CURIA - Documents
51 of 58
http://curia.europa.eu/juris/document/document_print.jsf?docid=2320...
and safeguards that must be laid down are observed; and where
–
recourse to the real-time collection of traffic and location data is limited to persons in respect
of whom there is a valid reason to suspect that they are involved in one way or another in
terrorist activities and is subject to a prior review carried out either by a court or by an
independent administrative body whose decision is binding in order to ensure that such realtime collection is authorised only within the limits of what is strictly necessary. In cases of
duly justified urgency, the review must take place within a short time.
Question 2 in Case C‑512/18
193
By question 2 in Case C‑512/18, the referring court seeks, in essence, to ascertain whether the
provisions of Directive 2000/31, read in the light of Articles 6, 7, 8 and 11 and Article 52(1) of the
Charter, must be interpreted as precluding national legislation which requires providers of access to
online public communication services and hosting service providers to retain, generally and
indiscriminately, inter alia, personal data relating to those services.
194
While the referring court maintains that such services fall within the scope of Directive 2000/31
rather than within that of Directive 2002/58, it takes the view that Article 15(1) and (2) of Directive
2000/31, read in conjunction with Articles 12 and 14 of the same, does not, in itself, establish a
prohibition in principle on data relating to content creation being retained, which can be derogated
from only exceptionally. However, that court is uncertain whether that finding can be made given
that the fundamental rights enshrined in Articles 6, 7, 8 and 11 of the Charter must necessarily be
observed.
195
In addition, the referring court points out that its question is raised in reference to the obligation to
retain provided for in Article 6 of the LCEN, read in conjunction with Decree No 2011‑219. The
data that must be retained by the service providers concerned on that basis includes, inter alia, data
relating to the civil identity of persons who have used those services, such as their surname,
forename, their associated postal addresses, their associated email or account addresses, their
passwords and, where the subscription to the contract or account must be paid for, the type of
payment used, the payment reference, the amount and the date and time of the transaction.
196
Furthermore, the data that is the subject of the obligation to retain covers the identifiers of
subscribers, of connections and of terminal equipment used, the identifiers attributed to the content,
the dates and times of the start and end of the connections and operations as well as the types of
protocols used to connect to the service and transfer the content. Access to that data, which must be
retained for one year, may be requested in the context of criminal and civil proceedings, in order to
ensure compliance with the rules governing civil and criminal liability, and in the context of the
intelligence collection measures to which Article L. 851‑1 of the CSI applies.
197
In that regard, it should be noted that, in accordance with Article 1(2) of Directive 2000/31, that
directive approximates certain national provisions on information society services that are referred
to in Article 2(a) of that directive.
198
It is true that such services include those which are provided at a distance, by means of electronic
equipment for the processing and storage of data, at the individual request of a recipient of services,
and normally in return for remuneration, such as services providing access to the Internet or to a
communication network and hosting services (see, to that effect, judgments of 24 November 2011,
Scarlet Extended, C‑70/10, EU:C:2011:771, paragraph 40; of 16 February 2012, SABAM, C‑360/10,
EU:C:2012:85, paragraph 34; of 15 September 2016, Mc Fadden, C‑484/14, EU:C:2016:689,
paragraph 55; and of 7 August 2018, SNB-REACT, C‑521/17, EU:C:2018:639, paragraph 42 and the
case-law cited).
199
However, Article 1(5) of Directive 2000/31 provides that that directive is not to apply to questions
relating to information society services covered by Directives 95/46 and 97/66. In that regard, it is
2/15/2021, 4:58 PM