BIG BROTHER WATCH & OTHERS v. THE UNITED KINGDOM
Author: João Victor Stuart
GHRD Coordinator: International Justice and Human Rights team
LLB Federal University of Rio de Janeiro, Brazil.
On 25th May, 2021, the chambers of the European Court of Human Rights delivered a landmark decision regarding the link between surveillance issues and Human Rights in Europe.
Briefly, the case assessed the inadequacy of several UK laws that allowed the British intelligence organs to spy on people’s internet communications and contents in regards to the rights of privacy and freedom of expression (Privacy International, 2021). The so-called “Bulk interception” strategy of the UK government managed to collect a high amount of people’s private data that revealed a wide range of personal information such as citizens’ political views and sexual orientation (Amnesty International, 2021).
The case sparked after Edward Snowden’s revelations in 2013 about the work of a British governmental agency called GCHQ. According to his comments, this organ was secretly intercepting personal data of millions, yet most of them were not interesting or useful for intelligence agencies (Amnesty International UK, 2021). Snowden unveiled that the information collected and stored by the UK government showed the most intimate aspects of a person’s private life, such as where they go, who they contact, which internet sites they visit and when (Amnesty International UK, 2021).
These revelations resulted in a lawsuit that ended up reaching the UK’s Investigatory Powers Tribunal (IPT), an independent judicial body that hears claims against GCHQ. During the proceedings at the IPT, the investigation divulged that GCHQ illegally spied on communications of important Human Rights organisations both inside the UK and abroad, such as Amnesty International and the South African organisation Legal Resources Centre (Amnesty International UK, 2021). Nevertheless, IPT ruled in favour of GCHQ’s data practise policy by saying that it did not contradict UK’s human rights obligations (Amnesty International UK, 2021).
Several organisations, namely American Civil Liberties Union and Privacy International, have challenged this decision before the European Court of Human Rights (ECHR) and the Court only partially convicted the UK for breaching the European Convention of Human Rights in 2018. For this reason, the applicants decided to take the case to the ECHR’s Grand Chamber (Amnesty International UK, 2021).
Jurisdiction of the ECHR
As mentioned before, the applicants, several organisations that support the cause of Human Rights in the digital space, lodged an application before the European Court of Human Rights to quash the previous decision of the IPT.
The European Court of Human Rights is an international judicial body set up in 1959 in Strasbourg, France. Its main function is to rule on individual or State applications alleging violations of the civil and political rights set out in the European Convention on Human Rights (European Court of Human Rights, 2020a). The Court’s jurisdiction spreads all over the 47 European States of the Council of Europe, and it can examine cases involving not only the citizens of these countries but also anyone who is present in their jurisdiction (European Court of Human Rights, 2020a).
The United Kingdom is a State party to the Council of Europe and, therefore, it is bound to the jurisdiction of the Court. For this reason, the applicants relied upon Article 8 (right to respect for private and family life) and Article 10 (Freedom of expression). Firstly, their claims pointed to an illegal attitude of the UK government to gather and retain private information of people from communication services, which failed to respect the requirement of “in accordance with the law” brought by text of Article 8 of the ECHR (Zalnieriute, n.d.). Furthermore, the applicants also claimed a breach of Article 10 because the acquisition of private information by the UK government did not encompass safeguards concerning the assessment of journalistic sources and confidential journalistic material (Zalnieriute, n.d.).
Dr. Eliza Watt, lecture in law at the Middlesex University of London, has pointed out that the Grand Chamber ruling in this case represents an encouragement for the Countries of the Council of Europe to continue to deploy mass surveillance in their investigations as a method to repress transnational crime and terrorism (Watt, 2021). Yet, according to her, this is not the biggest achievement of this decision. She explains that the decision’s most innovative approach lies in the fact that the Court lays down procedural safeguards for states to add to their respective national legislations on surveillance systems, which did not exist before (Watt, 2021).
The ECHR’s Jurisprudence on Bulk Interceptions and the Right to Privacy.
In Roman Zakharov v. Russia, in 2015, a chief editor of a Russian publishing company and chairperson of an NGO that fights to strengthen freedom of expression in the country lodged an application before the European Court of Human Rights. He claimed that the Russian legislation obliged mobile network operators settled in the country to install equipment that enabled law-enforcement agencies to conduct blanket interventions on civilians’ communications, without observing necessary safeguards under the Russian law (European Court of Human Rights, 2021b).
