CENTRUM FÖR RÄTTVISA v. SWEDEN JUDGMENT

“2.4. Interference by public authorities with the content of a communication,
including the use of listening or tapping devices or other means of surveillance or
interception of communications, must be carried out only when this is provided for by
law and constitutes a necessary measure in a democratic society in the interests of:
a. protecting state security, public safety, the monetary interests of the state or
the suppression of criminal offences;
b. protecting the data subject or the rights and freedoms of others.
2.5. In the case of interference by public authorities with the content of a
communication, domestic law should regulate:
a. the exercise of the data subject’s rights of access and rectification;
b. in what circumstances the responsible public authorities are entitled to
refuse to provide information to the person concerned, or delay providing it;
c. storage or destruction of such data.
If a network operator or service provider is instructed by a public authority to effect
an interference, the data so collected should be communicated only to the body
designated in the authorisation for that interference.”

3. The 2015 Report of the European Commission for Democracy
through Law (“the Venice Commission”) on the Democratic
Oversight of Signals Intelligence Agencies
86. In this report, published in December 2015, the Venice Commission
noted, at the outset, the value that bulk interception could have for security
operations, since it enabled the security services to adopt a proactive
approach, looking for hitherto unknown dangers rather than investigating
known ones. However, it also noted that intercepting bulk data in
transmission, or requirements that telecommunications companies store and
then provide telecommunications content data or metadata to
law-enforcement or security agencies involved an interference with the
privacy and other human rights of a large proportion of the population of the
world. In this regard, the Venice Commission considered that the main
interference with privacy occurred when stored personal data were accessed
and/or processed by the agencies. For this reason, the computer analysis
(usually with the help of selectors) was one of the important stages for
balancing personal integrity concerns against other interests.
87. According to the report, the two most significant safeguards were the
authorisation (of collection and access) and the oversight of the process. It
was clear from the Court’s case-law that the latter had to be performed by
an independent, external body. While the Court had a preference for judicial
authorisation, it had not found this to be a necessary requirement. Rather,
the system had to be assessed as a whole, and where independent controls
were absent at the authorisation stage, particularly strong safeguards had to
exist at the oversight stage. In this regard, the Venice Commission
considered the example of the system in the United States, where

Select target paragraph3