One week after the European Court of Justice (ECJ) ruled that the Data Retention Directive was invalid, no action has been taken by either the UK government or telecoms companies to protect the data of UK citizens.
The data collection directive was ruled invalid last Tuesday for its contravention of basic privacy rights and exploitation of personal data. First ordered in 2006, the directive required telecoms companies in Europe to store traffic and location data of their customers for up to two years.
UK telecoms firms TalkTalk, Virgin Media and Sky have told IBTimes UK that they are waiting for direction from the UK government before they make any changes to their data collection practices but any change in government policy seems unlikely.
When requested to confirm whether or not any action was being taken to adapt its data collection policy in light of the recent ruling, the UK Home Office said that it was "considering the judgement and its implications carefully". However, it was implied that it had no immediate plans to curtail the data collection.
In a statement to IBTimes UK, a spokesperson for the Home Office said: "The retention of communications data is absolutely fundamental to ensure law enforcement have the powers they need to investigate crime, protect the public and ensure national security."
Interfering with fundamental rights to privacy
The ECJ ruling that the directive is invalid means that it is no longer illegal to not gather and retain customers' data. Should companies wish to do so, they would technically need a clear legal purpose.
As the UK regulations directly based on the directive are now also technically defunct, clarification from the government is not necessarily needed by UK telecoms companies to end such data collection practices.
However, data collection is continuing in line with the original directive, meaning that according to the European court they are in direct violation of a person's right to privacy.
"(The directive) entails a wide-ranging and particularly serious interference with the fundamental rights to respect for private life and to the protection of personal data, without that interference being limited to what is strictly necessary." The ECJ said in a statement following the ruling last week.
A matter of urgency
Privacy advocates have said that they are "unsurprised" by the lack of action on the part of the UK government and telecoms companies.
Jim Killock, executive director of Open Rights Group (ORG), has said that more needs to be done in the UK to end data collection in line with the ECJ ruling.
Killock wrote an open letter to UK Internet service providers (ISPs) following the declaration that the directive was invalid. While the directive covers internet-related, mobile and fixed-phone data, it is believed the majority of data requests are ordered to ISPs.
In the letter Killock argued that the current UK regulations concerning data collection no longer had a basis in UK law and should therefore be dismissed by the companies.
The companies that responded to Killock, TalkTalk and Virgin Media, reiterated that they were "seeking clarification" from the UK government before acting. BT is yet to respond to either ORG or IBTimes UK.
"The companies should follow Sweden's lead and protect the privacy of their customers," Killock told IBTimes UK. "We don't want data retained, and ISPs have always promised that they only do it because their is a law that compels them.
"Both ISPs and UK citizens should insist that the current law must die, now, as a matter of urgency."