CURIA - Documents

9 of 58

http://curia.europa.eu/juris/document/document_print.jsf?docid=2320...

…
(22)

The prohibition of storage of communications and the related traffic data by persons other
than the users or without their consent is not intended to prohibit any automatic, intermediate
and transient storage of this information in so far as this takes place for the sole purpose of
carrying out the transmission in the electronic communications network and provided that the
information is not stored for any period longer than is necessary for the transmission and for
traffic management purposes, and that during the period of storage the confidentiality remains
guaranteed. …

…
(26)

The data relating to subscribers processed within electronic communications networks to
establish connections and to transmit information contain information on the private life of
natural persons and concern the right to respect for their correspondence or concern the
legitimate interests of legal persons. Such data may only be stored to the extent that is
necessary for the provision of the service for the purpose of billing and for interconnection
payments, and for a limited time. Any further processing of such data … may only be allowed
if the subscriber has agreed to this on the basis of accurate and full information given by the
provider of the publicly available electronic communications services about the types of
further processing it intends to perform and about the subscriber’s right not to give or to
withdraw his/her consent to such processing. Traffic data used for marketing communications
services … should also be erased or made anonymous …

…
(30)
15

Systems for the provision of electronic communications networks and services should be
designed to limit the amount of personal data necessary to a strict minimum. …’

Article 1 of Directive 2002/58, headed ‘Scope and aim’, provides:
‘1.
This Directive provides for the harmonisation of the national provisions required to ensure an
equivalent level of protection of fundamental rights and freedoms, and in particular the right to
privacy and confidentiality, with respect to the processing of personal data in the electronic
communication sector and to ensure the free movement of such data and of electronic
communication equipment and services in the [European Union].
2.
The provisions of this Directive particularise and complement Directive [95/46] for the
purposes mentioned in paragraph 1. Moreover, they provide for protection of the legitimate interests
of subscribers who are legal persons.
3.
This Directive shall not apply to activities which fall outside the scope of the [TFEU], such as
those covered by Titles V and VI of the Treaty on European Union, and in any case to activities
concerning public security, defence, State security (including the economic well-being of the State
when the activities relate to State security matters) and the activities of the State in areas of criminal
law.’

16

Article 2 of Directive 2002/58, headed ‘Definitions’, provides:
‘Save as otherwise provided, the definitions in Directive [95/46] and in Directive [2002/21] shall
apply.
The following definitions shall also apply:
(a)

“user” means any natural person using a publicly available electronic communications
service, for private or business purposes, without necessarily having subscribed to this

2/15/2021, 4:58 PM

Select target paragraph3