Judgment Approved by the court for handing down.
100.
Davis & Ors v SSHD
In paragraph 68 of its decision in Digital Rights Ireland, the court referred to the lack
of proper control in that the Directive did not require the data to be retained within the
EU. It is obviously important that EU Member States should pass on information
which materially assists in dealing with serious crime or terrorism. Equally, such
exchange of information should be available to friendly powers outside the EU. But
there is a requirement that any provision of information outside the EU should require
the Member State supplying it to be satisfied that safeguards which correspond to
those required by EU law are in force. It would to say the least be unfortunate if a
failure by the UK to comply with EU law as set out by the court should inhibit other
Member States from disclosing material information. We do not consider, however,
that on a proper interpretation of Digital Rights Ireland it is necessary for restrictions
on passing on information about communications data outside the EU to be embodied
in statute.
Reference to the CJEU
101.
In the course of the hearing before us on 4 and 5 June 2015 we asked leading counsel
on each side whether their clients were asking us to refer the present case to the CJEU
and received negative replies. But on 22 June we received from the solicitor for Mr
Davis and Mr Watson a copy of a reference by the Stockholm Administrative Court of
Appeals to the CJEU lodged on 4th May 2015 (case C/203/2015) in the case Tele2
Sverige AB of the following questions:“Is a general obligation to retain traffic data covering all
persons, all means of electronic communication and all traffic
data without any distinctions, limitations or exceptions for the
purpose of combating crime compatible with Article 15(1) of
Directive 2002/58/EC [the E-Privacy Directive] taking account
of Articles 7, 8 and 15(1) of the Charter?
If the answer to question 1 is in the negative, may retention
nevertheless be permitted where access by the national
authorities to the retained data is determined as described
below; security requirements are regulated as described below;
and all relevant data are to be retained for six months … and
subsequently deleted…..?”
102.
The court was considering the provisions of three Swedish statutes: they have some
similarities to DRIPA but are by no means identical to it.
103.
It appears that the Stockholm court making the reference took the view, as we do, that
the judgment of the CJEU in Digital Rights Ireland does not prohibit the retention of
traffic data provided that the requirements of the e-Privacy Directive are met and
there is otherwise no infringement of EU law. However, the referring court noted that
the parties had differing views as to how the judgment of the CJEU was to be
interpreted and wished “to have a clear answer to the question whether the EU court
of justice carried out a weighted assessment in that judgment of the scope of retention
and the provisions governing data access, period of retention and security”.
104.
On 23 June 2015 the Treasury Solicitor sent a letter to us, subsequently developed by
way of skeleton argument, requesting a reference to the CJEU. The claimants,