JOINT PARTLY DISSENTING OPINION OF JUDGES LEMMENS, VEHABOVIĆ, RANZONI AND BOŠNJAK

1. We are in agreement with the present judgment, except for the assessment of the complaint about the receipt by the respondent State’s authorities of solicited intercept material from foreign intelligence services, under Articles 8 and 10 of the Convention (see operative points 3 and 5 of the judgment).

2. In the present judgment – as also in today’s judgment in Centrum för rättvisa v. Sweden (no. 35252/08) – for bulk interception regimes the Grand Chamber has established a system of effective “end-to-end” safeguards, with three main pillars or cornerstones, in order to minimise the risk of such power being abused. These fundamental pillars are: (1) the authorisation of bulk interception at the outset, when the object and scope of the operation are being defined, by a body independent of the executive; (2) prior internal authorisation when strong selectors linked to identifiable individuals are employed; and (3) the supervision of the operation by an independent authority together with effective ex post facto review by a body independent of the executive (see paragraphs 350-359 of the judgment).

3. The same “end-to-end” safeguards established for a bulk interception regime should also apply to a regime where the authorities do not themselves intercept cross-border communications and related communications data, but rather ask foreign intelligence services to intercept such data or to convey already intercepted data. However, while upon receipt of the intercept material, the safeguards for its examination, use and storage, its onward transmission, and its erasure and destruction, are equally applicable (see paragraph 498 of the judgment), the first pillar, that is the prior independent authorisation, completely disappears in the majority’s view. Their reasoning in that regard is not convincing for us. Why should a distinction be made according to the way the authorities have come into possession of the intercepted data, whether they intercepted the data themselves or had them intercepted by a foreign authority? Therefore, to our mind, also as far as the first pillar is concerned, the same safeguards as those established for bulk interception should apply.

4. We can fully subscribe to the Court’s assessment in paragraphs 496 and 497 of the judgment, in particular that an interference with Article 8 already lies in the initial request to the foreign authorities, and that the protection afforded by the Convention would be rendered nugatory if States could circumvent their Convention obligations by requesting such data from non-Contracting States. Member States must, therefore, have clear and detailed rules which provide effective guarantees against the use of their power to circumvent domestic law and/or their obligations under the Convention.

5. Where we respectfully depart from the majority is on the question of what “effective guarantees” consist of.

6. The majority first refer to the fact that the requests were either based on warrants already authorised by the Secretary of State or explicitly approved by him or her (see paragraph 505 of the judgment). We would argue, however, that the Secretary of State is not independent of the executive and in this respect the regime governing the receipt of intelligence from foreign intelligence services is beset by the same deficiency as the bulk interception regime (see paragraph 377 of the judgment).

7. Secondly, the majority seem to assume that a national law which provides that there should be no circumvention is of itself an effective safeguard (see paragraph 506 of the judgment). We respectfully disagree. As already pointed out, for example, in the separate opinion of Judge Ranzoni in Breyer v. Germany (no. 50001/12, 30 January 2020), domestic law only provides for the legal basis determining the lawfulness of the interference: it does not, in addition and in itself, constitute an effective safeguard to protect the individual from the application of national law by domestic authorities in an arbitrary manner and from abuse of legal powers. Such protection must go beyond legal rules, in particular when those rules and legal powers are couched in broad terms.

8. In other words, a legal rule which prohibits circumvention or other misuse cannot at the same time be a safeguard for that not to happen. An effective safeguard supposes the availability of a mechanism capable of ensuring the correct application of that very rule. However, a safeguard of that kind is lacking with respect to requests to have data intercepted and conveyed by foreign intelligence services. In our view, as in the bulk interception regime, the first pillar within the “end-to-end” safeguards should similarly apply. Consequently, any such request should be subject to prior authorisation by an independent body capable of assessing whether it is both necessary and proportionate to the aim pursued (see paragraphs 350 and 351 of the judgment), and of ensuring that this power is not used to circumvent domestic law and/or the State’s obligations under the Convention.

