i)
the exercise of a legal power by the government of a Member State to require
telecommunications operators to transfer data in order to protect national
security (i.e. acquisition) is an activity of the State not within the scope of
Union law;
ii)
on the same basis, the activity of the State in making use of such transferred
data for the purpose of protecting national security (i.e. use) must also fall
outside Union law;
iii)
the activities of commercial undertakings in processing and transferring data
for such purposes, as required by national law, (i.e. transfer) must also fall
outside the scope of Union law.
Those issues are determined not by analysing whether under the provisions of
the DPD and EPD the activity in question constitutes data processing, but
whether in substance and effect the purpose of such activity is to advance an
“essential State function” (Article 4(2) TEU), in this case the protection of
national security, through “a framework established by the public authorities
that relates to public security” (paragraph 56 of Parliament v Council set out
in paragraph 22(i) above).
44.
But for what the Grand Chamber said in Watson, it would appear to us that
the answer may lie in the conundrum which the Court addressed by preferring
Article 15 of the EPD over Article 1(3), though without reference to Article 4
TEU. If in fact it were on the contrary rather to be Article 1(3) which is not to
be permitted to be ‘deprived of any purpose’, and is to be enforced and
applied, as opposed to Article 15, then there can be, and perhaps should be,
another approach to Article 15:
Page 41