On 19th July 2016, Advocate General Øe Saugmandsgaard will present the Court of Justice of the European Union (CJEU) his opinion in the joined cases
C-203/15 and
C-698/15,Tele2 Sverige and Davis and Others. They concern the validity of national laws in Sweden and the UK for the retention of telecommunications data under EU law and the EU Charter of Fundamental Rights. This is a very relevant question, since the Court
invalidated the EU Data retention directive in 2014.
To see what is to be expected, it is helpful to know what happened at the oral hearing on 5th April 2016. Our legal trainee Antonia Latsch attended the hearing (which is public, but not streamed or recorded). She
live-tweeted from there, and has allowed me to re-publish her tweets in chronological order here. I have done minor editing to clean up the language, correct typos, etc. So here we go:
Court is in session
#dataretention #dripa
Judgement first, hearing about to start
#dataretention #CJEU
Hearing started. Johansson addressing question of what constitutes electronic processing of personal data
#dataretention
Tele2 Lawyer Johansson: Law needs to be proportional to what is strictly necessary for the concrete objectives
#tele2 #CJEU
Tele2: legislation needs to limit access of data, only to fight serious crimes & subject to ex ante court control
#dataretention
Tele2: Swedish data collection law is not limited to serious crimes, nor does it grant ex ante court control
#tele2 #dataretention
Watson/Davis Lawyer: The United Kingdom does not provide sufficient safeguards for personal data collection
#DRIPA #dataretention
Davis/Watson: Minimum safeguards need to be in place to protect personal data to prevent abuse
#dataretention #DRIPA
Davis: Court should give guidance to what necessary safeguards are, UK does not meet the safeguards
#dataretention
Davis: UK allows collection of data for purposes that are not in regards to suspected crimes, constitutes breach of Art. 51
#dataretention
Brice: authorization and purpose for what it is granted for are connected; intrusiveness needs to meet seriousness of crime
#dataretention
Brice: Authorization to access to data must me be granted by structural independent body
#dataretention
Brice: purpose of law is only in case of serious crimes. Domestic legislation goes way beyond, including tax purposes
#dataretention
Open Rights Group: Case is of global significance, challenging the courts position on personal data protection
#dataretention
ORG/Privacy International: states need to be able to prevent passing of data to states that don't comply with EU privacy law
#dataretention
PI: Art. 15 e-privacy directive is lex specialis, it does not allow for the individual to be completely stripped of their privacy rights
#dataretention
Law Society: Limitation by independent authorization for the kind of data that can be stored is missing
#dataretention
Sweden: general obligation to keep data can be proportional for very important measures
#dataretention
Sweden: not all access to general data needs to be directly related to a serious crime, but be strictly necessary
#dataretention
Sweden: investigations have shown that it is impossible to limit retention of data prior for measurements to be effective
#dataretention
Sweden: possibility of rapid decisions is necessary for effectiveness, therefore outside review is unpractical
#dataretention
UK: Law requires commercial service providers to keep the data, not authorities
#dataretention
UK: We cannot know in advance what data is necessary and valuable
#dataretention
UK: in matters concerning national security, member states must make assessments of what is necessary and proportionate
#dataretention
UK: objective requirements for necessity of the taken measurements are different from specific rules laid out by the court
#dataretention
UK: it should be up to national courts to check that specific requirements and set standards are met
#dataretention
Czech: important how domestic law allows access and safety of data, if safeguards are in place, it is not disproportionate
#dataretention
Czech: "We live in troubled times, do we really want to constrain the member states in this way?"
