The European Union’s top court dealt a blow to bulk surveillance regimes in member nations, especially the UK, France, and Belgium. In a ruling on Tuesday, the European Court of Justice held that mass surveillance exercises to safeguard national security don't exempt member states from complying with EU law. The court pronounced two separate but similar and closely linked judgments in three separate cases: one for a UK case and a joint one for a French and Belgian case. The UK case was brought by Privacy International, and the French one was brought by rights bodies La Quadrature du Net, the French Data Network, and the Fédération FDN. The cases were first filed in their individual countries, and were later referred to the European Court of Justice. In a Q&A published on its website, UK-based digital rights body Privacy International explained that national surveillance laws in the UK, France and elsewhere in Europe “require telecommunications companies and service providers to store large amounts of personal data on an ongoing basis for later collection or other access by security and intelligence agencies (SIAs)”. Privacy International had challenged a provision of the UK’s Investigatory Powers Act, which allows for the bulk acquisition and use of communications data by UK’s security agencies, calling it unlawful. There is one exception, however: While pronouncing the judgement, the court offered an exception. It said that in situations where a member state faces “serious threat” to national security, it can be derogated from the obligation to ensure…