The Court handed down a decision stressing that Russia’s surveillance system violated Article 8 of the European Convention of Human Rights.
The Court explained that, despite the legitimate character of communication interception in searching for information that may help governments to preserve the country’s national security and public order, Russia had to equip its surveillance law with adequate and effective safeguards to prevent individuals from suffering abuses (De Hert, Cristobal Bocos, 2015). As these requirements were inexistent, authorities could easily promote disproportionate and illegal measures to surveil private communications, amounting to arbitrariness and abuse (De Hert, Cristobal Bocos, 2015). The judges added that violations were even more likely to occur, particularly in Russia, because public authorities there had direct access to all mobile telephone communications, which facilitates for them to skip any judicial constraints to assess private information (De Hert, Cristobal Bocos, 2015).
The lack of appropriate safeguards transforms these interceptions into unnecessary decisions, breaching the second paragraph of Article 8. For something to be seen as “necessary in a democratic society”, it should create more benefits than damages to society, which is not the case here, once these interceptions endanger the right to privacy and freedom of expression, without implementing legal constraints (De Hert, Cristobal Bocos, 2015).
Moreover, the Court also stated that the Russian law breached Article 8 because it reduced the possibility to challenge communication interception to only those who had proof of interception (De Hert, Cristobal Bocos, 2015). Those who did not have proof could not communicate illegal interceptions, as the same law did not provide citizens with any sort of notification about interception decisions. At the time of this case-law, the Court had already consolidated that Article 8 binds national governments to provide its people with a minimum amount of information about the surveillance decision, such as the date of its adoption and the authority that issued it (European Court of Human Rights, 2020e).
In this sense, although Mr. Zakharov had tried to sue the government for its abusive interception, the domestic court rejected once he could not provide proof, which, under the eyes of the ECHR judges, amounted to a clear violation of his right to private information and right to access to justice (De Hert, Cristobal Bocos, 2015).
In conclusion, this case-law shed a light on the importance of adding a robust judicial authorization that verifies the true existence of a suspicion against someone before the executive branch decides to surveil this person. Furthermore, it reinforces the participation of domestic judges in assessing the capacity to assess the proportionality and necessity of surveillance measures (De Hert, Cristobal Bocos, 2015). Lastly, from the point of view of the ECHR’s judges, surveillance frameworks must possess a notification control to inform individuals subjected to surveillance measures about the proceedings taken by authorities, and thus enable them to possibly challenge its lawfulness.
In Szabó and Vissy v. Hungary, the applicants complained that the 2011 Hungarian anti-terrorism legislation enabled the country’s National Security Service to access secret content and recordings of electronic communications without the knowledge or consent of the persons affected for national security purposes (Szabo v. Hungary (Hungary Mass Surveillance) | Privacy International, n.d.).
Privacy International intervened in this case and denounced the flawed dispositive brought by the Hungarian law that subjected the exercise of massive surveillance mechanisms to a discretionary choice of governmental bodies. Because of this non-mandatory requirement, law-enforcement agencies could always choose to deploy online surveillance without having to fulfil legal conditions based on International Human Rights documents ratified by Hungary, such as the ECHR (Szabo v. Hungary (Hungary Mass Surveillance) | Privacy International, n.d.).
For all these reasons, the Hungarian anti-terrorism legislation encouraged authorities to conduct unjustified and disproportionate investigations of people’s private online data and communication. In essence, the European Court of Human Rights has convicted Hungary for breaching Article 8 of the European Court of Human Rights for following reasons.
While the Court acknowledged that resorting to cutting-edge surveillance technologies is a natural behaviour of governments to try to curb terrorist threats, it disagreed that the Hungarian legislation provided citizens with sufficient safeguards against abuse (European Court of Human Rights, 2021b). More specifically, the Court highlighted that as the technologies used by the government could reach an immense number of people, they carried out a risk of wrongly intercepting masses of data of persons outside of the original range of operation (European Court of Human Rights, 2021b).
Furthermore, the judges stressed the erroneous approach of the anti-terrorist law in not incorporating any judicial control over the data investigation process. They asserted that excluding domestic judges from the realm of this process prevented them from assessing whether the legislation’s provisions that allowed the country’s Anti-terrorist Task Force to intercept personal data and communication was indeed necessary (European Court of Human Rights, 2021b).
