Judgment Approved by the court for handing down.
Davis & Ors v SSHD
55.
In that regard, it should be noted that the protection of personal data resulting from the
explicit obligation laid down in Article 8(1) of the Charter is especially important for
the right to respect for private life enshrined in Article 7 of the Charter.
56.
Consequently, the EU legislation in question must lay down clear and precise rules
governing the scope and application of the measure in question and imposing
minimum safeguards so that the persons whose data have been retained have
sufficient guarantees to effectively protect their personal data against the risk of abuse
and against any unlawful access and use of that data (see, by analogy, as regards
Article 8 of the ECHR, Eur. Court H.R., Liberty and Others v. the United Kingdom, 1
July 2008, no. 58243/00, § 62 and 63; Rotaru v. Romania, § 57 to 59, and S. and
Marper v. the United Kingdom, § 99).
57.
The need for such safeguards is all the greater where, as laid down in Directive
2006/24, personal data are subjected to automatic processing and where there is a
significant risk of unlawful access to those data (see, by analogy, as regards Article 8
of the ECHR, S. and Marper v. the United Kingdom, § 103, and M. K. v. France, 18
April 2013, no. 19522/09, § 35).
58.
As for the question of whether the interference caused by Directive 2006/24 is limited
to what is strictly necessary, it should be observed that, in accordance with Article 3
read in conjunction with Article 5(1) of that directive, the directive requires the
retention of all traffic data concerning fixed telephony, mobile telephony, Internet
access, Internet e-mail and Internet telephony. It therefore applies to all means of
electronic communication, the use of which is very widespread and of growing
importance in people’s everyday lives. Furthermore, in accordance with Article 3 of
Directive 2006/24, the directive covers all subscribers and registered users. It
therefore entails an interference with the fundamental rights of practically the entire
European population.
59.
In this respect, it must be noted, first, that Directive 2006/24 covers, in a generalised
manner, all persons and all means of electronic communication as well as all traffic
data without any differentiation, limitation or exception being made in the light of the
objective of fighting against serious crime.
60.
Directive 2006/24 affects, in a comprehensive manner, all persons using electronic
communications services, but without the persons whose data are retained being, even
indirectly, in a situation which is liable to give rise to criminal prosecutions. It
therefore applies even to persons for whom there is no evidence capable of suggesting
that their conduct might have a link, even an indirect or remote one, with serious
crime. Furthermore, it does not provide for any exception, with the result that it
applies even to persons whose communications are subject, according to rules of
national law, to the obligation of professional secrecy.
61.
Moreover, whilst seeking to contribute to the fight against serious crime, Directive
2006/24 does not require any relationship between the data whose retention is
provided for and a threat to public security and, in particular, it is not restricted to a
retention in relation (i) to data pertaining to a particular time period and/or a particular
geographical zone and/or to a circle of particular persons likely to be involved, in one
way or another, in a serious crime, or (ii) to persons who could, for other reasons,