EU: Council in a twist over data retention judgment


EU  
Council in a twist over data retention judgment
13.5.17
Follow us: | | Tweet


The Council of the European Union is really struggling to finds ways around the Court of European Justice judgment in "Tele 2 and Watson": See: Access criteria for competent authorities to retained communication data - Exchange of views (LIMITE doc:no 8798-17, pdf)

The Court essentially laid down that data couldonly be retained for the purpose of serious crime and terrorism, that there must be set out in law:

"ex-antereview, oversight, individuals' rights and security and protection of retained data"

And that there must be a requirement that the data:

"concerned should be retained within the European Union."

Thus personal data cannot be transferred to a third state (eg: the USA).

The court said:

"in the light of the Charter of Fundamental Rights, must be interpreted as precluding national legislation that "governs the protection and security of traffic and location data and, in particular, access of the competent national authorities to the retained data, where the objective pursued by that access, in the context of fighting crime, is not restricted solely to fighting serious crime, where access is not subject to prior review by a court or an independent administrative authority, and where there is no requirement that the data concerned should be retained within the European Union".

Scope of access

The Council Presidency invites Member states to:

"to exchange views on these questions with a particular focus on the impact of the access criteria/conditions on the operational capabilities of law enforcement authorities (LEAs), including existing investigatory methods/techniques and to provide concrete examples where possible, in this respect....

Regarding the scope of access to retained communications data in terms of the purposes for which data are used and processed, paragraph 115 of the Tele2 ruling states that, in relation to the (exhaustive) list of objectives set out in the first sentence of Article 15(1) of Directive 2002/58, "it follows that, in the area of prevention, investigation, detection and prosecution of criminal offences, only the objective of fighting serious crime is capable of justifying such access to the retained data." [emphasis in original]

Persons whose data can be accessed

"as a general rule, be granted, in relation to the objective of fighting crime, only to the data of individuals suspected of planning, committing or having committed a serious crime or of being implicated in one way or another in such a crime [..]. However, in particular situations, where for example vital national security, defence or public security interests are threatened by terrorist activities, access to the data of other persons might also be granted where there is objective evidence from which it can be deduced that that data might, in a specific case make an effective contribution to combating such activities." [emphasis in original]

Conditions for access

"Regarding conditions relating to access, paragraph 118 of the Tele2 ruling states: national legislation must also lay down substantive and procedural conditions governing the access of the competent national authorities to the retained data". These conditions include ex-ante review, oversight, individuals' rights and security and protection of retained data (see paragraphs 120 to 123 of Tele2)." [emphasis in original]

The Presidency Note poses a number of questions to Member States and law enforcement agencies, including:

"Does your legislation require service providers to retain data within the European Union?"

Will the EU and its Member States ever comply with the law?

In 2014: "Digital Rights Ireland and Seitlinger and others": The Court of Justice declared the Data Retention Directive to be invalid (Press release, pdf) and Judgment (pdf).

Tony Bunyan, Statewatch Director, comments:

"Despite the 2014 Digital Rights Ireland judgment the Council, the Commission and Member States have simply carried on ignoring the ECJ's verdict that the Data Retention Directive has been unlawful since it was adopted in 2006. In 2016 the "Tele 2 and Watson" judgment came to the same conclusions. For how long will they be allowed to flout the rule of law?"

See: In December 2016: Watson/Tele2 Sverige AB case: The Members States may not impose a general obligation to retain data on providers of electronic communications services (Press release, pdf) and Full-text of CJEU judgment (pdf)

See also: Council calls in the "experts" to try and get round the law (Statewatch)

Search our database for more articles and information or subscribe to our mailing list for regular updates from Statewatch News Online.

 

Spotted an error? If you've spotted a problem with this page, just click once to let us know.

Report error