Hence, the ECHR’s jurisprudence makes evident that national security laws that employ surveillance and data interception programmes must fulfil Article 8’s requirements about being “necessary in a democratic society” as well as provide effective judicial remedies and supervision to tackle abuses.
Mass Surveillance Regulation in the UK.
In October 2015, the Court of Justice of the European Union handed over a decision that impeded the data-sharing agreement that would enable private data of EU citizens to be shared with US companies (Lubin, 2018). The Court stressed that Edward Snowden’s revelations about how the US intelligence agency treated personal information made the data sharing impossible, since the judges could not be sure about the adequate and safe processing of the data of European Citizens by North-American corporations (Lubin, 2018).
The EU Court of Justice has set a solid precedent that convinced Europeans about a future in which Europe would resist resorting to mass illegal surveillance to satisfy exaggerated security concerns. Nevertheless, since 2015, Europe’s most powerful nations, such as Germany and France, have been driving themselves to the opposite direction (Lubin, 2018).
Marc Trévidic, the former chief terrorism investigator for the French judicial system, has stated that (Calvi, 2015):
“If an intelligence law is not well-conceived and rational, it could easily become a formidable weapon of repression. An intelligence law should not only protect citizens against terrorism, but also against the State. We in France are doing neither. There is a total absence of control in this law.”
Mr. Trévidic’s citation demonstrates France’s, and other European countries’, effort to pave the way towards the expansion of mass surveillance in the region. Asaf Lubin defines this pattern as a result of the modern Europe, a place engulfed by populist messages and public outrage surrounding ongoing debates, such as the refugee crisis, terrorism and heightened security concerns (Lubin, 2018).
He explains that this scenario is pushing local parliamentarians to pass domestic and foreign surveillance laws that ignore minimum human rights parameters and safeguards that took years for the European Court of Human Rights to solidify in its jurisprudence.
The current UK regulation of governmental surveillance is also a result of this tendency. The Investigatory Powers Act 2016 (IPA) is a law that grants a Bulk interception warrant for the Government Communications Headquarters (GCHQ), the same agency involved in the Big Brother case, to acquire and interfere on overseas-related communications and communications systems. It compromises all that information sent or received by individuals who find themselves outside of the UK (Lubin, 2018). In essence, this law authorises this agency to catch personal data directly from private computers outside of the British territory and disclose it (Lubin, 2018).
However, despite the broad capacity of GCHQ to collect and disclose foreign data through warrants, the Act does not provide any sort of notification or reporting requirements for bulk warrants to do so (Lubin, 2018). It means that the owners of the data processed by the warrants never get the chance to know that the UK government is assessing their personal information (Lubin, 2018). Furthermore, the Act fails in not informing available judicial remedies for people who live overseas to challenge the actions that stem from the warrant (Lubin, 2018).
Another problematic feature brought by the Investigatory Powers Act is the capacity of the government to force communication service providers to breach encryption limits when they are asked to do so (Carey, 2019). Encryption is a sophisticated technique that transforms readable online data and communication into incomprehensible text, also known as ciphertext (Attention Required! | Cloudflare, n.d.). Scrambling words and symbols online is an effective alternative to preserve people’s privacy, since it stops hackers and other sort of invaders from accessing this confidential information (Attention Required! | Cloudflare, n.d.).
A specific type of encryption, the so-called end-to-end encryption, means that data is encrypted all the way between those who are texting. It prevents messaging providers, such as email providers, from seeing what people are actually talking about at that moment. Then, if a law-enforcement agency decides to force that provider to open up these communications through a warrant, concerning end-to-end encryption, it is not possible, since the provider cannot access the messages, which makes the warrant useless (Kleppmann, 2015). Therefore, an end-to-end encryption mechanism prevents law-enforcement agents from illegally accessing people’s information, as a warrant would not be enough to access the information.
Nevertheless, the UK Act places a duty on communication service providers to overcome end-to-end encryption when they are issued a warrant. Interpreters say that this exception follows some kind of a backdoor that permits this protection to be broken (Kleppmann, 2015).
