20
CENTRUM FÖR RÄTTVISA v. SWEDEN JUDGMENT
b. if safeguards, which can in particular result from contractual clauses, are
provided by the controller responsible for the transfer and are found adequate by
the competent authorities according to domestic law.”
2. Recommendation of the Committee of Ministers on the protection of
personal data in the area of telecommunication services
68. Recommendation No. R (95) 4 of the Committee of Ministers on the
protection of personal data in the area of telecommunication services, with
particular reference to telephone services, adopted on 7 February 1995,
reads, inter alia, as follows:
“2.4. Interference by public authorities with the content of a communication,
including the use of listening or tapping devices or other means of surveillance or
interception of communications, must be carried out only when this is provided for by
law and constitutes a necessary measure in a democratic society in the interests of:
a. protecting state security, public safety, the monetary interests of the state or
the suppression of criminal offences;
b. protecting the data subject or the rights and freedoms of others.
2.5. In the case of interference by public authorities with the content of a
communication, domestic law should regulate:
a. the exercise of the data subject’s rights of access and rectification;
b. in what circumstances the responsible public authorities are entitled to
refuse to provide information to the person concerned, or delay providing it;
c. storage or destruction of such data.
If a network operator or service provider is instructed by a public authority to effect
an interference, the data so collected should be communicated only to the body
designated in the authorisation for that interference.”
3. Report of the Venice Commission
69. In December 2015 the European Commission for Democracy
through Law – “the Venice Commission” – published its “Report on the
Democratic Oversight of Signals Intelligence Agencies”. The Commission
noted, at the outset, the value that bulk interception could have for security
operations, since it enabled the security services to adopt a proactive
approach, looking for hitherto unknown dangers rather than investigating
known ones. However, it also noted that intercepting bulk data in
transmission, or requirements that telecommunications companies store and
then provide telecommunications content data or metadata to
law-enforcement or security agencies involved an interference with the
privacy and other human rights of a large proportion of the population of the
world. In this regard, the Venice Commission considered that the main
interference with privacy occurred when stored personal data was accessed
and/or processed by the agencies. For this reason, the computer analysis