Judgment Approved by the court for handing down.
Davis & Ors v SSHD
to safeguard inter alia national security; defence; public security; and/or the
prevention, investigation, detection and prosecution of criminal offences.
20.
Chapter IV of the Directive set out principles governing the transfer of personal data
to third countries. By virtue of Article 25(1), such transfer could take place provided
the third country in question ensured an “adequate level of protection” as defined in
Article 25(2).
21.
Article 28 of the Data Protection Directive required each Member State to provide for
independent monitoring and oversight of the application within that Member State’s
territory of the provisions of the Directive.
Directive 97/66/EC
22.
The retention and use of communications data was first addressed at EU level by
Directive 97/66/EC of the European Parliament and of the Council of 15 December
1997 concerning the processing of personal data and the protection of privacy in the
telecommunications sector (“Directive 97/66/EC”).
23.
Article 1(3) of Directive 97/66/EC contained the same stipulation as Article 3(2) of
the Data Protection Directive to the effect that it did not apply to activities which fell
outside the scope of Community law, such as those provided for by Titles V and VI of
the EU Treaty, or in any case to activities concerning public security, defence, State
security or the activities of the State in areas of criminal law.
24.
Article 14 of Directive 97/66/EC reiterated Article 13(1) of the Data Protection
Directive in providing that Member States may adopt domestic legislative measures to
restrict the rights laid down in the Directive where necessary inter alia to safeguard
national security, defence, public security or the prevention, investigation, detection
and prosecution of criminal offences.
The e-Privacy Directive
25.
Directive 97/66/EC was repealed and replaced by Directive 2002/58/EC of the
European Parliament and of the Council of 12 July 2002 concerning the processing of
personal data and the protection of privacy in the electronic communications sector
(“the e-Privacy Directive”).
26.
Again, Article 1(3) of the e-Privacy Directive provided that it did not apply to
activities which fell outside the scope of Community law, or in any case to activities
concerning public security etc. Following the pattern of the Data Protection Directive
and Directive 97/66/EC, Article 15(1) authorised Member States to adopt domestic
legislation to restrict the rights and obligations contained in the Directive, in the
following terms:
“Application of certain provisions of Directive 95/46/EC
Member States may adopt legislative measures to restrict the
scope of the rights and obligations provided for in Article 5,
Article 6, Article 8(1), (2), (3) and (4), and Article 9 of this
Directive when such restriction constitutes a necessary,
appropriate and proportionate measure within a democratic