13 May 2017
Council in a twist over data retention judgment
Follow us: | | Tweet
The Court essentially laid down that data couldonly be retained for the purpose of serious crime and terrorism, that there must be set out in law:
"ex-antereview, oversight, individuals' rights and security and protection of retained data"
And that there must be a requirement that the data:
"concerned should be retained within the European Union."
Thus personal data cannot be transferred to a third state (eg: the USA).
The court said:
"in the light of the Charter of Fundamental Rights, must be interpreted as precluding national legislation that "governs the protection and security of traffic and location data and, in particular, access of the competent national authorities to the retained data, where the objective pursued by that access, in the context of fighting crime, is not restricted solely to fighting serious crime, where access is not subject to prior review by a court or an independent administrative authority, and where there is no requirement that the data concerned should be retained within the European Union".
Scope of access
The Council Presidency invites Member states to:
"to exchange views on these questions with a particular focus on the impact of the access criteria/conditions on the operational capabilities of law enforcement authorities (LEAs), including existing investigatory methods/techniques and to provide concrete examples where possible, in this respect....
Regarding the scope of access to retained communications data in terms of the purposes for which data are used and processed, paragraph 115 of the Tele2 ruling states that, in relation to the (exhaustive) list of objectives set out in the first sentence of Article 15(1) of Directive 2002/58, "it follows that, in the area of prevention, investigation, detection and prosecution of criminal offences, only the objective of fighting serious crime is capable of justifying such access to the retained data." [emphasis in original]
Persons whose data can be accessed
"as a general rule, be granted, in relation to the objective of fighting crime, only to the data of individuals suspected of planning, committing or having committed a serious crime or of being implicated in one way or another in such a crime [..]. However, in particular situations, where for example vital national security, defence or public security interests are threatened by terrorist activities, access to the data of other persons might also be granted where there is objective evidence from which it can be deduced that that data might, in a specific case make an effective contribution to combating such activities." [emphasis in original]
Conditions for access
"Regarding conditions relating to access, paragraph 118 of the Tele2 ruling states: national legislation must also lay down substantive and procedural conditions governing the access of the competent national authorities to the retained data". These conditions include ex-ante review, oversight, individuals' rights and security and protection of retained data (see paragraphs 120 to 123 of Tele2)." [emphasis in original]
The Presidency Note poses a number of questions to Member States and law enforcement agencies, including:
"Does your legislation require service providers to retain data within the European Union?"
Will the EU and its Member States ever comply with the law?
In 2014: "Digital Rights Ireland and Seitlinger and others": The Court of Justice declared the Data Retention Directive to be invalid (Press release, pdf) and Judgment (pdf).
Tony Bunyan, Statewatch Director, comments:
"Despite the 2014 Digital Rights Ireland judgment the Council, the Commission and Member States have simply carried on ignoring the ECJ's verdict that the Data Retention Directive has been unlawful since it was adopted in 2006. In 2016 the "Tele 2 and Watson" judgment came to the same conclusions. For how long will they be allowed to flout the rule of law?"
See: In December 2016: Watson/Tele2 Sverige AB case: The Members States may not impose a general obligation to retain data on providers of electronic communications services (Press release, pdf) and Full-text of CJEU judgment (pdf)
See also: Council calls in the "experts" to try and get round the law (Statewatch)
Spotted an error? If you've spotted a problem with this page, just click once to let us know.
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: c/o MDR, 88 Fleet Street, London EC4Y 1DH, UK. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.