The tendency to decrypt message apps and email providers to attend surveillance investigations has been gaining more and more ground in the UK since the March 2017 terrorist attack outside of the Houses of Parliament in London, which prompted a more aggressive rejection towards encryption from some politicians (Open Technology Institute, 2017). Many interpreted Theresa May’s party manifesto concerning the importance of eliminating online safe spaces for terrorists as a legitimate statement of persecution against encryption (Open Technology Institute, 2017)
Whilst national security must play an important role on every country’s domestic agenda, the investigatory bill does not define which technologies would comply with its new security standards and which of them violate these rules (Kleppmann, 2015). As a result, it leaves a wide space for different types of interpretation, which proves that this legislation is vague and contains ambiguous provisions (Kleppmann, 2015).
Consequently, according to Tony Anscombe, senior security evangelist at information security firm Avast, this effort by the UK government to enlarge surveillance by decrypting private messages, such as Whatsapp conversations, represents a dangerous threat as it renders everyone’s privacy vulnerable to abusive interference (Hern, 2017).
An Overview of the International Human Rights Law Regime in regards to Mass Surveillance.
Article 17 of the International Covenant of Civil and Political Rights (ICCPR) states the meaning of the right to privacy as follows:
“No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation” (OHCHR | International Covenant on Civil and Political Rights, n.d.).
The UN Human Rights Committee’s General Comment on Article 17 explains the appropriate interpretation of the words “arbitrary or unlawful” interference. Firstly, the term “unlawful” refers to those kinds of governmental interference on the right to privacy that are not envisaged by the local legislation. It means that all the restrictions aimed towards the right to privacy must comply with previous legal provisions as well as with the terms, aims and objectives of the ICCPR (OHCHR, n.d.).
In regards to the “arbitrary” interventions on the right to privacy, the Committee answered that they consist of those that are in accordance with the law, but are unreasonable, unnecessary and disproportionate at the same time (OHCHR, n.d.). For this reason, in addition to legitimising itself in the law, restrictions to the right to privacy must accord with the provisions, aims and objectives of the ICCPR and should be reasonable in the particular circumstances (OHCHR, n.d.).
In this sense, the surveillance of digital communication, as a form of privacy intervention, must base itself on previous domestic legal requirements, which must be publicly accessible, clear, precise, comprehensive and non-discriminatory (Privacy International, 2019). Additionally, mass surveillance measures must encounter limits in regards to necessity and proportionality, and pursue a legitimate aim that justifies this restriction of privacy (Privacy International, 2019).
A “legitimate aim” is often defined by countries as a synonym of “national security” or “public order”. By contrast, Frank La Rue, the UN Special Rapporteur on Freedom of Expression, stated that (Article 19, 2014):
“The use of an amorphous concept of national security to justify invasive limitations on the enjoyment of human rights is of serious concern. The concept is broadly defined and is thus vulnerable to manipulation by the State as a means of justifying actions that target vulnerable groups such as human rights defenders, journalists, or activists. It also acts to warrant often-unnecessary secrecy around investigations or law enforcement activities, undermining the principles of transparency and accountability”.
Hence, the deployment of intrusive surveillance, such as the capacity of British law-enforcement authorities to access and store data from computers even outside of the UK, cannot be justified by vague and imprecise terms (Article 19, 2014). On the contrary, due to their potential to create damages to people’s private lives, intelligence authorities must sustain their choice for surveillance technologies based on solid evidence that there is a real threat to an important legally-protected interest, such as the existence of something that endangers the very existence of the state (Article 19, 2014).
When it comes to the requirements of necessity and proportionality, they coexist in Human Rights law. It means that a public policy, for example, cannot be deemed necessary without filling in the proportionality gaps. While “necessity” in this context means the ability of something to attend “a pressing social need”, “proportionality” refers to the capacity of safeguarding that the disadvantages brought by the restriction of a fundamental right will not outweigh its aim to fulfil that relevant social need (Necessity & Proportionality, n.d.).
The Human Rights Committee has stated that restrictive measures applied to fundamental rights must also “be the least intrusive instruments amongst those, which might achieve the desired result; and they must be proportionate to the interest to be protected” (Article 19, 2014).
In the context of mass surveillance, guaranteeing proportionality is an indispensable step for authorities to not over shrink people’s right to privacy. For instance, a few years ago the European Court of Justice (ECJ) ruled that an EU Directive, that demanded Internet Service providers (ISPs) to store telecommunication data so that the organisation could use it to facilitate the investigation and prosecution of criminals, violated Articles 7 and 8 of the European Convention on Human Rights (Columbia Global Freedom of Expression, 2018).
