Consequently, this Directive does not affect the ability of Member States to carry out lawful
interception of electronic communications, or take other measures, if necessary for any of these
purposes and in accordance with the European Convention for the Protection of Human Rights
and Fundamental Freedoms, [signed in Rome on 4 November 1950], as interpreted by the rulings
of the European Court of Human Rights. Such measures must be appropriate, strictly
proportionate to the intended purpose and necessary within a democratic society and should be
subject to adequate safeguards in accordance with the European Convention for the Protection of
Human Rights and Fundamental Freedoms.
…
(22)
The prohibition of storage of communications and the related traffic data by persons other than
the users or without their consent is not intended to prohibit any automatic, intermediate and
transient storage of this information in so far as this takes place for the sole purpose of carrying
out the transmission in the electronic communications network and provided that the information
is not stored for any period longer than is necessary for the transmission and for traffic
management purposes, and that during the period of storage the confidentiality remains
guaranteed. Where this is necessary for making more efficient the onward transmission of any
publicly accessible information to other recipients of the service upon their request, this Directive
should not prevent such information from being further stored, provided that this information
would in any case be accessible to the public without restriction and that any data referring to the
individual subscribers or users requesting such information are erased.
…
(26)
The data relating to subscribers processed within electronic communications networks to
establish connections and to transmit information contain information on the private life of
natural persons and concern the right to respect for their correspondence or concern the
legitimate interests of legal persons. Such data may only be stored to the extent that is necessary
for the provision of the service for the purpose of billing and for interconnection payments, and
for a limited time. Any further processing of such data … may only be allowed if the subscriber
has agreed to this on the basis of accurate and full information given by the provider of the
publicly available electronic communications services about the types of further processing it
intends to perform and about the subscriber’s right not to give or to withdraw his/her consent to
such processing. Traffic data used for marketing communications services … should also be
erased or made anonymous ….
…
(30)
5
Systems for the provision of electronic communications networks and services should be
designed to limit the amount of personal data necessary to a strict minimum. …’
Article 1 of Directive 2002/58, entitled ‘Scope and aim’, provides:
‘1.
This Directive provides for the harmonisation of the national provisions required to ensure an
equivalent level of protection of fundamental rights and freedoms, and in particular the right to privacy
and confidentiality, with respect to the processing of personal data in the electronic communication
sector and to ensure the free movement of such data and of electronic communication equipment and
services in [the European Union].
2.
The provisions of this Directive particularise and complement [Directive 95/46] for the purposes
mentioned in paragraph 1. Moreover, they provide for protection of the legitimate interests of
subscribers who are legal persons.
3.
This Directive shall not apply to activities which fall outside the scope of [the TFEU], such as
those covered by Titles V and VI of the Treaty on European Union, and in any case to activities
concerning public security, defence, State security (including the economic well-being of the State
when the activities relate to State security matters) and the activities of the State in areas of criminal
law.’