1.

INTRODUCTION

Genesis of the Review
1.1.

The Data Retention and Investigatory Powers Act 2014 [DRIPA 2014] completed its
parliamentary passage in just four days, receiving Royal Assent on 17 July 2014.
Emergency legislation was said to be needed in order to ensure that UK law
enforcement and security and intelligence agencies could maintain their ability to
access the telecommunications data they need to investigate criminal activity and
protect the public. As part of the political agreement that secured cross-party support
for the Bill, the Home Secretary was required (by DRIPA 2014 s7) to “appoint the
independent reviewer of terrorism legislation to review the operation and regulation of
investigatory powers”. This Report is the outcome of that Review.

1.2.

I am required to consider, in particular:

1.3.

“(a)

current and future threats to the United Kingdom;

(b)

the capabilities needed to combat those threats;

(c)

safeguards to protect privacy;

(d)

the challenges of changing technologies;

(e)

issues relating to transparency and oversight;

(f)

the effectiveness of existing legislation (including its proportionality) and
the case for new or amending legislation.”1

The Review was to be completed so far as reasonably practicable by 1 May 2015,
and a report sent to the Prime Minister as soon as reasonably practicable after
completion.2 This report is up to date to 1 May 2015, and was sent to the Prime
Minister on 6 May 2015. On receipt, the Prime Minister is obliged to lay a copy of the
Report before Parliament, together with a statement as to whether any matter had
been excluded from it on the basis that it seemed to him to be “contrary to the public
interest or prejudicial to national security”.3

Context of the Review
Data retention and extraterritoriality
1.4.

The two matters said to justify the emergency passage of DRIPA 2014 were:
(a)

1
2
3
4
5

the April 2014 ruling of the Grand Chamber of the Court of Justice of the
European Union [CJEU] in the Digital Rights Ireland case,4 [Digital Rights
Ireland], declaring invalid the EU Data Retention Directive5 which provided

DRIPA 2014, s7(2).
DRIPA 2014, s7(3)(4).
DRIPA 2014, s7(5)(6).
Joined Cases C-293/12 and C-594/12 Digital Rights Ireland and Seitlinger and others, EU:C:2014:238.
Directive 2006/24/EC: [EU Data Retention Directive].

15

Select target paragraph3