Language of document :

Reference for a preliminary ruling from the Investigatory Powers Tribunal - London (United Kingdom) made on 31 October 2017 – Privacy International v Secretary of State for Foreign and Commonwealth Affairs and Others

(Case C-623/17)

Language of the case: English

Referring court

Investigatory Powers Tribunal - London

Parties to the main proceedings

Applicant: Privacy International

Defendants: Secretary of State for Foreign and Commonwealth Affairs, Secretary of State for the Home Department, Government Communications Headquarters, Security Service Srl, Secret Intelligence Service

Questions referred

In circumstances where:

the SIAs’1 capabilities to use BCD2 supplied to them are essential to the protection of the national security of the United Kingdom, including in the fields of counter-terrorism, counter-espionage and counter-nuclear proliferation;

a fundamental feature of the SIA’s use of the BCD is to discover previously unknown threats to national security by means of non-targeted bulk techniques which are reliant upon the aggregation of the BCD in one place. Its principal utility lies in swift target identification and development, as well as providing a basis for action in the face of imminent threat;

the provider of an electronic communications network is not thereafter required to retain the BCD (beyond the period of their ordinary business requirements), which is retained by the State (the SIAs) alone;

the national court has found (subject to certain reserved issues) that the safeguards surrounding the use of BCD by the SIAs are consistent with the requirements of the ECHR3 ; and

the national court has found that the imposition of the requirements specified in §§119-125 of the judgment of the Grand Chamber in joined cases C-203/15 and C-698/15, Tele2 Sverige AB v Post-och telestyrelsen and Secretary of State for the Home Department v Watson and Others […] (“the Watson Requirements”), if applicable, would frustrate the measures taken to safeguard national security by the SIAs, and thereby put the national security of the United Kingdom at risk;

Having regard to Article 4 TEU and Article 1(3) of Directive 2002/58/EC4 on privacy and electronic communications (the “e-Privacy Directive”), does a requirement in a direction by a Secretary of State to a provider of an electronic communications network that it must provide bulk communications data to the Security and Intelligence Agencies (SIAs) of a Member State fall within the scope of Union law and of the e-Privacy Directive?

If the answer to Question (1) is “yes”, do any of the Watson Requirements, or any other requirements in addition to those imposed by the ECHR, apply to such a direction by a Secretary of State? And, if so, how and to what extent do those requirements apply, taking into account the essential necessity of the SIAs to use bulk acquisition and automated processing techniques to protect national security and the extent to which such capabilities, if otherwise compliant with the ECHR, may be critically impeded by the imposition of such requirements?


1 Security and Intelligence Agencies.

2 Bulk Communications Data.

3 European Convention on Human Rights and Fundamental Freedoms.

4 Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (OJ 2002, L 201, p. 37).