The ECJ stated that once the directive did not specify the conditions and circumstances of the data storage and the obligations of both ISPs and security agencies that accessed the private information. Consequently, it failed to pass the proportionality test as it could target the entire EU population, interfering with the fundamental rights of all these people for an untold length of time (Columbia Global Freedom of Expression, 2018).
The vague and blanket content of the EU directive allowed local authorities to even store data of people where there was no evidence of criminal behaviour (Columbia Global Freedom of Expression, 2018).
This example illustrates why mass surveillance, by its very nature, lacks any form of targeting or selection, permitting law-enforcement officials to freely access and sometimes weaponize private data. To counterbalance this disproportionate nature of mass surveillance, Human Rights law urges states to defer decisions relating to mass surveillance to an independent and competent judicial authority (Article 19, 2014).
Furthermore, under International Human Rights Law, the principles of user-notification plays an important role in securing those whose data is being assessed by the government the right to effective remedies (Article 19, 2014). Without timely communication, these individuals cannot know their private life is being investigated, and, consequently, they usually fail to effectively challenge or seek remedies to prevent intrusive and disproportionate surveillance (Article 19, 2014).
The IPA’s permission for authorities to widely process and store data from non-British citizens overseas without notifying them goes against all these previous requirements. Despite reserving a previous authorization or warrant from a judicially competent authority for the surveillance to happen, the bill still omits the obligation of the UK government to inform people outside of the UK about the fact that their data is being analysed (Lubin, 2018). Thus, it prevents them from identifying wrongful behaviours of the UK government, and then, challenges them before a competent court, limiting ex post facto effective judicial oversight (Lubin, 2018).
In the final judgment, the European Court of Human Rights (ECHR) has affirmed that given the proliferation of online threats to national security, mainly posed by terrorist organisations that can escape some forms of technological detection, the governmental choice to deploy bulk information is not in itself illegal (European Court of Human Rights, 2021e). The judges have stated that states possess discretion to determine which kind of surveillance scheme better fits them to ensure their national security, including bulk interception (European Court of Human Rights, 2021e).
Nevertheless, the Court acknowledged that surveillance regimes must adapt themselves to reflect and address the inherent potential of bulk surveillance to further abuse restriction of private information. In addition, the Court stressed that the bulk interceptions must carry out “end to end safeguards” (European Court of Human Rights, 2021e). It means that, before deciding to store private information on a grand scale, the domestic legislation that disciplines this resource has to establish an assessment of the necessity and proportionality of the measures being taken in regards to each one of the stages of the bulk interception process (European Court of Human Rights, 2021e).
Moreover, at the moment it was defining the object and scope of the bulk interception operation, the same domestic legislation had to subject the bulk interception to an independent authorisation as well as allowed a supervision and independent ex post facto review (European Court of Human Rights, 2021e).
When it comes to the UK case, the Court commented that the IPA, the domestic legislation that regulates the bulk surveillance measures, failed for two main reasons. Firstly, it did not subject the warrant that allows law-enforcement authorities to penetrate people’s private information to an independent authorisation (European Court of Human Rights, 2021e). Secondly, it failed to add to the categories of search terms (“selectors”) in the application for a warrant, which prompt the bulk surveillance to spy on people who lack criminal evidence, which attests an unnecessary, and consequently, disproportionate act (European Court of Human Rights, 2021e).
Although the IPA contained robust judicial remedies provided by the Interception of Communications Commissioner, an official responsible for providing independent oversight of intelligence service activities, and the Investigatory Powers Tribunal, a judicial body in which citizens can challenge wrongful interferences on their private communication, these were not enough to balance the flawed and hazardous regime of surveillance in Britain (European Court of Human Rights, 2021e).
In conclusion, as the surveillance regime in the UK did not have sufficient safeguards to offset its severe restriction on privacy, the Court ended up classifying it as “incapable of keeping the ‘”interference’” with citizens’ private life rights to what had been ‘”necessary in a democratic society’”. For this reason, the Court determined that bulk interception in the UK violated Article 8 of the European Convention of Human Rights (European Court of Human Rights, 2021e).
