CURIA - Documents
26 of 58
http://curia.europa.eu/juris/document/document_print.jsf?docid=2320...
2002/58, read in the light of Articles 7, 8 and 47 of the Charter.
57
As regards, in particular, the pleas alleging infringement of Directive 2000/31, the referring court
states that the provisions of Article L. 851‑3 of the CSI require electronic communications operators
and technical service providers to ‘implement on their networks automated data processing
practices designed, within the parameters laid down in the authorisation, to detect links that might
constitute a terrorist threat’. That technique is intended only to facilitate the collection, for a limited
period and from all of the connection data processed by those operators and service providers, of
such data as might be related to a serious offence of this kind. In those circumstances, those
provisions, which do not impose a general obligation of active surveillance, do not, in the view of
the referring court, infringe Article 15 of Directive 2000/31.
58
As regards the pleas alleging infringement of Directive 2002/58, the referring court considers that
it follows, inter alia, from the provisions of that directive and from the judgment of 21 December
2016, Tele2 Sverige and Watson and Others (C‑203/15 and C‑698/15, EU:C:2016:970; ‘Tele2’), that
national provisions imposing obligations on providers of electronic communications services, such
as the general and indiscriminate retention of the traffic and location data of their users and
subscribers, for the purposes stated in Article 15(1) of that directive, which include safeguarding
national security, defence and public security, fall within the scope of that directive since those rules
govern the activity of those providers. That also applies to rules governing access to and use of data
by national authorities.
59
The referring court concludes from this that both the obligation to retain data resulting from
Article L. 851‑1 of the CSI and the access of the administrative authorities to that data, including
real-time access, provided for in Articles L. 851‑1, L. 851‑2 and L. 851‑4 of that code, fall within
the scope of Directive 2002/58. The same is true, according to that court, of the provisions of
Article L. 851‑3 of the CSI, which, although they do not impose a general retention obligation on
the operators concerned, do however require them to implement automated processing on their
networks that is intended to detect links that might constitute a terrorist threat.
60
On the other hand, the referring court takes the view that the scope of Directive 2002/58 does not
extend to the provisions of the CSI referred to in the applications for annulment which relate to
intelligence gathering techniques applied directly by the State, but do not regulate the activities of
providers of electronic communications services by imposing specific obligations on them.
Accordingly, those provisions cannot be regarded as implementing EU law, with the result that the
pleas alleging that they infringe Directive 2002/58 cannot validly be relied on.
61
Thus, with a view to settling the disputes concerning the lawfulness of Decrees No 2015‑1185,
No 2015‑1211, No 2015‑1639 and No 2016‑67 in the light of Directive 2002/58, in so far as they
were adopted to implement Articles L. 851‑1 to L. 851‑4 of the CSI, three questions on the
interpretation of EU law arise.
62
As regards the interpretation of Article 15(1) of Directive 2002/58, the referring court is uncertain,
in the first place, whether a general and indiscriminate retention obligation, imposed on providers of
electronic communications services on the basis of Articles L. 851‑1 and R. 851‑5 of the CSI, is to
be regarded in the light, inter alia, of the safeguards and checks to which the access of the
administrative authorities to and the use of connection data are subject, as interference justified by
the right to security guaranteed in Article 6 of the Charter and by the requirements of national
security, responsibility for which falls to the Member States alone pursuant to Article 4 TEU.
63
As regards, in the second place, the other obligations which may be imposed on providers of
electronic communications services, the referring court states that the provisions of Article L. 851‑2
of the CSI permit, for the sole purpose of preventing terrorism, the collection of the information or
documents referred to in Article L. 851‑1 of that code from the same persons. Such collection, in
relation solely to one or more individuals previously identified as potentially having links to a
2/15/2021, 4:58 PM