32
ROMAN ZAKHAROV v. RUSSIA JUDGMENT
2. Law enforcement agencies require a real-time, fulltime monitoring capability for
the interception of telecommunications. Call associated data should also be provided
in real-time. If call associated data cannot be made available in real time, law
enforcement agencies require the data to be available as soon as possible upon call
termination.
3. Law enforcement agencies require network operators/service providers to
provide one or several interfaces from which the intercepted communications can be
transmitted to the law enforcement monitoring facility. These interfaces have to be
commonly agreed on by the interception authorities and the network operators/service
providers. Other issues associated with these interfaces will be handled according to
accepted practices in individual countries.
...
5. Law enforcement agencies require the interception to be designed and
implemented to preclude unauthorized or improper use and to safeguard the
information related to the interception.
...
5.2. Law enforcement agencies require network operators/service providers to
ensure that intercepted communications are only transmitted to the monitoring agency
specified in the interception authorization.
...”
146. The above requirements were confirmed and expounded in Council
Resolution No. 9194/01 of 20 June 2001 on law enforcement operational
needs with respect to public telecommunication networks and services.
147. The judgment the Court of Justice of the European Union (CJEU)
of 8 April 2014 in the joined cases of Digital Rights Ireland and Seitinger
and Others (C-293/12 and C-594/12, EU:C:2014:238) declared invalid the
Data Retention Directive 2006/24/EC laying down the obligation on the
providers of publicly available electronic communication services or of
public communications networks to retain all traffic and location data for
periods from six months to two years, in order to ensure that the data were
available for the purpose of the investigation, detection and prosecution of
serious crime, as defined by each member State in its national law. The
CJEU noted that, even though the Directive did not permit the retention of
the content of the communication, the traffic and location data covered by it
might allow very precise conclusions to be drawn concerning the private
lives of the persons whose data had been retained. Accordingly, the
obligation to retain those data constituted in itself an interference with the
right to respect for private life and communications guaranteed by Article 7
of the Charter of Fundamental Rights of the European Union and the right
to protection of personal data under its Article 8. Furthermore, the access of
the competent national authorities to the data constituted a further
interference with those fundamental rights. The CJEU further held that the
interference was particularly serious. The fact that data were retained and
subsequently used without the subscriber or registered user being informed