9. For these reasons we have voted against the finding of no violation of Article 8 of the Convention in respect of the receipt of intelligence from foreign intelligence services.

10. Since the majority conclude that the intelligence sharing regime does not violate Article 10 of the Convention, on the basis of the same reasons that led them to conclude that there has been no violation of Article 8 (see paragraph 516 of the judgment), we are equally in disagreement with their finding under Article 10.

APPENDIX

List of applicants

App. No.

Applicants

58170/13

Big Brother Watch

58170/13

English PEN

58170/13

Open Rights Group

58170/13

Dr Constanze Kurz

62322/14

Bureau of Investigative Journalism

62322/14

Alice Ross

24960/15

Amnesty International Limited

24960/15

Bytes For All

24960/15

The National Council for Civil Liberties (“Liberty”)

24960/15

Privacy International

24960/15

The American Civil Liberties Union

24960/15

The Canadian Civil Liberties Association

24960/15

The Egyptian Initiative For Personal Rights

24960/15

The Hungarian Civil Liberties Union

24960/15

The Irish Council For Civil Liberties Limited

24960/15

The Legal Resources Centre

[1] All other requests within paragraph 12.2 (whether with or without a relevant RIPA interception warrant) will be made for material to, from or about specific selectors (relating therefore to a specific individual or individuals). In these circumstances the Secretary of State will already therefore have approved the request for the specific individual(s) as set out in paragraphs [sic.] 12.2.

[2] Before the United Kingdom left the European Union, it granted royal assent to the Data Protection Act 2018 on 23 May 2018, which contains equivalent regulations and protections.

[3] Ruth Gavison (1980), “Privacy and the Limits of Law”, Yale Law Journal 89, p. 347.

[4] Jeffrey Reiman (1995), “Driving to the Panopticon: A Philosophical Exploration of the Risks to Privacy Posed by the Information Technology of the Future”, Santa Clara High Technology Law Journal 11:1, p. 42.

[5] George Orwell (2008), Nineteen Eighty-Four (London: Penguin), pp. 4-5.

[6] Daniel Solove (2008), Understanding Privacy (Cambridge, MA: Harvard University Press), p. 98.

[7] Osborn v. United States , 385 U.S. 323 (1966).

[8] See, e.g., Recommendation 1402 (1999) of the Parliamentary Assembly of the Council of Europe on the control of internal security services in Council of Europe member states, in particular Guideline A (ii). This Recommendation addresses activities of internal security services, but we see it as perfectly applicable to foreign intelligence also.

[9] This is the second time that I have written a separate opinion on bulk interception. In Szábo and Vissy v. Hungary , no. 37138/14, 12 January 2016, I had the opportunity to state my views on the slippery slope in which the Hungarian bulk interception regime had engaged and the undesirable consequences lurking at the bottom of the slope. In view of the discussion held in the Grand Chamber, and after careful weighing of all the conflicting arguments, I can now affirm that I have not moved an inch from my previous position. In fact, I am now even more convinced that what I wrote in 2016 is unfortunately still very much up to date. Therefore the present opinion should be read in conjunction with what I wrote five years ago.

[10] This good practice can be found, for instance, in Rohlena v. the Czech Republic [GC], no. 59552/08, 27 January 2015.

[11] The domestic concept is similar. See section 20 of RIPA.

[12] The domestic concept is different. See section 20 of RIPA.

[13] The domestic concept is more limited. See section 20 of RIPA. Section 21 (4), (6) and (7) provides for the concept of “communications data”.

[14] This concept is similar to that of section 20 of RIPA.

[15] This concept is enshrined in section 81 of RIPA, which can also be used by the Court.

[16] Paragraph 323 of this judgment.

[17] Paragraphs 33 and 50 of this judgment.

[18] Paragraph 136 of this judgment.

[19] Paragraph 424 of this judgment.

