CENTRUM FÖR RÄTTVISA v. SWEDEN JUDGMENT

8. The procedures for independent ex post facto review of such
compliance and the powers vested in the competent body in
addressing instances of non-compliance.
276. Despite being one of the six Weber criteria, to date the Court has
not yet provided specific guidance regarding the precautions to be taken
when communicating intercept material to other parties. However, it is now
clear that some States are regularly sharing material with their intelligence
partners and even, in some instances, allowing those intelligence partners
direct access to their own systems. Consequently, the Court considers that
the transmission by a Contracting State to foreign States or international
organisations of material obtained by bulk interception should be limited to
such material as has been collected and stored in a Convention compliant
manner and should be subject to certain additional specific safeguards
pertaining to the transfer itself. First of all, the circumstances in which such
a transfer may take place must be set out clearly in domestic law. Secondly,
the transferring State must ensure that the receiving State, in handling the
data, has in place safeguards capable of preventing abuse and
disproportionate interference. In particular, the receiving State must
guarantee the secure storage of the material and restrict its onward
disclosure. This does not necessarily mean that the receiving State must
have comparable protection to that of the transferring State; nor does it
necessarily require that an assurance is given prior to every transfer.
Thirdly, heightened safeguards will be necessary when it is clear that
material requiring special confidentiality – such as confidential journalistic
material – is being transferred. Finally, the Court considers that the transfer
of material to foreign intelligence partners should also be subject to
independent control.
277. For the reasons identified at paragraph 256 above, the Court is not
persuaded that the acquisition of related communications data through bulk
interception is necessarily less intrusive than the acquisition of content. It
therefore considers that the interception, retention and searching of related
communications data should be analysed by reference to the same
safeguards as those applicable to content.
278. That being said, while the interception of related communications
data will normally be authorised at the same time the interception of content
is authorised, once obtained they may be treated differently by the
intelligence services. In view of the different character of related
communications data and the different ways in which they are used by the
intelligence services, as long as the aforementioned safeguards are in place,
the Court is of the opinion that the legal provisions governing their
treatment may not necessarily have to be identical in every respect to those
governing the treatment of content.

Select target paragraph3