Security Policy and the Right to Privacy
geralt / Pixabay
Security Policy and the Right to Privacy

An important decision of special interest to politically active citizens in Europe came out on January 24, 2019 by the European Court of Human Rights. As stated in the Press Release issued by the Registrar of the Court, in the case of Catt v. the United Kingdom (application no. 43514/15) “UK failed to protect the right to privacy of a lifelong activist whose personal data appeared in an extremism database”. The judgment was held unanimously and regarded that the UK violated Article 8 (“right to respect for private and family life”) of the European Convention on Human Rights.

The case started with the complaint of Mr. John Olroyd Catt,who is 94 years old and has been a “life long peace activist and a regular attender at demonstrations of various kinds”. Although the applicant has never been convicted of any offense and has had no violent history, the police collected and retained the applicant’s personal data in a database for “domestic extremists”. He appealed to the relevant UK judicial authorities and the UK Supreme Court decided that the police acted in a proportional way due to the fact it regarded the file on Mr Catt was not nominal anymore. It was not aiming to establish criminal charges against him, but it was useful for an assessment of danger to the public and it had value for policing purposes due to the activities of a violent organised group whose demonstrations he attended. The UK domestic legal framework related to the gathering and retaining of the above information is the Data Protection Act 2018 (that replaced Data Protection Act 1998) and the Code of Practice on the Management of Police Information.

The European Court of Human Rights, with this decision, tries to balance the need for security (eminent in many countries due to violent extremism and terrorist threat that needs intelligence and monitoring of suspects in order to prevent attacks) and the respect of privacy (a main aspect of human rights and liberties, often endangered by counter- extremism policies). While it considers that collecting information on the applicant can be regarded as justified for security purposes, it further argues that retaining this information that is about sensitive data is not justified. Furthermore, the Strasbourg Court focuses on the issue of lack of safeguards regarding this retention of data:

Like the Supreme Court it found that there were good policing reasons why such data had to be collected. In Mr Catt’s case, the collection of his data had been justified because Smash EDO’s activities were known to be violent and potentially criminal. While Mr Catt had never been violent or shown any tendency towards such behaviour, he had identified himself repeatedly and publicly with that group. The Court found, however, that the continued retention of the data in Mr Catt’s case had been disproportionate because it was personal data which revealed political opinions and so had enhanced protection; it had been accepted that Mr Catt did not pose a threat to anyone, also taking into account his age; and there had been a lack of effective procedural safeguards. The lack of safeguards included the absence of a time-limit on how long data should be kept, the only definite rule being that information would be held for a minimum of six years before being reviewed. In Mr Catt’s case it was not clear that such six-year or other reviews had taken place. This also contrasted with privacy resolutions passed by the Committee of Ministers of the Council of Europe, which indicated that there should be maximum time-limits for holding certain kinds of information. The Court was also concerned about the effectiveness of legal challenge as a safeguard 3 in this case because the police had actually held more data on Mr Catt at the time of the domestic proceedings than previously acknowledged.

An upper time-limit of retaining sensitive information is viewed by the European Court of Human Rights as essential in order to have effective procedural safeguards, meaning an effective protection from police abuse, especially in the contemporary era of advanced monitoring technology. This is crucial as an indefinite time of detention of data that has to do with citizens’ activities and even their political opinions associated (or in some cases the religion of citizens, when monitoring possible threats of Islamist extremism) creates an environment of insecurity and gives excessive, potentially dangerous power to the police. The relationship between state and citizen should not end up in one of “all seeing”-“all knowing”-“all registering” without limits and effective ways for citizens to question the gathered information about them, how long it is stored and how it can be used.

The European Court of Human Rights has dealt also in the past with the UK police practice of retaining information about citizens in its decision MM v United Kingdom ECHR (issued on 13 Nov 2012, application no 24029/07). Based on this previous judgement, the Court now refers to texts of the European legislation framework, like the regulations of the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data 1981, the Explanatory Report to the Convention, the Protocol amending the Convention for theProtection of Individuals with regard to Automatic Processing of Personal Data, the Data Protection Directive and the General Data Protection Regulation and Directive (EU) 2016/680.

Strasbourg took an important step towards the protection of human rights when in many countries counter- extremism and counter-terrorism legislation and measures have compromised civil liberties. In several European countries,social and economic reasons have led people to the streets protesting for better living conditions. From active practicing of religion, to participation in demonstrations or political protests and being an activist (all the above even without any involvement in violence) can be reasons for authorities to flag a person and gather information on him/her, creating a file about them in security services without justifying its usefulness v. proportionality. The reason why the protection of privacy from counter-extremism databases matters (hence why this ECHR decision is important for Europeans) is described eloquently by the dissenting opinion of Lord Touson in favour of the applicant, noted actually in the UK Supreme Court decision that led the case to the European Court:

It matters because in modern society the state has very extensive powers of keeping records on its citizens. If a citizen’s activities are lawful, they should be free from the state keeping a record of them unless, and then only for as long as, such a record really needs to be kept in the public interest.


Dr. Maria Alvanou is a Criminologist as well as a Terrorism and Security Expert. She is also a Defense Lawyer with the right of audience before the Supreme Court of Greece.

Suggested citation: Dr. Maria Alvanou, Security Policy and the Right to Privacy, JURIST – Academic Commentary, Feb. 13, 2019,

This article was prepared for publication by Raven Moore, a JURIST Assistant Editor. Please direct any questions or comments to her at


Opinions expressed in JURIST Commentary are the sole responsibility of the author and do not necessarily reflect the views of JURIST's editors, staff, donors or the University of Pittsburgh.