CURIA - Documents
32 of 58
http://curia.europa.eu/juris/document/document_print.jsf?docid=2320...
France), since that question arises in a context characterised by serious and persistent threats to
national security, it should also be assessed in the light of Article 4(2) TEU. The Cour
constitutionnelle (Constitutional Court, Belgium), for its part, points out that the national legislation
at issue in Case C‑520/18 also implements positive obligations flowing from Articles 4 and 7 of the
Charter, consisting in the establishment of a legal framework for the effective prevention and
punishment of the sexual abuse of minors.
86
While both the Conseil d’État (Council of State, France) and the Cour constitutionnelle
(Constitutional Court, Belgium) start from the premiss that the respective national legislation at
issue in the main proceedings, which governs the retention of traffic and location data and access to
that data by national authorities for the purposes set out in Article 15(1) of Directive 2002/58, such
as safeguarding national security, falls within the scope of that directive, a number of parties to the
main proceedings and some of the Member States which submitted written observations to the
Court disagree on that point, particularly concerning the interpretation of Article 1(3) of that
directive. It is therefore necessary to examine, first of all, whether the legislation at issue falls
within the scope of that directive.
Scope of Directive 2002/58
87
La Quadrature du Net, the Fédération des fournisseurs d’accès à Internet associatifs, Igwan.net,
Privacy International and the Center for Democracy and Technology rely on the Court’s case-law
on the scope of Directive 2002/58 to argue, in essence, that both the retention of data and access to
retained data fall within that scope, whether that access takes place in non-real time or in real time.
Indeed, they contend that since the objective of safeguarding national security is expressly
mentioned in Article 15(1) of that directive, the pursuit of that objective does not render that
directive inapplicable. In their view, Article 4(2) TEU, mentioned by the referring courts, does not
affect that assessment.
88
As regards the intelligence measures implemented directly by the competent French authorities,
without regulating the activities of providers of electronic communications services by imposing
specific obligations on them, the Center for Democracy and Technology observes that those
measures necessarily fall within the scope of Directive 2002/58 and of the Charter, since they are
exceptions to the principle of confidentiality guaranteed in Article 5 of that directive. Those
measures must therefore comply with the requirements stemming from Article 15(1) of the
directive.
89
On the other hand, the Czech and Estonian Governments, Ireland, and the French, Cypriot,
Hungarian, Polish, Swedish and United Kingdom Governments submit, in essence, that Directive
2002/58 does not apply to national legislation such as that at issue in the main proceedings, since
the purpose of that legislation is to safeguard national security. The intelligence services’ activities,
in so far as they relate to the maintenance of public order and to the safeguarding of internal
security and territorial integrity, are part of the essential functions of the Member States and,
consequently, are within their exclusive competence, as evidenced, in particular, by the third
sentence of Article 4(2) TEU.
90
Those governments and Ireland also refer to Article 1(3) of Directive 2002/58, which excludes
from the scope of that directive, as the first indent of Article 3(2) of Directive 95/46 did in the past,
activities concerning public security, defence and State security. They rely in that regard on the
interpretation of the latter provision set out in the judgment of 30 May 2006, Parliament v Council
and Commission (C‑317/04 and C‑318/04, EU:C:2006:346).
91
In that regard, it should be stated that, under Article 1(1) thereof, Directive 2002/58 provides, inter
alia, for the harmonisation of the national provisions required to ensure an equivalent level of
protection of fundamental rights and freedoms, and in particular the right to privacy and
confidentiality, with respect to the processing of personal data in the electronic communications
2/15/2021, 4:58 PM