CURIA - Documents

Home > Search form > List of results > Documents

Start printing

Language of document : ECLI:EU:C:2018:788

Case C‑207/16

Proceedings brought by the Ministerio Fiscal

(Request for a preliminary ruling from the Audiencia Provincial de Tarragona)

(Reference for a preliminary ruling — Electronic communications — Processing of personal data — Directive 2002/58/EC — Articles 1 and 3 — Scope — Confidentiality of electronic communications — Protection — Article 5 and Article 15(1) — Charter of Fundamental Rights of the European Union — Articles 7 and 8 — Data processed in connection with the provision of electronic communications services — Access of national authorities to the data for the purposes of an investigation — Threshold of seriousness of an offence capable of justifying access to the data)

Summary — Judgment of the Court (Grand Chamber), 2 October 2018

1. Approximation of laws — Telecommunications sector — Processing of personal data and the protection of privacy in the electronic communications sector — Directive 2002/58 — Scope — Request for access made by a public authority, in connection with a criminal investigation, to data retained by providers of electronic communications services — Included

(European Parliament and Council Directives 95/46, Art. 2(b), and 2002/58, as amended by Directive 2009/136, recital 15 and Arts. 1(1) and (3) and 2, para. 1 and 2(b))

2. Approximation of laws — Telecommunications sector — Processing of personal data and the protection of privacy in the electronic communications sector — Directive 2002/58 — Power of Member States to limit the scope of certain rights and obligations — Restrictive interpretation — Objectives capable of justifying the adoption of a restriction — Exhaustive nature

(European Parliament and Council Directive 2002/58, as amended by Directive 2009/136, Art. 15(1))

3. Approximation of laws — Telecommunications sector — Processing of personal data and the protection of privacy in the electronic communications sector — Directive 2002/58 — Power of Member States to limit the scope of certain rights and obligations — Access of public authorities to data for the purpose of identifying the owners of SIM cards activated with a stolen mobile telephone — Interference with the rights to privacy and the protection of personal data — Not serious — Justified by the objective of preventing, investigating, detecting and prosecuting criminal offences

(Charter of Fundamental Rights of the European Union, Arts 7 and 8; European Parliament and Council Directive 2002/58, as amended by Regulation No 2009/136, Art. 15(1))

1. See the text of the decision.

(see paras 32, 38-42)

2. See the text of the decision.

(see para. 52)

3. Article 15(1) of Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), as amended by Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009, read in the light of Articles 7 and 8 of the Charter of Fundamental Rights of the European Union, must be interpreted as meaning that the access of public authorities to data for the purpose of identifying the owners of SIM cards activated with a stolen mobile telephone, such as the surnames, forenames and, if need be, addresses of the owners, entails interference with their fundamental rights, enshrined in those articles of the Charter of Fundamental Rights, which is not sufficiently serious to entail that access being limited, in the area of prevention, investigation, detection and prosecution of criminal offences, to the objective of fighting serious crime.

In that regard, the sole purpose of the request at issue in the main proceedings, by which the police seeks, for the purposes of a criminal investigation, a court authorisation to access personal data retained by providers of electronic communications services, is to identify the owners of SIM cards activated over a period of 12 days with the IMEI code of the stolen mobile telephone. As noted in paragraph 40 of the present judgment, that request seeks access to only the telephone numbers corresponding to those SIM cards and to the data relating to the identity of the owners of those cards, such as their surnames, forenames and, if need be, addresses. By contrast, those data do not concern, as confirmed by both the Spanish Government and the Public Prosecutor’s Office during the hearing, the communications carried out with the stolen mobile telephone or its location. Without those data being cross-referenced with the data pertaining to the communications with those SIM cards and the location data, those data do not make it possible to ascertain the date, time, duration and recipients of the communications made with the SIM card or cards in question, nor the locations where those communications took place or the frequency of those communications with specific people during a given period. Those data do not therefore allow precise conclusions to be drawn concerning the private lives of the persons whose data is concerned. In those circumstances, access to only the data referred to in the request at issue in the main proceedings cannot be defined as ‘serious’ interference with the fundamental rights of the persons whose data is concerned.

As stated in paragraphs 53 to 57 of this judgment, the interference that access to such data entails is therefore capable of being justified by the objective, to which the first sentence of Article 15(1) of Directive 2002/58 refers, of preventing, investigating, detecting and prosecuting ‘criminal offences’ generally, without it being necessary that those offences be defined as ‘serious’.

(see paras 59-63, operative part)