When it comes to online privacy, the UK is already screwed

Last week’s formal announcement of the UK government’s CCDP surveillance plans, may be the last nail in the coffin when comes to the online privacy of UK citizens, but it certainly isn’t the first. The UK has for some time led the way in Europe when it comes to a complete disregard for the privacy of internet users across the country.

If you haven’t heard about the CCDP and what a frightening, needless and downright criminal piece of legislation it is, then you can check out our blog right here, from when The Sunday Times broke the story in March. It’s worth noting that, despite the formal announcement, the UK coalition government has continued to remain tight-lipped on the details and refused to answer any real questions on the matter. So there’s still time to protest and pile on the pressure (more information on how to do that is in the linked article), especially since the coalition is lurching from one political disaster to another.

Data retention

But while we have the CCDP to look forward to, why don’t we remind ourselves of the online snooping and spying that already goes on in the UK.

The UK government is a fully signed-up member of the EU Data Retention Directive. This means that all UK ISPs must track and record what websites you are visiting, when you visit them, when you send emails, who you send them to, your login times and a whole host of other related data. UK ISPs must then store this information for a minimum of 1 year until after you cancel your account.

Sure, this directive comes from the EU and other countries have also signed-up. But not all of them. Germany refuses to implement the law, because it considers it unconstitutional. Sweden and Romania have also refused to implement the law. And before you curse the EU for mandating such a horrible directive, the UK already had its own data retention law in place – part of the Terrorism Act - which was pretty much the same deal.

Lack of oversight

What makes the UK’s approach to data retention particularly frightening is the ease at which your personal data can be accessed. Most of the EU countries require some sort of judicial oversight before authorities get to snoop on what you’ve been up to online. Not much oversight appears to be required in the UK.

There are over 200 agencies and 474 local authorities in the UK who are allowed to access stored communications data from your ISP, in secret. There were over 500,000 requests for communication data, under the controversial RIPA act, in 2009 alone. These requests aren’t all aimed at catching out terrorists or criminal masterminds. In 2008 it emerged that a couple in Dorset were spied on 21 times by their local education authority, under RIPA. to find out if they live in a school catchment area (though it’s not clear if internet data was accessed in this particular case).

Orwell, anyone?

So, not content with the 2-4 million CCTV cameras spread across Britain (no one seems to know the exact figure), the UK government evidently seems hell-bent on monitoring what you do in the privacy of your own home. Sure things are bad now, but the CCDP will make this situation even worse. So if you care about privacy in the UK, now is the time to get involved and make your voice heard.

Comments icon
We invite you to discuss this post in our Reddit community or on Twitter. You can also send your feedback to blog@ivpn.net.
Tags: Privacy


Winston Smith


Except that under the “Protection of Freedoms Bill (HC Bill 146)” which received royal assent at the beginning of this month, the Regulation of Investigatory Powers Act 2000 was amended to include this clause:

“The authorisation or notice is not to take effect until such time (if any) as the relevant judicial authority has made an order approving the grant or renewal of the authorisation or (as the case may be) the giving or renewal of the notice.”




V for Vendetta!



In Time It Might Just Come To That…

Most people don't need a commercial VPN to work from home securely

Posted on April 7, 2020 by Nick Pestell

Many small businesses and their employees are concerned about the security of their data whilst working from home during the coronavirus pandemic. We see a lot of confusion surrounding this topic, even from fairly technical folk and there is unfortunately a lot of misinformation being spread by commercial VPN providers themselves.

You can't always get what you want: the eternal conflict between lawful access and privacy

Posted on April 19, 2018 by mirimir

In late March, the US Clarifying Lawful Overseas Use of Data Act (CLOUD Act) took effect. And predictably, the US Supreme Court just dismissed United States v. Microsoft Corp. In that case, Microsoft was fighting a subpoena for data stored in an Irish data center.

Protect yourself today and get peace of mind

Shut out hackers, identity thieves and the global government surveillance apparatus — every time you go online.