CURIA - Documents
42 of 58
http://curia.europa.eu/juris/document/document_print.jsf?docid=2320...
fortiori, safeguarding national security are capable of justifying – given their importance, in the
light of the positive obligations mentioned in the preceding paragraph to which the Cour
constitutionnelle (Constitutional Court, Belgium), referred, inter alia – the particularly serious
interference entailed by the targeted retention of traffic and location data.
147
Thus, as the Court has previously held, Article 15(1) of Directive 2002/58, read in the light of
Articles 7, 8 and 11 and Article 52(1) of the Charter, does not prevent a Member State from
adopting legislation permitting, as a preventive measure, the targeted retention of traffic and
location data for the purposes of combating serious crime, preventing serious threats to public
security and equally of safeguarding national security, provided that such retention is limited, with
respect to the categories of data to be retained, the means of communication affected, the persons
concerned and the retention period adopted, to what is strictly necessary (see, to that effect,
judgment of 21 December 2016, Tele2, C‑203/15 and C‑698/15, EU:C:2016:970, paragraph 108).
148
As regards the limits to which such a data retention measure must be subject, these may, in
particular, be determined according to the categories of persons concerned, since Article 15(1) of
Directive 2002/58 does not preclude legislation based on objective evidence which makes it
possible to target persons whose traffic and location data is likely to reveal a link, at least an
indirect one, with serious criminal offences, to contribute in one way or another to combating
serious crime or to preventing a serious risk to public security or a risk to national security (see, to
that effect, judgment of 21 December 2016, Tele2, C‑203/15 and C‑698/15, EU:C:2016:970,
paragraph 111).
149
In that regard, it must be made clear that the persons thus targeted may, in particular, be persons
who have been identified beforehand, in the course of the applicable national procedures and on the
basis of objective evidence, as posing a threat to public or national security in the Member State
concerned.
150
The limits on a measure providing for the retention of traffic and location data may also be set
using a geographical criterion where the competent national authorities consider, on the basis of
objective and non-discriminatory factors, that there exists, in one or more geographical areas, a
situation characterised by a high risk of preparation for or commission of serious criminal offences
(see, to that effect, judgment of 21 December 2016, Tele2, C‑203/15 and C‑698/15, EU:C:2016:970,
paragraph 111). Those areas may include places with a high incidence of serious crime, places that
are particularly vulnerable to the commission of serious criminal offences, such as places or
infrastructure which regularly receive a very high volume of visitors, or strategic locations, such as
airports, stations or tollbooth areas.
151
In order to ensure that the interference entailed by the targeted retention measures described in
paragraphs 147 to 150 of the present judgment complies with the principle of proportionality, their
duration must not exceed what is strictly necessary in the light of the objective pursued and the
circumstances justifying them, without prejudice to the possibility of extending those measures
should such retention continue to be necessary.
–
Legislative measures providing for the preventive retention of IP addresses and data relating
to civil identity for the purposes of combating crime and safeguarding public security
152
It should be noted that although IP addresses are part of traffic data, they are generated
independently of any particular communication and mainly serve to identify, through providers of
electronic communications services, the natural person who owns the terminal equipment from
which an Internet communication is made. Thus, in relation to email and Internet telephony,
provided that only the IP addresses of the source of the communication are retained and not the IP
addresses of the recipient of the communication, those addresses do not, as such, disclose any
information about third parties who were in contact with the person who made the communication.
That category of data is therefore less sensitive than other traffic data.
2/15/2021, 4:58 PM