National Council for Civil Liberties, R (On the Application Of) v Secretary of State for the Home Department & Anor

Factual and Procedural Background

This appeal concerns a challenge by the Appellant, a civil liberties organisation, to the compatibility of various Parts of the Investigatory Powers Act 2016 ("the Act") with Articles 8 and 10 of the Convention for the Protection of Human Rights and Fundamental Freedoms ("the Convention") and with retained European Union ("EU") law. The Act regulates investigatory powers including interception of communications, equipment interference, acquisition and retention of communications data, and bulk personal datasets. The appeal particularly focuses on "bulk powers" which are not targeted at individuals and equipment interference warrants under Part 5, which can be directed at groups or activities.

The procedural history spans over six years and includes three substantial Divisional Court judgments addressing compatibility with EU law and the Convention. The Divisional Court considered issues in stages: the first EU law judgment focused on Part 4 of the Act; the Convention judgment addressed human rights challenges; and the second EU law judgment dealt with remaining EU law issues. The litigation was influenced by the European Court of Human Rights Grand Chamber decision in Big Brother Watch v United Kingdom, which found violations of Articles 8 and 10 in relation to a predecessor statute. The respondents have proposed remedial amendments to the Act in light of that decision.

The appeal raises eight grounds: five relate to the Convention judgment and three concern EU law challenges. The Divisional Court has granted permission to appeal on these grounds.

Legal Issues Presented

1. Whether the safeguards in the Act, particularly regarding bulk interception and equipment interference warrants, provide adequate protection under Articles 8 and 10 of the Convention.
2. Whether the Act’s provisions sufficiently protect confidential journalistic material and sources consistent with Article 10.
3. Whether the arrangements governing sharing of material with overseas authorities comply with Articles 8 and 10.
4. Whether Part 7 of the Act concerning bulk personal datasets is sufficiently precise and contains adequate safeguards under Article 8.
5. Whether the Act provides adequate safeguards for legally privileged communications under Article 8.
6. Whether Parts 3, 4, 5 and 6 of the Act comply with retained EU law prohibiting general and indiscriminate data retention.
7. Whether prior independent authorisation is required each time data is accessed under retained EU law.
8. Whether provisions of the Act comply with equivalent rights under Articles 7 and 11 of the EU Charter of Fundamental Rights.

Arguments of the Parties

Appellant's Arguments

• The Act lacks critical safeguards identified by the Grand Chamber in Big Brother Watch, including the specification of categories of search terms and prior internal authorisation of "strong selectors" (search terms linked to identifiable individuals) across Parts 5 and 6.
• There is no adequate safeguard preventing examination of secondary data referable to individuals in the British Islands, leading to insufficient protection.
• The Act’s definitions of journalistic material unduly restrict protections, excluding material acquired for criminal purposes, thus weakening Article 8 and 10 protections.
• The safeguards for sharing material with overseas authorities are discretionary and thus insufficiently regulated by law.
• Part 7’s broad scope and discretionary retention provisions fail the foreseeability requirement under Article 8 and lack safeguards for deletion, disclosure, and copying.
• There is no requirement for prior independent authorisation before selectors identifying legally privileged information are used, contrary to case law.
• The Act’s provisions amount to general and indiscriminate data retention under retained EU law, requiring additional safeguards.
• Prior independent authorisation is required for every access to data, not only at warrant issuance.
• The Act is incompatible with the Charter where it fails to comply with the Convention.

Respondents' Arguments

• The Grand Chamber’s findings in Big Brother Watch relate to RIPA and cannot be directly applied to the Act, which contains different and strengthened safeguards.
• The Act’s "double-lock" system, requiring Secretary of State and Judicial Commissioner approval, provides adequate safeguards, including necessity and proportionality assessments.
• The distinction between content and communications data justifies different safeguards; communications data is less intrusive and does not require prior internal authorisation of strong selectors.
• The Act’s definitions of journalistic material do not improperly restrict protections; material acquired for criminal purposes is appropriately excluded.
• The discretionary power to make arrangements for sharing material with overseas authorities must be interpreted in context, requiring adequate safeguards consistent with Articles 8 and 10.
• Part 7 regulates retention and examination of bulk personal datasets already obtained under other powers and contains clear, detailed safeguards including judicial oversight.
• The Act’s provisions do not amount to general and indiscriminate retention under retained EU law.
• Prior independent authorisation at the warrant stage suffices for access under retained EU law; repeated authorisation is not required.
• The Charter rights correspond to Convention rights; since the Act complies with the Convention, no breach of the Charter arises.

