Access Alert | New Judgments from the Court of Justice of the European Union on Data Retention by Providers of Electronic Communications

Access Alert | New Judgments from the Court of Justice of the European Union on Data Retention by Providers of Electronic Communications

The Court of Justice of the European Union (CJEU) issued two judgments on 20 September 2022 on the legal framework governing data retention by providers of electronic communications. In both cases, the CJEU reaffirmed its prior position by limiting the retention of traffic and location data for the sake of preserving privacy.

Joined Cases C-339/20 (VD) and C-397/20 (SR) concerned a procedure initiated by the French Financial Markets Authority (AMF) regarding alleged market abuse offences. The case involves two suspects accused of insider dealing, corruption, and money laundering. AMF’s procedure was launched based on personal data generated from telephone calls during the provision of electronic communications services. The two applicants raised the argument that AMF relied on legislation contrary to European Union law to collect their communication data.

In this context, the French Supreme Court (Court of Cassation) made a request for a preliminary ruling to the CJEU on the compatibility of the provisions of the European Privacy and Electronic Communications Directive with French legislation relating to market abuse. As a preventive measure, this provides for generalised and undifferentiated storage of traffic data for one year from the day the recording is made.

The CJEU ruled that none of the texts relating to market abuse can constitute the legal basis for a general obligation to retain traffic data records held by operators of electronic communications services for the purpose of exercising powers conferred on the competent authorities in financial matters under these instruments.

General and indiscriminate retention of traffic data by operators providing electronic communications services for a year from the date on which they were recorded is not authorised as a preventive measure to combat market abuse offences, including insider trading.

In Joined Cases C-793/19 (SpaceNet) and C-794/19 (Telekom Deutschland), German internet service providers SpaceNet and Telekom Deutschland challenged before national courts the legality of the obligation to keep data relating to the traffic and the location relating to the telecommunications of their customers. The German Telecommunications Act (TKG) obliges telecommunications providers to do so for the repression of serious criminal offences or the prevention of a concrete risk to national security over several weeks.

The German federal administration court sought clarifications from the CJEU on whether the TKG is compatible with European principles. The CJEU responded that EU law precludes national legislation that provides generalised and indiscriminate retention of data traffic and location data as a preventive measure to combat serious crime and threats to public security. On the other hand, it does not oppose such retention in several cases, such as when the Member State in question is faced with a serious threat to national security.

Access Partnership is closely monitoring data protection developments. For more information, contact Chrystel Erotokritou, Compliance Manager.

Related Articles

AI for All in Thailand: Building an AI-ready economy with Google

AI for All in Thailand: Building an AI-ready economy with Google

อ่านบทความนี้เป็นภาษาไทย A doctor in Bangkok analyzes medical images with AI, leading to a faster, more accurate diagnosis for her patient....

19 Dec 2024 AI Policy Lab
The Role of Earth Observation in Combating Desertification in Middle Eastern Countries

The Role of Earth Observation in Combating Desertification in Middle Eastern Countries

This month’s UNCCD COP16 in Riyadh marked a pivotal moment in combating global land degradation and drought, with outcomes including...

13 Dec 2024 Opinion
Access Alert: Enhancing Efficiency in India’s Logistics Through AI and Digital Integration

Access Alert: Enhancing Efficiency in India’s Logistics Through AI and Digital Integration

A recent panel discussion at the Bengaluru Tech Summit 2024 on 20 November 2024 focused on the transformative role of...

29 Nov 2024 Opinion
Access Alert: How Will Deepfake Regulations in APAC Impact Your Business?

Access Alert: How Will Deepfake Regulations in APAC Impact Your Business?

The rise of deepfakes – AI-generated content that manipulates audio, video, or images to create realistic but false representations –...

29 Nov 2024 Opinion