Access Alert | New Judgments from the Court of Justice of the European Union on Data Retention by Providers of Electronic Communications

Access Alert | New Judgments from the Court of Justice of the European Union on Data Retention by Providers of Electronic Communications

The Court of Justice of the European Union (CJEU) issued two judgments on 20 September 2022 on the legal framework governing data retention by providers of electronic communications. In both cases, the CJEU reaffirmed its prior position by limiting the retention of traffic and location data for the sake of preserving privacy.

Joined Cases C-339/20 (VD) and C-397/20 (SR) concerned a procedure initiated by the French Financial Markets Authority (AMF) regarding alleged market abuse offences. The case involves two suspects accused of insider dealing, corruption, and money laundering. AMF’s procedure was launched based on personal data generated from telephone calls during the provision of electronic communications services. The two applicants raised the argument that AMF relied on legislation contrary to European Union law to collect their communication data.

In this context, the French Supreme Court (Court of Cassation) made a request for a preliminary ruling to the CJEU on the compatibility of the provisions of the European Privacy and Electronic Communications Directive with French legislation relating to market abuse. As a preventive measure, this provides for generalised and undifferentiated storage of traffic data for one year from the day the recording is made.

The CJEU ruled that none of the texts relating to market abuse can constitute the legal basis for a general obligation to retain traffic data records held by operators of electronic communications services for the purpose of exercising powers conferred on the competent authorities in financial matters under these instruments.

General and indiscriminate retention of traffic data by operators providing electronic communications services for a year from the date on which they were recorded is not authorised as a preventive measure to combat market abuse offences, including insider trading.

In Joined Cases C-793/19 (SpaceNet) and C-794/19 (Telekom Deutschland), German internet service providers SpaceNet and Telekom Deutschland challenged before national courts the legality of the obligation to keep data relating to the traffic and the location relating to the telecommunications of their customers. The German Telecommunications Act (TKG) obliges telecommunications providers to do so for the repression of serious criminal offences or the prevention of a concrete risk to national security over several weeks.

The German federal administration court sought clarifications from the CJEU on whether the TKG is compatible with European principles. The CJEU responded that EU law precludes national legislation that provides generalised and indiscriminate retention of data traffic and location data as a preventive measure to combat serious crime and threats to public security. On the other hand, it does not oppose such retention in several cases, such as when the Member State in question is faced with a serious threat to national security.

Access Partnership is closely monitoring data protection developments. For more information, contact Chrystel Erotokritou, Compliance Manager.

Related Articles

Securing the Internet: A Conversation with Chris Locke, Internet Society Foundation

Securing the Internet: A Conversation with Chris Locke, Internet Society Foundation

Join Lim May-Ann, Director of Multilateral Relations, Data Policy, and Partnerships at Access Partnership, and special guest Chris Locke, EVP...

31 Mar 2025 Opinion
Securing America’s Innovation Future: Modernising IP for AI and Emerging Technologies

Securing America’s Innovation Future: Modernising IP for AI and Emerging Technologies

This opinion piece is part of Access Partnership’s  ‘A Digital Manifesto’  initiative, which recommends a framework to develop US global leadership on...

28 Mar 2025 General
Bridging the Privacy Gap: Recommendations for a Comprehensive Federal Data Protection Law

Bridging the Privacy Gap: Recommendations for a Comprehensive Federal Data Protection Law

This opinion piece is part of Access Partnership’s  ‘A Digital Manifesto’  initiative, which recommends a framework to develop US global leadership on...

21 Mar 2025 General
Bridging the Digital Divide: A Blueprint for Modernising US Broadband Infrastructure

Bridging the Digital Divide: A Blueprint for Modernising US Broadband Infrastructure

This opinion piece is part of Access Partnership’s  ‘A Digital Manifesto’  initiative, which recommends a framework to develop US global leadership on...

14 Mar 2025 General