[20] Paragraph 353 of this judgment.

[21] Paragraph 354 of this judgment.

[22] “Liberty and Security in a Changing World”, Report and Recommendations of the President’s Review Group on Intelligence and Communications Technologies, 12 December 2013, p. 114.

[23] Centrum för rättvisa v. Sweden (no. 35252/08), delivered on the same day as the present judgment. It is noticeable that the Governments of France, the Netherlands, and Norway focused precisely on this point: according to them, there was no justification for adding a reasonable suspicion requirement to bulk interception (paragraphs 301, 305 and 309 of this judgment).

[24] See the oral submission of the respondent Government in the Grand Chamber on 10 July 2019: “They [reasonable suspicion and subsequent notification] are fundamentally incompatible with the operation of a regime which does not depend on the existence of clearly defined surveillance targets. The section 8(4) regime, is, by its nature, an untargeted regime. It exists to discover unknown national security and serious crimes threats. So reasonable suspicion simply could not be a part of it. Such requirement would cripple its utility…”. At the end of the day, the argument boils down to the “utility” of suspicionless massive bulk interception.

[25] Paragraph 348 of this judgment.

[26] Liberty and Others v. the United Kingdom , no. 58243/00, § 63, 1 July 2008.

[27] Weber and Saravia v. Germany (dec.), no. 54934/00, §§ 95 and 114, ECHR 2006‑XI.

[28] Liberty and Others , cited above, §§ 63-65.

[29] Kennedy v. the United Kingdom , no. 26839/05, §§ 158-60, 18 May 2010.

[30] Roman Zakharov v. Russia [GC] , no. 47143/06, §§ 231 and 264, ECHR 2015.

[31] Szábo and Vissy , cited above.

[32] Mustafa Sezgin Tanrıkulu v. Turkey , no. 27473/06, 18 July 2017.

[33] Roman Zakharov , cited above, §§ 231 and 264.

[34] Ibid., §§ 175-178.

[35] Ibid., §§ 31, 246-248.

[36] Ibid., § 265. The cases of “area surveillance” authorisation clearly involved potential bulk surveillance.

[37] Szábo and Vissy , cited above.

[38] Ibid., § 67.

[39] Ibid., § 63.

[40] Ibid., § 71.

[41] Ibid., § 56.

[42] Mustafa Sezgin Tanrıkulu , cited above, §§ 56 and 57.

[43] Paragraph 341 of this judgment. This claim overlooks the Roman Zakharov and Szábo and Vissy cases, already mentioned.

[44] Paragraphs 344-346 of this judgment.

[45] Paragraph 344 of this judgment.

[46] For a detailed analysis of these documents see my opinion in Szábo and Vissy v. Hungary , cited above.

[47] UN doc. CCPR/C/GBR/CO/7.

[48] CommDH (2016)20.

[49] Szábo and Vissy , cited above, § 66: “it is possible for virtually any person in Hungary to be subjected to secret surveillance”.

[50] Mustafa Sezgin Tanrıkulu , cited above, § 7.

[51] Paragraphs 209-241 of this judgment. I refer here to the cases Digital Rights Ireland Ltd (on the Data Retention Directive 2006/24/EC which “entailed an interference with the fundamental rights of practically the entire European population”), Maximilian Schrems (reproaching legislation permitting the public authorities to have access “on a generalised basis to the content of electronic communications”), Privacy International (on national legislation requiring electronic communication services to disclose traffic and location data to intelligence agencies by means of a general and indiscriminate transmission affecting “all persons using electronic communications services”) and La Quadrature du Net and Others (censuring legislation requiring service providers to retain “generally and indiscriminately” traffic and location data). The first two cases concerned the processing of personal data for law enforcement purposes, the last two cases the assessment of secret surveillance conducted by intelligence services.

[52] See below the full discussion on the inability of the territorial jurisdiction-based distinction between internal and external communications to justify bulk interception of the latter.

