190.
The Court repeated these principles in Szabó. The Court explained that,
“in this field, control by an independent body, normally a judge with
special expertise, should be the rule and substitute solutions the exception,
warranting close scrutiny” (§77). In particular, “supervision by a politically
responsible member of the executive, such as the Minister of Justice, does
not provide the necessary guarantees” (§77). Independent, “preferably
judicial,” review “reinforce[s] citizens’ trust that guarantees of the rule of
law are at work even in this sensitive field and by providing redress for any
abuse sustained” (§79).
191.
In his concurring opinion in Szabó, Judge Pinto De Albuquerque
commented that in view of “the enlarged consensus in international
law…and the gravity of the present-day dangers to citizens’ privacy the rule
of law and democracy, the time has come not to dispense with the
fundamental guarantee of judicial authorisation and review in the field of
covert surveillance gathering” (§OI-23).
192.
In addition:
(1)
In Digital Rights Ireland the Grand Chamber of the CJEU
concluded that the 2006 Data Retention Directive (“Directive
2006/24”), which required communications service providers to
retain customer communications data in bulk for up to two years for
the sake of preventing and detecting serious crime, breached the
rights to privacy and data protection under Articles 7 and 8
respectively of the EU Charter of Fundamental Rights.115 The
The Government argues that Digital Rights Ireland is irrelevant to this case because “the
CJEU was…not concerned with a national regime or any provision governing access to, or use of,
retained data by national law enforcement authorities” (Observations, §4.20). The Government is
wrong. In Tele2 Sverige AB and Tom Watson & Others (C-698/15) the Advocate General stressed
that, “the criteria identified by the Court in Digital Rights Ireland are relevant in the assessment
of the national regimes at issue in the present cases” (para 191). Indeed, he observed that “all the
safeguards described by the Court in paragraphs 60 to 68 of Digital Rights Ireland must be
regarded as mandatory” (para 222). Accordingly, it is appropriate to consider those mandatory
requirements when assessing bulk interception regimes, such as the s8(4) Regime. Moreover, the
Applicants note that this Court expressly referred to the Digital Rights Ireland judgment in
115
75