CENTRUM FÖR RÄTTVISA v. SWEDEN JUDGMENT

Article 15 – Application of certain provisions of Directive 95/46/EC
“1. Member States may adopt legislative measures to restrict the scope of the rights
and obligations provided for in Article 5, Article 6, Article 8(1), (2), (3) and (4), and
Article 9 of this Directive when such restriction constitutes a necessary, appropriate
and proportionate measure within a democratic society to safeguard national security
(i.e. State security), defence, public security, and the prevention, investigation,
detection and prosecution of criminal offences or of unauthorised use of the electronic
communication system, as referred to in Article 13(1) of Directive 95/46/EC. To this
end, Member States may, inter alia, adopt legislative measures providing for the
retention of data for a limited period justified on the grounds laid down in this
paragraph. All the measures referred to in this paragraph shall be in accordance with
the general principles of Community law, including those referred to in Article 6(1)
and (2) of the Treaty on European Union.”

97. On 15 March 2006 the Data Retention Directive (Directive
2006/24/EC on the retention of data generated or processed in connection
with the provision of publicly available electronic communications services
or of public communications networks and amending Directive
2002/58/EC) was adopted. Prior to the judgment of 2014 declaring it invalid
(see the paragraph below), it provided, inter alia, as follows:
Article 1 - Subject matter and scope
“1. This Directive aims to harmonise Member States’ provisions concerning the
obligations of the providers of publicly available electronic communications services
or of public communications networks with respect to the retention of certain data
which are generated or processed by them, in order to ensure that the data are
available for the purpose of the investigation, detection and prosecution of serious
crime, as defined by each Member State in its national law.
2. This Directive shall apply to traffic and location data on both legal entities and
natural persons and to the related data necessary to identify the subscriber or
registered user. It shall not apply to the content of electronic communications,
including information consulted using an electronic communications network.”
Article 3 – Obligation to retain data
“1. By way of derogation from Articles 5, 6 and 9 of Directive 2002/58/EC,
Member States shall adopt measures to ensure that the data specified in Article 5 of
this Directive are retained in accordance with the provisions thereof, to the extent that
those data are generated or processed by providers of publicly available electronic
communications services or of a public communications network within their
jurisdiction in the process of supplying the communications services concerned.
...”

Select target paragraph3