[53] See the respondent Government’s Observations before the Grand Chamber of 2 May 2019, p. 42 (“many thousands in any given week in relation to individuals known or believed to be in the UK alone”).

[54] Paragraph 345 of this judgment.

[55] Ibid.

[56] It should be noted that the Governments of France and the Netherlands insisted, like the Chamber, that it was wrong to assume that bulk interception constituted a greater intrusion into private life than targeted interception (paragraphs 300 and 306 of this judgment).

[57] As the Court’s research report itself concluded regarding Albania, Andorra, Austria, Belgium, Bosnia and Herzegovina, Croatia, the Czech Republic, Greece, Ireland, Iceland, Italy, Liechtenstein, Moldova, Monaco, Montenegro, North Macedonia, Poland, Portugal, Romania, San Marino, Serbia, Turkey and Ukraine. Thus paragraphs 242-246 of the judgment do not portray a correct picture of the European landscape.

[58] PACE Resolution 2031 (2015).

[59] Council of Europe Human Rights Commissioner’s Memorandum on Surveillance and Oversight Mechanisms in the United Kingdom, CommDH (2016)20, May 2016, p. 10.

[60] Paragraph 242 of this judgment.

[61] Paragraph 345 of this judgment. I refer here to the critique addressed to this concept of “serious crime” by the CJEU (see paragraph 212 of this judgment).

[62] See the Venice Commission report on the democratic oversight of signals intelligence agencies, 2015 , p. 9, 25 and 26 (“there must be concrete facts indicating the criminal offence/security-threatening conduct, and the investigators must have ‘probable cause’, ‘reasonable suspicion’ or satisfy some similar test”), and the Council of Europe Human Rights Commissioner’s Memorandum, cited above, p. 6.

[63] Paragraph 346 of this judgment.

[64] As the CJEU explained in its Digital Rights Ireland judgment, cited above, § 55: “the need for … safeguards is all the greater where … personal data are subjected to automatic processing”.

[65] Point (c) (iii) of the Court’s assessment.

[66] Paragraph 348 of this judgment.

[67] Ibid.

[68] The example derives from the CJEU case-law (see paragraph 220 of the present judgment).

[69] T he example derives from the sharp critique addressed by the European Parliament Resolution of 12 March 2014 on the US NSA surveillance programme, the Venice Commission report, cited above, p. 18, and the Council of Europe Human Rights Commissioner’s Memorandum, cited above, p. 8.

[70] Szábo and Vissy , cited above, § 71.

[71] Roman Zakharov, cited above, §§ 260, 262 and 263.

[72] Paragraph 348 of this judgment.

[73] Paragraph 330 of this judgment.

[74] Paragraph 350 of this judgment.

[75] Ibid.

[76] Ibid.

[77] Paragraph 351 of this judgment.

[78] Paragraph 352 of this judgment.

[79] Paragraph 355 of this judgment.

[80] Ibid.

[81] Paragraph 356 of this judgment.

[82] Paragraph 359 of this judgment.

[83] Paragraph 350 of this judgment.

[84] Paragraph 348 of this judgment.

[85] Paragraph 360 of this judgment.

[86] See for example, paragraph 370, in fine , of this judgment.

[87] Although the Court’s language is not uniform, sometimes referring to the concept of independent authority and other times to that of independent body, it seems that there is no substantial difference between these concepts.

[88] Paragraph 352 of this judgment.

[89] Paragraph 354 of this judgment.

[90] Paragraph 355 of this judgment.

[91] Ibid. As the Venice Commission report, cited above, p. 28, put it, “internal controls are insufficient”. Thus paragraph 199 of the judgment misrepresents the position of the Venice Commission.

[92] Paragraph 356 of this judgment.

[93] Paragraph 359 of this judgment.