In respect to the allegations of the applicants that the British regime of data acquisition storage of personal data failed to be “in accordance with the law”, referring to the requirements of Article 8, the Court agreed with this claim and condemned the UK government for violating the referred article (European Court of Human Rights, 2021e).
About the allegations concerning Article 10 and how the bulk interception regime affected the right to freedom of expression, the Court concluded that Section 8(4) of this programme restricted the freedom of expression of journalists, despite the lack of intention of the interception regime to monitor these professionals and uncover their sources (Sharma, 2019).
The Court stated that interfering on journalist information must meet “justified by an overriding requirement in public interest.” (Sharma, 2019). It means that authorities must explain why delving into journalist sources is so important and necessary to attend a public interest (Sharma, 2019). In order to fill in this rule, the Court added that the surveillance initiative must implement in regards to this journalist information “sufficient safeguards relating both to the protection to the circumstances in which they may be selected intentionally for examination and to the protection of confidentiality where they have been selected for examination.” (Sharma, 2019).
The Court replied to the allegations saying that the bulk interception regime lacked these transparency and selecting communication exigencies.
Furthermore, the Court added that the current Investigatory Powers Act does not contain “special provisions restricting access to the purpose of combating ‘serious crime’”, which means that the legislation does not provide enough oversight to avoid collateral damages to journalists just because it aimed to tackle serious crime (Sharma, 2019). Essentially, this Act sacrificed the right to freedom of expression of journalists to raise national security without demonstrating the necessity behind this. As the Court determined that the law did not afford a sufficient and appropriate amount of protection to journalists it concluded that it breached Article 10 (Sharma, 2019).
This case’s decision is a step towards the enforcement of the Human Right to privacy and freedom of expression in the digital space, and a guiding element in relation to the correct functioning of mass surveillance regimes. Some important things to mention about the decision are that, firstly, the Court rendered the mass surveillance practise as a legitimate practise of states under the auspices of the margin of appreciation (Watt, 2021). Secondly, the judment set out the conditions that every bulk interception regime must satisfy in order to align with the exigencies of Article 8 (Watt, 2021). Lastly, although the decision restricted the UK’s current surveillance approach, by interpreting the words of judge Pinto De Albuquerque that stated “the GC judgement has just opened the gates for an electronic “Big Brother” in Europe”, we can realize the non-ideal outcome of the aforementioned case for many civil liberties defenders (Watt, 2021).
Amnesty International UK. (2021, May 25). UK: Landmark ruling confirms GCHQ mass surveillance violated human rights. Retrieved October 11, 2021, from https://www.amnesty.org.uk/press-releases/uk-landmark-ruling-confirms-gchq-mass-surveillance-violated-human-rights
Amnesty International. (2021, August 17). UK: Europe’s top court rules UK mass surveillance regime violated human rights. Retrieved October 11, 2021, from https://www.amnesty.org/en/latest/press-release/2021/05/uk-surveillance-gchq-ecthr-ruling/
Article 19. (2014, May). International Principles on the Application of Human Rights Law to Communications Surveillance. Article 19, Electronic Frontier Foundation. https://www.ohchr.org/documents/issues/privacy/electronicfrontierfoundation.pdf
Attention Required! | Cloudflare. (n.d.). Cloudflare. Retrieved November 10, 2021, from https://www.cloudflare.com/pt-br/learning/ssl/what-is-encryption/
Calvi, Y. (2015, April 7). Loi renseignement : “Une arme redoutable entre de mauvaises mains”, s’inquiète Marc Trévidic. RTL. Retrieved November 3, 2021, from https://www.rtl.fr/actu/debats-societe/la-loi-sur-le-renseignement-entre-de-mauvaises-mains-est-une-arme-redoutable-estime-le-juge-marc-trevidic-7777296541
