At his press conference today, the prime minister rattled off so many threats that listeners were, in effect, asked to pick their own rationale for his emergency data legislation. The myriad dangers – paedophile networks, organised crime, an unstable Middle East – have little in common, save for the fact that they are not passing exigencies at all, but chronic problems. The real emergency is not any sort of hidden plot; it is a ruling by the court of justice of the European Union which rejected virtually limitless state snooping on telephone and email data as disproportionate.

The EU directive thus struck down was a British concoction, pushed through in the post-7/7 mood, when an entirely understandable urge to give the authorities the anti-terror tools they required was intensified by New Labour's authoritarian posturing. It allowed governments to command communications companies to maintain for 12 months complete logs of who was ringing, emailing or texting whom when, and granted the authorities access to these revealing details of day-to-day personal life in sweeping circumstances. The interception commissioner's reports record that official requests for access to data are routine – with around half a million notices and authorisations a year. No wonder the Luxembourg court insisted that replacement rules would need many safeguards – covering checks on necessity, independent arbitration and more – to comply with human rights.

In its early days, the Cameron government called itself a coalition of liberty, and sounded sensitive to this point of view. Its founding agreement promised to "end storage of internet and email records without good reason". There were concessions today, on oversight, scope and procedure. But only time will tell how effective these will be. Whitehall's essential response is to rewrite a discredited European law on to the British statute book. There is unease about busybody officials and leaky databases, but such mundane anxieties do not hold attention in the same way that jihadi or paedophile plotters do. With this in mind, and no independent means of challenging the security state's demands, Labour and the Lib Dems have agreed to get behind David Cameron's bill, in return, chiefly, for welcome reviews of important parts of the system.

The pledged review of the 2000 Regulation of Investigatory Powers Act is badly overdue. Its specific remit to consider how to regulate domestic messages that travel "via international servers" responds to Edward Snowden's revelations about how national intelligence agencies exploit the web's global character to subvert promises about privacy at home. But neither a quickfire consensus forged by MPs about to jet off to the beach, nor anything else about today's announcement, suggested a parliament as committed as it should be to engaging with what it has brazenly neglected for months: the boundless appetite of NSA and GCHQ for personal data.

If Westminster was serious about the discussion which Barack Obama engaged in when he spoke about "the risks of government over-reach" in January, it could have begun its own post-Snowden reviews in parallel. That would have left it better placed to come up with a lawful framework for regulating surveillance in response to the Luxembourg ruling. It did not do so, preferring to stick its head into the sand – where it remained for three months after the EU judgment was given in April.

The expiry date for this legislation does not kick in for two-and-a-half years: there is a danger that the momentum for change could be lost. Precedent and the passage of time could substitute for argument, just as they are doing this week, as minsters insist that the only powers they are asking for cover things that they already do. Today's promised reviews will only fulfil their potential to effect change for the good if Labour and Lib Dem MPs especially impose some serious pressure. A British parliament that is far too relaxed about officialdom listening in must not, once again, tune out of a conversation that needs to be had.