the access of the competent national authorities to the retained
data and the protection and level of security of that data.
125. Having regard to all of the foregoing, the answer to the
second question in Case C-203/15 and to the first question in
Case C-698/15 is that Article 15(1) of Directive 2002/58, read
in the light of Articles 7, 8 and 11 and Article 52(1) of the
Charter, must be interpreted as precluding national legislation
governing the protection and security of traffic and location
data and, in particular, access of the competent national
authorities to the retained data, where the objective pursued by
that access, in the context of fighting crime, is not restricted
solely to fighting serious crime, where access is not subject to
prior review by a court or an independent administrative
authority, and where there is no requirement that the data
concerned should be retained within the European Union.”
Scope
29.
The Respondents’ stance in this application starts from the relatively
uncontentious position that:
i)
As summarised in paragraphs 19 and 23 above, DRIPA was a different statute,
and related to the retention by providers of communications data beyond their
commercial needs, so as to be available for access by the SIAs. S.94 relates to
the supply of BCD to the SIAs via the providers, who do not thereafter retain
the data (beyond the period of their requirements), which is retained by the
State (the SIAs). The Judgment emphasises in paragraphs 70, 78-80 and 92
the obligations of the providers.
ii)
The judgment in Watson was addressing the targeted access of data in
criminal investigations. Paragraph 106 of the Watson judgment refers to and
adopts paragraph 59 of the DRI judgment, which emphasises as objectionable
the lack of any need for a specified relationship between the data sought and
any identified particular persons or group. This falls to be contrasted with the
Page 30