Lorna Woods, Professor of Internet Law, University of Essex
Introduction
This week’s CJEU judgment in Case C-207/16 Ministerio Fiscal is part of the jurisprudence on the ePrivacy Directive, specifically Article 15 which broadly allows Member States to permit intrusions into the confidentiality of communications for certain specified reasons. Article 15 is part of the legal framework for the mass retention of communications data from Digital Rights Ireland (Case C-293/12 and 594/12), EU:C:2014:238) (“DRI”) on and in which the Court has affirmed that retention schemes could be justified only in the case of “serious crime” (Tele2/Watson (Joined Cases C-203/15 and C-698/15), ECLI:EU:C:2016:970). This left the question of what “serious crime” might be, and whether there would be EU law standards circumscribing the scope of this term. It is this question that the reference here seeks to address, though it should be noted that the facts in issue were very different from those in the earlier cases.
Facts
The reference arose in the context of a police investigation relating to the theft of a wallet and a mobile phone. The police wished to identify the new phone number associated with the stolen phone, as well as the details of persons associated with that new number. However, Spanish law required that – to access such information – the police must be investigating a serious crime and the domestic courts here found that the facts giving rise to the investigation did not constitute a serious crime according to Spanish law. The reference to “serious crime” can be found in the Court’s case law in DRI, which – considering the right to private life and to data protection in Article 7 and 8 of the EU Charter of Fundamental Rights, set that as a minimum threshold for the retention of communications data en masse by telecommunications operators.
The national court referred a question on the meaning of Article 15(1) of the ePrivacy Directive (Directive 2002/58/EC, as amended) in the light of this jurisprudence. Article 15 allows Member States to restrict some of the rights granted by the ePrivacy Directive in the interests of, inter alia, the prevention, investigation, detection and prosecution of criminal offences. The national court asked whether the use of length of sentence available for a crime can be used to determine whether ‘it is also necessary to identify in the criminal conduct particular levels of harm to individual and/or legally protected interests’? If length of sentence period alone suffices, is there a minimum in order to comply with the requirements of DRI?
No comments:
Post a Comment