[94] Venice Commission Report, cited above, p. 32 (“For European states, ex ante judicial approval in individual cases is to be preferred”). Thus paragraph 197 of the judgment distorts the message of the Venice Commission. The Council of Europe Human Rights Commissioner also suggested adopting ex ante judicial authorisation ( Memorandum, cited above, § 28).

[95] The fact that judicial authorisation might not in itself be a sufficient safeguard against abuse does not support the conclusion that it is not a necessary one. It should be noted that ex ante judicial authorisation was introduced by IPA, but this is not the place to discuss ex professo the judicial review standard introduced by IPA, because the 2016 Act is not before the Court.

[96] See all the international authorities cited in my opinion appended to Szábo and Vissy , cited above.

[97] That is why I believe that the massive collection of data of innocent people accepted by the Court in the present judgment falls foul of the principles established in S and Marper v. the United Kingdom , nos. 30562/04 and 30566/04, § 135, 4 December 2008; Shimovolos v. Russia , no. 30194/09, §§ 68 and 69, 21 June 2011; M.K. v. France , no. 19522/09, § 37, 18 April 2013; and most importantly, Mustafa Sezgin Tanrıkulu v. Turkey , cited above, §§ 57-59.

[98] This is the universal standard as compiled in the United Nations Compilation of good practices on legal and institutional frameworks and measures that ensure respect for human rights by intelligence agencies while countering terrorism, including on their oversight, 17 May 2010 (A/HRC/14/46): “Practice 21. National law outlines the types of collection measures available to intelligence services; the permissible objectives of intelligence collection; the categories of persons and activities which may be subject to intelligence collection; the threshold of suspicion required to justify the use of collection measures; the limitations on the duration for which collection measures may be used; and the procedures for authorising, overseeing and reviewing the use of intelligence-collection measures.”

[99] Other than Sanoma Uitgevers B.V. v. the Netherlands [GC], no. 38224/03, §§ 90-92, 14 September 2010, see European Union Fundamental Rights Agency (FRA), Surveillance by intelligence services: fundamental rights safeguards and remedies in the EU , volume II: Field perspectives and legal updates , 2017, p. 12: “EU Member States should establish specific legal procedures to safeguard the professional privilege of groups such as members of parliament, members of the judiciary, lawyers and media professionals. Implementation of these procedures should be overseen by an independent body.”

[100] Venice Commission report, cited above, p. 26.

[101] This is the universal and European standard as compiled respectively by the United Nations Compilation, cited above (“Practice 25. An independent institution exists to oversee the use of personal data by intelligence services. This institution has access to all files held by the intelligence services and has the power to order the disclosure of information to individuals concerned, as well as the destruction of files or personal information contained therein”) and FRA, Surveillance by intelligence services , cited above, p. 11 ( “Member States should also grant oversight bodies the power to initiate their own investigations as well as permanent, complete and direct access to necessary information and documents for fulfilling their mandate”).

[102] Szábo and Vissy , cited above, § 86. In the logic of Szábo and Vissy , this is a further minimum requirement over and above the Weber and Saravia criteria. On the advantages of the notification process “in curbing overuse”, see the Venice Commission report, cited above, p. 35, and the reports of the Council of Europe Human Rights Commissioner on Germany 2015, p. 17, and on the United Kingdom, 2016, cited above, p. 5.

[103] Paragraph 358 of this judgment.

[104] Paragraph 362 of this judgment.

[105] Ibid.

[106] Ibid.

[107] Ibid.

[108] The majority ignore the fact that Article 2 of the Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, regarding supervisory authorities and transborder data flows (ETS n.º 181), states that parties must ensure an adequate level of protection for personal data transfers to third countries, and that derogations are admitted only when there are legitimate prevailing interests. The Explanatory Report to that Convention adds that exceptions must be interpreted restrictively, “so that the exception does not become the rule” (§ 31). It is important to note that this Protocol has been ratified by 44 States, including 8 non-members of the Council of Europe. The United Kingdom has not ratified it. In addition to this Council of Europe standard, the European Union only allows for the transfer of personal data to a third country which affords a level of protection essentially equivalent to that guaranteed within the European Union (§ 234 of this judgment).

