CURIA - Documents
57 of 58
http://curia.europa.eu/juris/document/document_print.jsf?docid=2320...
of traffic and location data which is limited, on the basis of objective and nondiscriminatory factors, according to the categories of persons concerned or using a
geographical criterion, for a period that is limited in time to what is strictly
necessary, but which may be extended;
–
provide, for the purposes of safeguarding national security, combating serious
crime and preventing serious threats to public security, for the general and
indiscriminate retention of IP addresses assigned to the source of an Internet
connection for a period that is limited in time to what is strictly necessary;
–
provide, for the purposes of safeguarding national security, combating crime and
safeguarding public security, for the general and indiscriminate retention of data
relating to the civil identity of users of electronic communications systems;
–
allow, for the purposes of combating serious crime and, a fortiori, safeguarding
national security, recourse to an instruction requiring providers of electronic
communications services, by means of a decision of the competent authority that is
subject to effective judicial review, to undertake, for a specified period of time, the
expedited retention of traffic and location data in the possession of those service
providers,
provided that those measures ensure, by means of clear and precise rules, that the
retention of data at issue is subject to compliance with the applicable substantive and
procedural conditions and that the persons concerned have effective safeguards against
the risks of abuse.
2.
3.
Article 15(1) of Directive 2002/58, as amended by Directive 2009/136, read in the light of
Articles 7, 8 and 11 and Article 52(1) of the Charter of Fundamental Rights, must be
interpreted as not precluding national rules which requires providers of electronic
communications services to have recourse, first, to the automated analysis and real-time
collection, inter alia, of traffic and location data and, second, to the real-time collection
of technical data concerning the location of the terminal equipment used, where:
–
recourse to automated analysis is limited to situations in which a Member State is
facing a serious threat to national security which is shown to be genuine and
present or foreseeable, and where recourse to such analysis may be the subject of
an effective review, either by a court or by an independent administrative body
whose decision is binding, the aim of that review being to verify that a situation
justifying that measure exists and that the conditions and safeguards that must be
laid down are observed; and where
–
recourse to the real-time collection of traffic and location data is limited to persons
in respect of whom there is a valid reason to suspect that they are involved in one
way or another in terrorist activities and is subject to a prior review carried out
either by a court or by an independent administrative body whose decision is
binding in order to ensure that such real-time collection is authorised only within
the limits of what is strictly necessary. In cases of duly justified urgency, the review
must take place within a short time.
Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on
certain legal aspects of information society services, in particular electronic commerce,
in the Internal Market (‘Directive on electronic commerce’), must be interpreted as not
being applicable in the field of the protection of the confidentiality of communications
and of natural persons as regards the processing of personal data in the context of
information society services, such protection being governed by Directive 2002/58, as
amended by Directive 2009/136, or by Regulation (EU) 2016/679 of the European
2/15/2021, 4:58 PM