#dataretention
Denmark: data retention must be general to be effective as a crime fighting tool
#dataretention
Denmark: Rules on access to and retention of date go hand in hand and can not be separated
#dataretention
Denmark: proportionality test strikes the right balance, provided it gives clear and precise rules/guarantees of protection
#dataretention
Denmark: approach to data retention should be all or nothing
#dataretention
Denmark: no reason to assess these national measures more stringent than other national measures
#dataretention
Germany: active passing of data by private sector allows government access, this must be compatible with fundamental rights
#dataretention
Germany: objective safeguard criteria can be sufficient, therefore concrete implementation determines if law is proportionate
#dataretention
Antonia Latsch re-tweeted
@TetsuwanAstro:
Germany: Data protection guarantees should be assessed as a whole, access AND retention rules together
#dataprotection
Estonia: We consider it necessary in the fight against terrorism to collect data of all people
#dataretention
Estonia: Saving someone's life and effectively fighting crime is worth allowing government's intervention
#dataretention
Ireland: access of data is not directly governed by EU law
#dataretention
Ireland: court is providing guidance for interpretation of EU law to national courts
#dataretention
Ireland: member states must be given discretion on how to provide proportional measures
#dataretention
Ireland: access of data is not directly governed by EU law
#dataretention
Antonia Latsch re-tweeted
@JanAlbrecht
Jan Philipp Albrecht quoted Antonia Latsch:
Rubbish. The ePrivacy Directive regulates use of personal telecom data, therefore governed by EU law.
#dataretention
Ireland: access of data is not directly governed by EU law #dataretention
Ireland: Diversity of different member states needs to be respected by the court
#dataretention
Spain: The burden that data retention puts on the internal market and private actors should not be underestimate
#dataretention
Spain: The upholding of fundamental rights must be the upper limit to granted discretion
#dataretention
Spain: General data retention cannot be seen as an indispensable measure taken by all means
#dataretention
France: Data can be used for prosecution as well for proof of innocence. It is impossible to know in advance what is needed.
#dataretention
France: French government finds the retention period of 1 year for data absolutely necessary to combat crime and terrorism
#dataretention
European Commission: Interference must be proportional as well as respect the essence of the interfered right
#dataretention
Finland: Connection between retention and use means that retention can only be justified if the later use is also justified
#dataretention
Finland: Practical reasons necessitate a system of universal retention of data that can be compensated by limitation
#dataretention
European Commission: procedural safeguards in their entirety need to be assessed to their efficiency
#dataretention
after questioned by Judge Rapporteur von Danwitz, Tele2: about 10.000 data request have been made to tele2. No overall statistic available
#dataretention
von Danwitz to UK: Does DRIPA enable public authority to collect data from persons outside of the UK?
#dataretention
UK: Scope of data retention of DRIPA applies to all data generated and processed in the UK
#dataretention
v. Danwitz:"how far are we taking this logic that we don't know who will be a criminal tomorrow and therefore need all data?"
#dataretention
v. Danwitz: "Isn't there always something more effective and also more intrusive? Where do we stop?"
#dataretention
Advoc. General Saugmandsgaard to UK: can you be more precise to when general retention is indispensable?
#dataretention
UK: retention of general data is vital to prevent terrorism and preventing crime but also for protecting people in general
#dataretention
Advoc. General to Tele2: Are Swedish authority demanding you to secure data you would otherwise not acquire?
#dataretention
Tele2: No, its data that is there, but would not be kept and deleted at once.
#dataretention
Advoc. General to Sweden: Is there information about the misuse of this data retention?
#dataretention
Germany: data retention is not useful if limited to specific geographical locations
#dataretention
Sweden: The chancellor of the data protection agency must be informed of mistakes; here ex-post control is more efficient
#dataretention
Tele2: All retention of data carries a risk of misuse, member states should look closely at what is stored and for how long
#dataretention
Davis: Case regards the lack of safeguards. Access to data takes place in secret; high demands cannot be monitored adequately
#dataretention
Davis: Although individuals can, it's unlikely they will bring a complaint if they don't know their information was accessed
#dataretention
Sweden: if data retention is to be an effective measure in fighting crime it needs to be general by nature
#dataretention
Session is closed. Advocate General opinion will be delivered on the 19th of July 2016.
#dataretentionLabels: courts, dataretention, ECJ, EU, Sweden, UK