[109] Venice Commission report, cited above, 2015, p. 34 (“The originator or ‘third-party rule’ should not apply to the oversight body”), as well as FRA, Surveillance by intelligence services , cited above, 2017, pp. 13 and 106 (“Notwithstanding the third-party rule, EU Member States should consider granting oversight bodies full access to data transferred through international cooperation. This would extend oversight powers over all data available to and processed by intelligence services”).

[110] Paragraph 342 of this judgment.

[111] Ultimately, the Court was sensitive to the Government’s threat, according to which “if member states operating bulk interception regime were required to apply the same protections to RCD [related communications data], as to content, then the likely result would simply be a watering down of the protection of content.” (respondent Government’s Observations before the Grand Chamber of 2 May 2019, p. 42).

[112] Paragraph 364 of this judgment in conjunction with paragraph 361.

[113] Paragraph 347 of this judgment.

[114] In Liberty and Others , cited above, all the claimants were NGOs arguing that their right to protection of their correspondence had been breached. These rights are also engaged in the present case.

[115] For this purpose, other than the above-mentioned authorities in paragraph 8, I have also taken into account the United Nations Compilation, cited above, 2010, the Venice Commission report, cited above, 2015, and the FRA report, cited above, 2017.

[116] Article 2 (b) of the UN Convention against Transnational Organized Crime defines “serious crime” as conduct punishable by a maximum deprivation of liberty of at least four years or a more serious penalty. The Explanatory Report on Recommendation Rec(2005)10 of the Committee of Ministers follows that reference.

[117] Paragraph 270 of this judgment. This means that, just like the Grand Chamber, I have not taken into consideration the changes introduced by the IPA and the new 2018 IC Code. They were not before this Court.

[118] See the interesting discussion between the parties during the Grand Chamber hearing on 10 July 2019 on this exact point. The Court has defended different views on the precision of the purpose of national security (compare and contrast Iordachi and Others v. Moldova , no. 25198/02, § 46, 10 February 2009, and Kennedy v the United Kingdom , cited above, § 159).

[119] Paragraph 146 of this judgment.

[120] Paragraph 145 of this judgment.

[121] See the respondent Government’s observations before the Grand Chamber of 2 May 2019, p. 9.

[122] Paragraph 51 of this judgment, which the Court reiterated in paragraph 375.

[123] Paragraphs 36 and 116 of this judgment, which refers to paragraph 12.2 of the IC Code.

[124] Paragraph 47 of this judgment.

[125] As the respondent Government put it, “But the fact that electronic communications may take any route to reach their destination inevitably means that a proportion of communications flowing over a bearer between the UK and another State will consist of ‘internal communications’: i.e., communications between persons located in the British Islands.” (see their Observations before the Grand Chamber of 2 May 2019, p. 20).

[126] Paragraph 75 of this judgment.

[127] Paragraph 321 of this judgment. See also the IPT judgment Belhadj & Others v the Security Service & Others , IPT/13/132-9/H.

[128] Paragraph 75 of this judgment. This practice seems to contradict paragraph 6.5 of the IC Code.

[129] The respondent Government themselves admitted this (see their Observations before the Grand Chamber of 2 May 2019, p. 37).

[130] It does not suffice to argue that since the British legislation “prevents intercepted material from being selected for examination according to a factor ‘referable to an individual who is known to be for the time being in the British Islands’, any resulting difference in treatment would not be based directly on nationality or national origin, but rather on geographical location”, as the Chamber judgment did (§ 517), for the obvious reason that the vast majority of people known to be for the time being in the British Islands are British citizens, and vice versa the majority of those outside are foreigners. The more beneficial treatment of nationals was also noted by the FRA ( Surveillance by intelligence services , cited above, p. 45: “When intelligence services conduct surveillance domestically, the applicable legal safeguards are enhanced comparing to those in place for foreign surveillance”).

