CJEU - C-162/22 - Lietuvos Respublikos generalinė prokuratūra
CJEU - C-162/22 Lietuvos Respublikos generalinė prokuratūra | |
---|---|
Court: | CJEU |
Jurisdiction: | European Union |
Relevant Law: | Article 15 Directive 2002/58 Article 5 Directive 2002/58 Article 6 Directive 2002/58 Article 9 Directive 2002/58 |
Decided: | 07.09.2023 |
Parties: | |
Case Number/Name: | C-162/22 Lietuvos Respublikos generalinė prokuratūra |
European Case Law Identifier: | ECLI:EU:C:2023:631 |
Reference from: | |
Language: | 24 EU Languages |
Original Source: | Judgement |
Initial Contributor: | elu |
The CJEU held that under the E-Privacy Directive data provided to authorities by electronic communications providers for the purpose of combating serious crime cannot be used to investigate mere disciplinary offenses.
English Summary
Facts
The Lithuanian Prosecutor General´s Office investigated one of its public prosecutors, who was found responsible of misconduct in its office. The research into the public prosecutor´s misconduct was authorised by a court order, allowing for the interception and recording of data transmitted over electronic communication.
Following these findings, the Prosecutor General´s Office dismissed the public prosecutor from office.
The public prosecutor contested the decision before the Regional Administrative Court (Vilniaus apygardos administracinis teisma), which dismissed the claim due to the lawfulness of the criminal intelligence operations and process behind the data gathered.
The controller then appealed the case to the Supreme Administrative Court (Lietuvos vyriausiasis administracinis teisma), as he alleged that the access by intelligence bodies to traffic data and actual content of electronic communications was such a serious interference with fundamental rights that access could only be granted to combat serious crime.
The Supreme Administrative Court considered it apparent that Article 15(1) Directive 2002/58, together with Article 3 thereof, extends the scope of that directive only to legislative measures requiring providers of electronic communications services to grant the competent national authorities access to data (as found in C-623/17 Privacy International).
Moreover, it follows from C-746/18 Prokuratuur, that only actions to combat serious crime and measures to prevent serious threats to public security are capable of justifying serious interference with Articles 7 and 8 EU Charter of Fundamental Rights (hereinafter: the Charter).
However, the CJEU did not yet rule on the impact of the subsequent use of the data concerned on the interference with fundamental rights. The Supreme Administrative Court doubted whether such subsequent use constituted a serious interference with Articles 7 and 8 of the Charter, and whether such use is justifiable only for the purposes of combating serious crime and preventing serious threats to public security.
Thus, the Supreme Administrative Court of Lithuania referred to the CJEU the following preliminary question:
- Whether Article 15(1) Directive 2002/58 precludes the use, in connection with investigations into corruption-related misconduct in office, of personal data relating to electronic communications retained, pursuant to an authorised order, by providers of electronic communications services and subsequently made available to the competent authorities to combat serious crime?
Holding
The CJEU pointed out that the referring court only questions the subsequent use of personal data retained by electronic communication providers on the basis of Article 15(1) Directive 2002/58.
Thus, the data to be considered in this preliminary ruling decision is the data retained on the basis of Article 65(2) of Lithuanian Law on Electronic Communications, which, together with Annex I, requires electronic service providers to retain, generally and indiscriminately, traffic and location data relating to such communications for the purpose of combating serious crime.
The CJEU considered that the subsequent use of traffic and location data relating to electronic communications, to combat serious crime, is only possible on two conditions:
- retention of those data by providers of electronic communications services must be consistent with Article 15(1) Directive 2002/58; and
- access to those data granted to the competent authorities must be itself consistent with that provision.
In C-793/19 SpaceNet and Telekom Deutschland, legislation allowing the pre-emptive retention of traffic and location data was considered not in line with EU law. However, legislation allowing for data retention under strict requirements to combat serous crime and prevent serious threats to public security was allowed under Directive 2002/58.
In light of these preliminary remarks, the CJEU started its analysis by stating that Article 15 Directive 2002/58 allows Member States to introduce exceptions to the obligations laid out in Article 5(1) Directive 2002/58 for the safeguard of national security, defence and public security, and the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system.
However, the CJEU considered that Article 15 Directive 2002/58 cannot expand excessively the exception to the principle of confidentiality and data storage present in Article 5 Directive 2002/58. Thus, the CJEU reiterated that the objectives listed in Article 15(1) Directive 2002/58 is exhaustive.
Once having established that no other objectives can be added to the ones laid out in Article 15 Directive 2002/58, the CJEU considered that there is a hierarchy behind the objectives according to their importance, which in turn needs to be balanced against the seriousness of the interference to an individual´s life it entails (C-140/20 Commissioner of An Garda Síochána and Others).
The objective of safeguarding national security exceeds in importance the other objectives of Article 15 Directive 2002/58 and, thus, can justify more serious interference with Article 7 and 8 of the Charter.
Differently, with regards to the objective of preventing, investigating, detecting and prosecuting criminal offenses, only actions to combat serious crime and serious threats to public security can justify a serious interference with Article 7 and 8 of the Charter.
Thus, deciding whether there is a justification to the limitations to Article 5, 6 and 9 Directive 2002/58 depends on the seriousness of the interference stemming from this limitation and on the importance of public interest objective pursued by that limitation in relation to its seriousness (C-511/18 La Quadrature du Net and Others).
This reasoning applies mutatis mutandis to the subsequent use of traffic of location data retained by providers of electronic communications services ex Article 15(1) Directive 2002/58.
In the case at hand, for the CJEU, the fact that the referring Supreme Administrative Court did not indicate any threat to public security in its documents, and that investigating a misconduct in office does not correspond to the objective of prosecuting and punishing criminal offenses, ex Article 15(1) Directive 2002/58, proves that investigations of misconduct in office does not fall within the category of combating serious crime.
Therefore, the CJEU found that Article 15(1) Directive 2002/58, read in the light of Articles 7, 8 and 11 and Article 52(1) of the Charter, does not allow the use, in connection with investigations into corruption-related misconduct in office, of personal data relating to electronic communications which have been retained by providers of electronic communications services and which have subsequently been made available to the competent authorities for the purpose of combating serious crime.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!