In Case C-207/16 Ministerio Fiscal ECLI:EU:C:2018:788 the CJEU has addressed whether it is compatible with Directive 2002/58 and with the Charter of Fundamental Rights for a public authority to gain access to data for the purpose of fighting crime about the subscriber of electronic communications equipment.
The factual context arose from a Spanish police investigation into a robbery in which a mobile phone was stolen. The police sought a court order requiring mobile operator companies to give them the details of subscribers who had subsequently used the stolen handset, including names and addresses. The Spanish courts referred the issue to the CJEU. In particular, it was concerned whether such an interference with the personal data of those involved was proportionate, having regard to the fact that the CJEU has, in its Case C-203/15 Tele2/Watson judgment, appeared to restrict interferences in related contexts to the investigation of ‘serious crime’.
The CJEU adopted a practical approach focussing on the proportionality of the interference. It accepted that the relevant provision, Article 15 of Directive 2002/58 (the e-commerce and privacy directive), did not use the language of “serious crime” but only “criminal offences”. Unlike the type of communications data in issue in Tele2, the interference in this case concerned only subscriber data and did not “allow precise conclusions to be drawn concerning the private lives of the persons whose data is concerned”. Although the request was an interference with Article 7 and 8 Charter rights, it was not a serious interference. Accordingly, proportionality did not require that the interference be justified by reference only to serious crime: criminal offences generally was a sufficient justification.
The reasoning allowed the CJEU to avoid giving any guidance on how national courts might define the concept of ‘serious crime’, but is otherwise a welcome recognition that not all types of personal data need be considered equally intrusive. The CJEU did, however, reiterate that a request for subscriber data for the purposes of a criminal investigation fell within the scope of Directive 2002/58, despite the apparent exclusion from its scope under Article 1(3) of the activities of the State in the area of criminal law.
Christopher Knight acted for the UK Government, led by Gerry Facenna QC.
The judgment may be read here.