Carey, S. (2019, July 31). The Snoopers’ Charter: Everything you need to know about the Investigatory Powers Act. Computerworld. Retrieved November 10, 2021, from https://www.computerworld.com/article/3427019/the-snoopers-charter-everything-you-need-to-know-about-the-investigatory-powers-act.html
Columbia Global Freedom of Expression. (2018, January 19). Digital Rights Ireland Ltd v. Minister for Communications, Marine and Natural Resources. Global Freedom of Expression. Retrieved November 22, 2021, from https://globalfreedomofexpression.columbia.edu/cases/ecj-digital-rights-ireland-ltd-v-minister-for-communications-marine-and-natural-resources-c%E2%80%9129312-and-c%E2%80%9159412-2014/
de Hert , Cristobal Bocos, P. P. (2015, December 23). Case of Roman Zakharov v. Russia: The Strasbourg follow up to the Luxembourg Court’s Schrems judgment. Strasbourg Observers. Retrieved October 21, 2021, from https://strasbourgobservers.com/2015/12/23/case-of-roman-zakharov-v-russia-the-strasbourg-follow-up-to-the-luxembourg-courts-schrems-judgment/
European Court of Human Rights. (2021b, May). CASE OF BIG BROTHER WATCH AND OTHERS v. THE UNITED KINGDOM. http://hudoc.echr.coe.int/fre?i=001-210077
European Court of Human Rights. (2021c, May). Factsheet – Mass surveillance. https://www.echr.coe.int/documents/fs_mass_surveillance_eng.pdf
Hern, A. (2017, May 7). UK government can force encryption removal, but fears losing, experts say. The Guardian. Retrieved November 10, 2021, from https://www.theguardian.com/technology/2017/mar/29/uk-government-encryption-whatsapp-investigatory-powers-act
Kleppmann, M. (2015, November 10). The Investigatory Powers Bill would increase cybercrime — Martin Kleppmann’s blog. Martin Kleppmann. Retrieved November 11, 2021, from https://martin.kleppmann.com/2015/11/10/investigatory-powers-bill.html
Lubin, A. (2018, July 25). A New Era of Mass Surveillance is Emerging Across Europe. Just Security. Retrieved November 3, 2021, from https://www.justsecurity.org/36098/era-mass-surveillance-emerging-europe/
Necessity & Proportionality. (n.d.). European Data Protection Supervisor. Retrieved November 22, 2021, from https://edps.europa.eu/data-protection/our-work/subjects/necessity-proportionality_en
Open Technology Institute. (2017, June). DECIPHERING THE EUROPEAN ENCRYPTION DEBATE: UNITED KINGDOM. https://na-production.s3.amazonaws.com/documents/Transatlantic_Encryption_UK__Final.pdf
Privacy International. (2019, February). Guide to International Law and Surveillance 2.0. https://privacyinternational.org/sites/default/files/2019-04/Guide%20to%20International%20Law%20and%20Surveillance%202.0.pdf
Privacy International. (2021, May 25). Q&A: Grand Chamber of the European Court of Human Rights rules UK mass surveillance laws violate privacy and freedom of expression rights. Retrieved October 8, 2021, from https://privacyinternational.org/long-read/4525/qa-grand-chamber-european-court-human-rights-rules-uk-mass-surveillance-laws-violate
Sharma, C. (2019, October 31). Summary: Big Brother Watch and Others v. the United Kingdom. Lawfare. Retrieved November 26, 2021, from https://www.lawfareblog.com/summary-big-brother-watch-and-others-v-united-kingdom
Szabo v. Hungary (Hungary Mass Surveillance) | Privacy International. (n.d.). Privacy International. Retrieved November 1, 2021, from https://privacyinternational.org/legal-action/szabo-v-hungary-hungary-mass-surveillance
United Nations Office of the High Commissioner for Human Rights. (n.d.). ICCPR General Comment No. 16: Article 17 (Right to Privacy), The Right to Respect of Privacy, Family, Home and Correspondence, and Protection of Honour and Reputation. https://www.refworld.org/docid/453883f922.html
Watt, E. (2021, October 1). Much Ado About Mass Surveillance – the ECtHR Grand Chamber ‘Opens the Gates of an Electronic “Big Brother” in Europe’ in Big Brother Watch v UK. Strasbourg Observers. Retrieved October 19, 2021, from https://strasbourgobservers.com/2021/06/28/much-ado-about-mass-surveillance-the-ecthr-grand-chamber-opens-the-gates-of-an-electronic-big-brother-in-europe-in-big-brother-watch-v-uk/
Zalnieriute, M., & Zalnieriute, M. (n.d.). Procedural Fetishism and Mass Surveillance under the ECHR. Verfassungsblog. Retrieved October 13, 2021, from https://verfassungsblog.de/big-b-v-uk/