CJEU - Joined cases C 203/15 and C 698/15 - Tele2/Watson

From GDPRhub
Revision as of 22:34, 10 October 2021 by Tetyana (talk | contribs) (Created page with "{{CJEUdecisionBOX |Case_Number_Name=Joined cases C 203/15 and C 698/15 Tele2/Watson |ECLI=ECLI:EU:C:2016:970 |Opinion_Link= |Judgement_Link=https://curia.europa.eu/juris/doc...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
CJEU - Joined cases C 203/15 and C 698/15 Tele2/Watson
Cjeulogo.png
Court: CJEU
Jurisdiction: European Union
Relevant Law:
Article 15(1) Directive 2002/58/EC
Articles 7 and 8 and Article 52(1) the Charter of Fundamental Rights of the European Union
Section 1 the Data Retention and Investigatory Powers Act 2014
Lag (2012:278) om inhämtning av uppgifter om elektronisk kommunikation i de brottsbekämpande myndigheternas underrättelseverksamhet
Lag (2003:389) om elektronisk kommunikation
Decision joined cases C‑293/12 and C‑594/12
Decided: 21.12.2016
Parties: Tele2 Sverige AB
Post- och telestyrelsen
Secretary of State for the Home Department
Tom Watson
Peter Brice
Geoffrey Lewis
Case Number/Name: Joined cases C 203/15 and C 698/15 Tele2/Watson
European Case Law Identifier: ECLI:EU:C:2016:970
Reference from: the Kammarrätten i Stockholm (Administrative Court of Appeal, Stockholm, Sweden) and the Court of Appeal (England & Wales) (Civil Division) (United Kingdom)
Language: 24 EU Languages
Original Source: Judgement
Initial Contributor: Tetyana Porokhonko

The Court ruled that the national legislation that imposes general and indiscriminate data retention obligations on providers of electronic communications services is incompatible with the EU law and might be permitted only under certain circumstances.

English Summary

Facts

As result of the ECJ decision in Digital Rights Ireland case from 8 April 2014 (joined cases C‑293/12 and C‑594/12), two cases have been brought before national courts to addresses the issue of compatibility Swedish and UK national laws on data retention with Art.15(1) of Directive 2002/58/EC (ePrivacy Directive) and Art.7, 8 and Art.52(1) of the EU Charter of Fundamental Rights (the EU Charter).

(I) In case C 203/15, the provider of electronic communications services Tele2 Sverige informed Post-och telestyrelsen (PTS) that it should no longer comply with the national legislation requirements on data retention and keep data for the period of up to six months. Hence, as from 14 April 2014 the company would stop to retain electronic communications data and erase retained data prior to that date. The PTS disagreed with Tele2 conclusion and brought an action before the Stockholm Administrative Court. After the court dismissed the action, Tele2 appealed that judgment.

(II) In case C 698/15, Mr Watson, Mr Brice and Mr Lewis challenged Section 1(1) of the Data Retention and Investigatory Powers Act 2014 for compatibility with Art.7 and 8 of the Charter and Art.8 of the ECHR. The High Court of Justice of England and Wales found that the national data retention law is not compatible with EU laws. The the Secretary of State for the Home Department (United Kingdom of Great Britain and Northern Ireland) appealed the judgment.

Both the Swedish Administrative Court of Appeal and the Court of Appeal of England and Wales decided to submit requests to the ECJ for preliminary ruling on the following questions:

- whether Art.15(1) of ePrivacy Directive, taking account of Art. 7 and 8 and Art.52(1) of the EU Charter, must be interpreted as: 1) precluding national legislation such as that at issue in the main proceedings that provides, for the purpose of fighting crime, for general and indiscriminate retention of all traffic and location data of all subscribers and registered users with respect to all means of electronic communications. 2) precluding national legislation governing the protection and security of traffic and location data, and more particularly, the access of the competent national authorities to retained data, where that legislation does not restrict that access solely to the objective of fighting serious crime, where that access is not subject to prior review by a court or an independent administrative authority, and where there is no requirement that the data concerned should be retained within the EU.

- whether, in the Digital Rights judgment, the Court interpreted Art. 7 and/or 8 of the EU Charter in such a way as to expand the scope conferred on Art. 8 ECHR by the European Court of Human Rights.

Holding

On 21 December 2016 the ECJ delivered its judgment, in which the court concluded that Swedish and UK national data retention laws exceeded the limits of what is strictly necessary according to the EU legislation.

By its answer to the first question, the court first confirmed that the national laws on the retention of traffic and location data and access to such data by national authorities, for the purpose of combating crime, fell within the scope of EU law (para. 64).

Next, the court found that the obligations to retain of all traffic and location data of all subscribers and registered users relating to all means of electronic communication, and impose on providers of electronic communications services an obligation to retain that data systematically and continuously, with no exceptions, in order to make the data available to the competent national authorities, raised concerns about compatibility such requirements with privacy and data protection rights as well as right to freedom of expression (para. 92).

Lastly, the court ruled that Article 15 (1) of ePrivacy Directive, read in the light of Art. 7, 8 and 52 (1) of the Charter precludes national legislation which, for the purpose of fighting crime, provides for the general and indiscriminate retention of all traffic and location data of all subscribers and registered users relating to all means of electronic communication (para. 112).

By contrast, the court held that the EU legislation does not prevent a Member State from adopting a legislation permitting, as a preventive measure, the targeted retention of traffic and location data, for the purpose of fighting serious crime. In that context, the court specified that the retention must be limited to (1) the categories of data to be retained, (2) the means of communication affected, (3) the persons concerned and (4) the retention period adopted, to what is strictly necessary (para. 108).

To satisfy such requirements, the legislation must lay down clear and precise rules governing the scope and application of such a data retention measure and impose minimum safeguards to guaranty protection of personal data against misuse (para 109).

In addition, the court provided that in order to ensure that a data retention measure is limited to what is strictly necessary the retention of data must continue to meet objective criteria, that establish a connection between the data to be retained and the objective pursued. Moreover, the legislation must be based on objective evidence which makes it possible to identify a public whose data is likely to reveal a link, at least an indirect one, with serious criminal offences, and to contribute in one way or another to fighting serious crime or to preventing a serious risk to public security (para 110-111)

By its answer to the second question, the court ruled that the access of the competent national authorities to retained data (1) must be solely restrict to the objective of fighting serious crime, (2) must be subject to prior review by a court or an independent administrative authority and (3) the data must be retained within the EU and destroyed at end of the retention period.

Moreover, the competent national authorities must notify the persons affected, under the applicable national procedures, as soon as that notification was no longer liable to jeopardize the investigations being undertaken by those authorities (118-125).

The last question was declared inadmissible.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!