk
interception could have for security operations, since it enabled the security
services to adopt a proactive approach, looking for hitherto unknown
dangers rather than investigating known ones. However, it also noted that
intercepting bulk data in transmission, or requirements that
telecommunications companies store and then provide telecommunications
content data or metadata to law-enforcement or security agencies, involved
an interference with the privacy and other human rights of a large
proportion of the population of the world. In this regard, the Venice
Commission considered that the main interference with privacy occurred
when stored personal data were accessed and/or processed by the agencies.
For this reason, the computer analysis (usually with the help of selectors)
was one of the important stages for balancing personal integrity concerns
against other interests.
197. According to the report, the two most significant safeguards were
the authorisation (of collection and access) and the oversight of the process.
It was clear from the Court’s case-law that the latter had to be performed by
an independent, external body. While the Court had a preference for judicial
authorisation, it had not found this to be a necessary requirement. Rather,
the system had to be assessed as a whole, and where independent controls
were absent at the authorisation stage, particularly strong safeguards had to
exist at the oversight stage. In this regard, the Venice Commission
considered the example of the system in the United States, where
authorisation was given by the FISC. However, despite the existence of
judicial authorisation, the lack of independent oversight of the conditions
and limitations set by the court was problematic.
198. Similarly, the Commission observed that notification of the subject
of surveillance was not an absolute requirement of Article 8 of the
Convention, since a general complaints procedure to an independent
oversight body could compensate for non-notification.
199. The report also considered internal controls to be a “primary
safeguard”. Recruitment and training were key issues; in addition, it was
important for the agencies to build in respect for privacy and other human
rights when promulgating internal rules.
200. The report acknowledged that journalists were a group which
required special protection, since searching their contacts could reveal their
sources (and the risk of discovery could be a powerful disincentive to
64