side-area-logo

EU countries will have to justify their need to access personal communication data

EU countries will have to justify their need to access personal communication data

With their separate national legislation, EU countries, will no longer be able to combat crime by obligating the electronic communications operators to store all of the subscribers’ communication traffic and location data. It was decided by the EU Court of Justice (ECJ) when it ruled that all national legislation that in order to fight against crime foresees an obligation to generally without differentiation collect and store all of the mentioned data that is being transmitted by any electronic means of communication, is forbidden.

ECJ examined the situation when national Member States’ laws foresee an obligation relating to general and indiscriminate retention and storage of traffic and location data of all to all subscribers and registered users by means of any electronic communications device and by them obliging the providers of the electronic communications services without any exception to store such data.

ECJ noted that, although effectiveness of the fight against serious crime, in particular organized crime and terrorism, may depend to a great extent on the use of modern investigation techniques, such a general objective – fight against serious crime –  however fundamental it may be, cannot in itself justify that national legislation providing for the general and indiscriminate retention of all traffic and location data should be considered to be necessary for the purposes of that fight.

“This ECJ judgment is relevant to all EU Member States that under their current legislation have foreseen an obligation for the communication operators to store and in accordance with the laws without payment provide to the competent authorities their generated or processed data of all of their subscribers and their communication data.” –  notes law firm’s ECOVIS ProventusLaw attorney Loreta Andziulytė.

According to the ECJ judgement each countries’ national legislation must, first lay down clear and precise rules governing the scope and application of such data retention measure and imposing minimum safeguards so that the persons whose data has been retained have sufficient guarantees of the effective protection of their personal data against the risk of misuse.

According to the ECJ judgement each countries’ national legislation must, first lay down clear and precise rules governing the scope and application of such data retention measure and imposing minimum safeguards.

It is explained that data, which is required to be retained by the electronic communications services providers, helps to find and identify the source of the message and its addressee, the date of the transmission, time, duration and type, the used communication equipment, its location and the IP address in the case of using internet services. So, when taken as a whole from the data that the electronic communications service providers must store a very accurate conclusion can be made about the individuals, their private lives, for example their daily living habits, permanent or temporary residence, daily or other movement, activities, social contacts and visited social environment, whose data is being stored.

”We live in a rapidly changing world where every day a new type of threat arises, yet a decision for the sake of security to refuse privacy is very dangerous, this is why it is extremely important that the ECJ did not give up to the pressure from the Member States to grant them wide rights to collect peoples personal data, but set strict criterias when it is permitted to do so while founding a balance between the need for security and the human right to privacy” – comments the courts judgment law firm’s ECOVIS ProventusLaw attorney Loreta Andziulytė.

The court also noted that the authorities from the moment when the notification is no longer liable to jeopardise they investigation must inform the individuals that an access to their private information has been granted to them. This notification is, in fact, necessary so that the persons could later present a lawsuit.

”ECJ did not give up to the pressure from the Member States to grant them wide rights to collect peoples personal data, but set strict criterias when it is permitted to do so while founding a balance between the need for security and the human right to privacy” – comments the courts judgment law firm’s ECOVIS ProventusLaw attorney Loreta Andziulytė.

Legal uncertainty arose after back in April 2014 when an established in Sweden provider of electronic communications services Tele2 Sverige informed the Swedish Post and Telecommunications Supervisory Authority (PTS)   that, following the ruling of a April 2014 ECJ judgment where the court has declared that the Directive 2006/24 / EC “on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks” is invalid, it will no longer store therein mentioned electronic communications data and delete before this date keep data.

Tele2 Sverige disagreed with the Swedish Minister’s of Justice appointed special investigator’s report conclusion that the Swedish data storage national legislation is in compliance with European Union law and the European Convention on Human Rights.

PTS informed Tele2 Sverige that by not for six months saving data for crime combating purposes it does not to fulfill its national statutory obligations.

Tele2 Sverige disagreed with the statement that the Swedish data storage national legislation does not violate the fundamental rights guaranteed by the Charter.

Because of this refusal, a legal dispute arose.

Loreta Andziulytė