A.
Intercepting communications data is as intrusive as intercepting
content
129.
As an initial matter, the s8(4) Regime involves the interception of both
communications and communications data. The Government contends
that, “[i]ntercepting communications is in general more intrusive than
obtaining communications data” and that this proposition “is as true for
aggregated sets of information as for individual items of information”
(Observations, §§4.29-4.31).
130.
The Government’s Observations fail to reflect the intrusiveness of initially
intercepting, extracting, filtering, storing, analysing and disseminating
communications data. In Digital Rights Ireland the Advocate General
correctly recognised that the collection and use of communications data
makes it possible “to create a both faithful and exhaustive map of a large
portion of a person’s conduct strictly forming part of his private life, or even
a complete and accurate picture of his private identity” (§§72-74). In its
subsequent judgment, the CJEU observed that: “data, taken as a whole,
may allow very precise conclusions to be drawn concerning the private lives
of the persons whose data has been retained, such as the habits of everyday
life, permanent or temporary places of residence, daily or other movements,
the activities carried out, the social relationships of those persons and the
social environments frequented by them” (§27).
131.
More recently, in Tele2 Sverige and Watson the Advocate General
“emphasise[d] that the risks associated with access to communications data
(or ‘metadata’) may be as great or even greater than those arising from
access to the content of communications” (§259). The Advocate General
provided examples of hypothetical situations which demonstrate that,
52