Table of Precedents Cited

Court's Reasoning and Analysis

The court undertook a detailed, multi-faceted analysis of the Act’s provisions against the standards set by Articles 8 and 10 of the Convention, the Grand Chamber decision in Big Brother Watch, and retained EU law.

It emphasized the necessity of assessing the totality of the safeguards at each stage of the investigatory process, including warrant application, approval, examination of material, storage, use, and oversight. The court recognized that the Act introduced significant improvements over the predecessor legislation (RIPA), notably the "double-lock" system requiring both Secretary of State and Judicial Commissioner approval, which was absent under RIPA.

In relation to bulk interception warrants (Part 6 Chapter 1), the court found that the statutory requirements to specify operational purposes, the detailed application process, and prior independent judicial approval provide adequate and effective safeguards. The court was satisfied that these meet the aims identified in Big Brother Watch concerning identification and control over selectors and search terms.

For bulk acquisition warrants (Part 6 Chapter 2), which concern communications data rather than content, the court accepted that different safeguards are appropriate. The Act’s provisions, including necessity and proportionality tests and judicial oversight, were deemed sufficient to guard against arbitrariness.

Regarding bulk equipment interference warrants (Part 6 Chapter 3), the court acknowledged the absence of prior internal authorisation for strong selectors but concluded the totality of safeguards, including judicial approval and operational constraints, were adequate. Given the lack of evidence on practical operation, the court remitted the question of safeguards relating to examination of journalistic material under these warrants to the Divisional Court.

The court found that targeted equipment interference warrants under Part 5 provide sufficient detail in applications, prior independent judicial approval, and appropriate safeguards for confidential journalistic material and legally privileged information.

On the protection of confidential journalistic material and sources, the court held that the amended provisions of the Act satisfy Article 10 requirements, including the introduction of prior independent authorisation where criteria highly likely identify such material. The court rejected contentions that the Act’s definitions unduly restrict protection.

The court examined the arrangements for sharing material with overseas authorities and concluded that statutory provisions and codes of practice require adequate safeguards consistent with Articles 8 and 10. The discretion afforded to the Secretary of State must be exercised compatibly with Convention rights and cannot be unfettered.

Regarding legally privileged material, the court found that the Act’s multiple layered safeguards, including senior official approval and oversight by the Investigatory Powers Commissioner, provide adequate protection. It rejected the appellant’s argument for a general requirement of prior independent authorisation.

In relation to Part 7 concerning bulk personal datasets, the court emphasized that these provisions regulate retention and examination of datasets obtained under other powers and do not authorize acquisition. The court found that detailed statutory provisions and codes of practice provide clear, foreseeable rules and adequate safeguards, including judicial oversight and proportionality assessments. The court identified one deficiency: the absence of publicly accessible safeguards governing transfers of bulk personal datasets to overseas authorities, which may violate Article 8.

On retained EU law grounds, the court agreed with the Divisional Court that the Act does not permit general and indiscriminate data retention as prohibited by EU law. It held that prior independent authorisation at the warrant stage suffices for access to data and that repeated authorisation is not required.

Finally, the court noted that since no breach of the Convention was found (except the one caveat regarding overseas transfer of bulk personal datasets), no remedy is necessary under the Charter of Fundamental Rights.

Holding and Implications

The court DISMISSED the appeal in its entirety, with two exceptions:

• It found that the arrangements governing transfer of material from bulk personal datasets to overseas authorities are not in accordance with law and thus violate Article 8 of the Convention due to the absence of publicly accessible safeguards. The court invited submissions on the appropriate remedy for this issue.
• The court remitted to the Divisional Court the question of whether Chapter 3 of Part 6 (bulk equipment interference warrants) provides adequate safeguards for protection of a journalist's sources or confidential journalistic material when communications are obtained by such warrants, due to lack of evidence on their operation.

There are no broader implications or new precedent set beyond the application of established principles to the Act’s provisions. The decision confirms the compatibility of the bulk and targeted investigatory powers in the Act with Articles 8 and 10 of the Convention and retained EU law, subject to the noted exceptions.