[131] IPT, Human Rights Watch & Ors v SoS for the Foreign & Commonwealth Office & Ors , 16 May 2016: “In respect of any asserted belief that any conduct falling within s.68(5) of RIPA has been carried out by or on behalf of any of the Intelligence Services, a complainant must show that there is a basis for such belief, so that he may show that he is potentially at risk of being subjected to such conduct. Further such a claimant must show in respect of such a complaint that he is or was at a material time present in the United Kingdom ”.

[132] The Venice Commission Report, cited above, p. 17, makes the same critique “on fundamental grounds”, as does the UN Special Rapporteur on the promotion of the right to freedom of opinion and expression, referring to the ICCPR (see paragraph 313 of this judgment).

[133] Paragraph 22 of my opinion in Mursić v. Croatia [GC] , no. 7334/13, 20 October 2016.

[134] Section 16(3) of RIPA.

[135] Paragraph 6.2 of the IC Code.

[136] Section 5(6)(a) of RIPA and paragraph 6.6 of the IC Code.

[137] Respondent Government’s Observations before the Grand Chamber of 2 May 2019, p. 37.

[138] Under paragraph 6.2 of the IC Code, “section 8(4) interception is an intelligence gathering capability”.

[139] Section 81 of RIPA defines prevention and detection of crime, but not investigation.

[140] The Venice Commission report, cited above, p. 11, makes the same point.

[141] The UK Parliament acknowledged, in its 2015 ISC report, the lack of independence of the Secretary of State, prior to the change of creation of the IPA in 2016.

[142] Provisions applicable to section 8(4) material which is selected for examination and which constitutes confidential information (paragraph 4.32 of the IC Code). The respondent Government now acknowledge “that requests for communications data intended to identify journalistic sources should be subject to judicial approval” (UK response to Council of Europe Human Rights Commissioner – Memorandum on surveillance and oversight mechanisms in the United Kingdom, p. 24).

[143] Paragraphs 146-147 of this judgment.

[144] This was also the conclusion of the 2015 ISC report (see paragraph 147 of this judgment). It comes as no surprise then that in 2016, 3,007 interception warrants were issued and only five requests were refused by the Secretary of State (paragraph 170 of this judgment). The figures say it all: the Secretary of State was there just to rubber-stamp the requests.

[145] Paragraph 33 of this judgment.

[146] See § 347 of the Chamber judgment, and § 26 of the separate opinion of Judge Koskelo, joined by Judge Turković, which points to the fact that the UK system is in fact behind the German system of safeguards existing at the time of Klass and Others and Weber and Saravia .

[147] Regrettably, this passage of the 2015 ISC report, which is referred to in paragraph 142 of the judgment, was overlooked by the majority.

[148] Paragraph 57 of RIPA 2000.

[149] The critique made by the applicant during the Grand Chamber hearing on 10 July 2019 is legitimate: a single retired judge working part-time and with a small secretariat and conducting a modest sample analysis “cannot hope to exercise meaningful oversight”.

[150] On these principles and their role within the Council of Europe see my separate opinion in Szábo and Vissy, cited above.

[151] As acknowledged by the respondent Government in the Grand Chamber hearing on 10 July 2019.

[152] As described by the respondent Government (paragraph 403 of this judgment). It seems that even the internal policies are not complied with (paragraph 59 of this judgment).

[153] Paragraphs 6.22 to 6.24 of the IC Code.

[154] Paragraph 176 of the judgment.

[155] It is quite astonishing that the majority, in paragraph 405 of the judgment, only found it “desirable” that the practice described by the respondent Government in the Grand Chamber be enshrined in the law.

[156] IPA introduced a requirement for the Commissioner to consider whether there has been a serious error and it would be in the public interest to notify the individual, but this rule is not before the Court in the present case. The IPA policy choice is a concession that the previous system was insufficient, and it will be for another day to see if the IPA solution is sufficient.

