And from what I read the summary is wrong.
This ruling applies to all EU+UK (including post Brexit for now) states but was requested by UK/France/Belgium lawyers initially.
This ruling also seems to mandate that all EU+UK states cannot keep metadata indefinitely/permanently unless it's highly targeted (as in "individually targeted"), within a judicial framework and only for specific high security issues.
So it doesn't forbid mass surveillance per se but only seems to mandate that they can't keep the data forever unless strictly necessary.
Some could even interpret this ruling as permission to do mass surveillance as long as they don't keep the data for too long (a year? 10 years? it's unclear)
The only defense against surveillance of communication channels is to make it technically impossible. Respecting privacy may be a misnomer here, they just have to adhere to EU law, which probably leaves room to let state actors continue exactly as before.
edit: "no mass surveillance without limits" titles techcrunch. As if the "limits" could make mass surveillance acceptable. This article is "fake news" in the original sense, because they actually reduced barriers for mass surveillance.
The UK has key disclosure requirements in RIPA. There's a 2 year prison sentence (5 years if it's a national security or child indecency case).
Key disclosure: https://www.legislation.gov.uk/ukpga/2000/23/part/III
Failure to comply with a notice: https://www.legislation.gov.uk/ukpga/2000/23/section/53
Same issue as the US where the Supreme Court should still rule about this whole right to not incriminate yourself / remain silent by not revealing a password.
No such cases have reached those jurisdiction yet as far as I know?
What makes you think it's not already legal?
