24
CENTRUM FÖR RÄTTVISA v. SWEDEN JUDGMENT
Article 1 - Subject matter and scope
“1. This Directive aims to harmonise Member States’ provisions concerning the
obligations of the providers of publicly available electronic communications services
or of public communications networks with respect to the retention of certain data
which are generated or processed by them, in order to ensure that the data are
available for the purpose of the investigation, detection and prosecution of serious
crime, as defined by each Member State in its national law.
2. This Directive shall apply to traffic and location data on both legal entities and
natural persons and to the related data necessary to identify the subscriber or
registered user. It shall not apply to the content of electronic communications,
including information consulted using an electronic communications network.”
Article 3 – Obligation to retain data
“1. By way of derogation from Articles 5, 6 and 9 of Directive 2002/58/EC,
Member States shall adopt measures to ensure that the data specified in Article 5 of
this Directive are retained in accordance with the provisions thereof, to the extent that
those data are generated or processed by providers of publicly available electronic
communications services or of a public communications network within their
jurisdiction in the process of supplying the communications services concerned.
...”
3. Case-law of the Court of Justice of the European Union (CJEU) on
data protection
79. In Digital Rights Ireland v Minister for Communications & Others,
(cases C-293/12 and C-594/12, judgment of 8 April 2014), the CJEU
declared invalid Directive 2006/24/EC. The CJEU noted that, even though
the directive did not permit the retention of the content of the
communication, the traffic and location data covered by it might allow very
precise conclusions to be drawn concerning the private lives of the persons
whose data had been retained. Accordingly, the obligation on providers of
publicly available electronic communications services or of public
communications networks to retain those data and the access of the national
authorities to the data constituted an interference with the right to respect for
private life and communications and the right to protection of personal data
guaranteed by Articles 7 and 8 of the Charter of Fundamental Rights. While
the interference satisfied an objective of general interest, namely to
contribute to the fight against serious crime and terrorism and thus,
ultimately, to public security, it failed to satisfy the requirement of
proportionality. The protection of the fundamental right to respect for
private life required, according to the court’s settled case-law, that
derogations and limitations in relation to the protection of personal data
could apply only in so far as was strictly necessary. The directive covered,
however, in a generalised manner, all persons and all means of electronic
communication as well as all communications data without any
differentiation, limitation or exception being made in the light of the