[157] This is aggravated by the NCND (“neither confirm, nor deny”) policy of the Government, which “prevents a person from ever knowing if he/she has been the target of surveillance” and “shields surveillance decisions from effective scrutiny”, as the Council of Europe Human Rights Commissioner concluded (Memorandum, cited above).

[158] Thus the majority’s conclusion that the IPT is “a robust judicial remedy to anyone who suspected that his or her communications had been intercepted” (§ 415) fails to identify the patent shortcoming of the system: its virtual character for those who have no reason to suspect that they have been subjected to secret surveillance.

[159] Section 69(1) of RIPA.

[160] The respondent Government said that, “even prior to the issue of chapter 12 of the Code, it was ‘accessible’ as a result of the Disclosure”, referring to the October 2014 disclosure (see their Observations before the Grand Chamber of 2 May 2019, p. 49). This shows that even the Government admit that prior to that moment the law was not accessible.

[161] Paragraph 116 of this judgment.

[162] Paragraph 263 of this judgment.

[163] In the words of the respondent Government in the Grand Chamber hearing of 10 July 2019: “so to the extent that the sting of the questions is have you got lots of data, even after the end of your filtering process, the answer to that question is ‘yes’ and a jolly good thing too, we submit.”

[164] Paragraphs 502 and 503 of this judgment.

[165] Paragraph 362 of this judgment.

[166] Paragraph 513 of this judgment.

[167] Unfortunately, the Court ignored the position of the Human Rights Committee in its 2015 Concluding observations on the United Kingdom, UN Doc. CCPR/C/GBR/CO/7, 17 August 2015, para. 24, where it voiced concern over the “lack of sufficient safeguards in regard to obtaining of private communications from foreign security agencies and the sharing of personal communications data with such agencies”.

[168] This is exactly what the Venice Commission calls for (see paragraph 201 of this judgment).

[169] Paragraph 7.3 of the IC Code (see paragraphs 96 and 390 of this judgment).

[170] Oral submissions of the respondent Government during the Grand Chamber hearing on 10 July 2019.

[171] Paragraphs 422-423 of this judgment.

[172] See the oral submissions of the respondent Government during the Grand Chamber hearing on 10 July 2019. This way the intercepting authority could get hold, via a bulk warrant, of content that they ought to have obtained via an individual and targeted warrant under section 8, and could therefore circumvent this Court’s judgment in Kennedy v. the United Kingdom , cited above.

[173] Paragraph 420 of this judgment.

[174] My judgment is based on my own experience as a criminal-court judge in highly complex criminal cases, where the police often requested the interception of vast amounts of related communications data.

[175] Paragraph 450 of this judgment.

[176] Compare and contrast §§ 420 and 421. Note that in § 420 the language is “the principal statutory safeguard”, but in § 421 it is toned down to “an important safeguard”. The imprecise language in § 421 is perplexing, but even more disturbing is the lack of substance. The sheer manipulation of the language is instrumental for the Court’s different weighting of the “concerns” raised in §§ 381 and 382 in the field of bulk interception of related communications data. The cherry on the cake is evidently the “overall assessment”, which allows the Court to reach whatever result it wants to reach (see my analysis of this “overall fairness” criterion in my opinions appended to Muhammad and Muhammad v. Romania [GC] , no. 80982/12, 15 October 2020, and Murtazaliyeva v. Russia [GC] , no. 36658/05, 18 December 2018 ).

[177] Szábo and Vissy , cited above, § 70: “The guarantees required by the extant Convention case-law on interceptions need to be enhanced so as to address the issue of such surveillance practices.” Likewise, PACE Resolution 2045(2015) insisted on the need for reinforced oversight of mass surveillance.

[178] 277 US 438.

[179] Paragraph 226 of this judgment.

[180] Paragraphs 211, 217, 239-241 of this judgment.

[181] Paragraph 234 of this judgment.