Conclusions of the Council of the European Union on Retention of Data for the Purpose of Fighting Crime - adoption - Main contents

Document date	27-05-2019
Publication date	28-05-2019
Reference	9663/19
From	Presidency
External link	original article
Original document in PDF

Council of the European Union Brussels, 27 May 2019 (OR. en)

9663/19

JAI 574 COPEN 232 DAPIX 194 ENFOPOL 269 CYBER 179 EUROJUST 105 DATAPROTECT 153 TELECOM 238

NOTE

From: Presidency

To: Council

No. prev. doc.: 8621/19

Subject: Conclusions of the Council of the European Union on Retention of Data for the Purpose of Fighting Crime

• - 

  adoption

In view of the findings of the reflexion process summarised in the AT presidency report presented at the December 2018 meeting of the Council and following the Justice Ministers call at that meeting for further action, the Presidency prepared an outline of the key political messages in the area of data retention which served as a basis for the preparation of the Conclusions on the matter as set out in the Annex to this Note.

The draft text of the Council was discussed and finalised at technical level in the DAPIX

(Data Retention) Working Party on 8 May and approved by COREPER on 22 May 2019.

The discussions demonstrated a strong political commitment by delegations to continue working towards finding a solution to the challenges posed by the lack of a data retention regime at EU level.

On this basis, the Council is invited to adopt the text of these Conclusions.

ANNEX

CONCLUSIONS OF THE COUNCIL OF THE EUROPEAN UNION ON RETENTION OF

DATA FOR THE PURPOSE OF FIGHTING CRIME

Introduction

Data stemming from telecommunication operators and service providers is very important in order for law enforcement, judicial authorities and other competent authorities to successfully investigate criminal activities, such as terrorism or cyber crime, in the digital age.

In order to ensure that information necessary to conduct investigations effectively is available to law enforcement, judicial and other competent authorities, data retained by telecommunications operators and service providers for business purposes may not be sufficient for those authorities' purposes. Indeed, such business purposes are no guarantee that data will be retained, and if data is retained, the period of retention time would not be predictable.

It is an objective of general interest to fight crime in order to maintain public security and ensure security of persons as a prerequisite for ensuring fundamental rights. It is therefore appropriate to lay down proportional, necessary and transparent data retention obligations for telecommunications operators and service providers to meet law enforcement operational needs. Such data retention regimes must provide for sufficient safeguards for fundamental rights, as enshrined in the Charter, in particular the rights to privacy, protection of personal data, non-discrimination and presumption of innocence.

The rulings of the Court of Justice of the European Union (the 'Court of Justice') in the cases Digital Rights Ireland 1 2 and Tele 2 , which set out the criteria for the lawful retention of data and access thereof are of fundamental importance. It should also be noted that the findings of the Court in those cases apply only to traffic and location data, and not to subscriber data 3 .

1 C-293/12.

2 C-203/15.

3 14319/18.

The conclusions of the European Council of 23 June 2017 stress the importance of securing availability of data for the effectiveness of the fight against serious crime, including terrorism 4 . It should be underlined that the existence of different legal rules in the area of data retention may cause limitations for cooperation and information exchange between competent authorities in cross-border cases. In this sense, the conclusions of the European Council of 18 October 2018 calls for measures to provide Member States' law enforcement authorities and Europol with adequate resources to face new challenges posed by technological developments and the evolving security threat landscape, including through pooling of equipment, enhanced partnerships with the private sector, interagency cooperation and improved access to data 5 .

In April 2017 a reflection process on data retention was launched for the purpose of fighting crime. The results of this process will assist Member States in analysing the requirements of the relevant case-law of the Court of Justice and in exploring possible options for ensuring the availability of data needed to fight crime effectively in light of that case-law, which is evolving as new cases have been brought before the Court of Justice following the Tele 2 ruling. Important progress of the reflection process includes:

– The Council taking note of the progress in December 2017 6 ;

– The compilation from Member States on the use of retained data in criminal investigations 7 ;

– The outcome of data retention workshops at expert level held at Europol 8 .

At its meeting of 6 and 7 December 2018, the Council took note of the state of play of this reflection process, including some key directions for further work 9 . In the subsequent exchange of views, several Ministers called upon the Commission to conduct a comprehensive study on the possible solutions for retaining data, including a legislative initiative, taking into account the development of national and EU case-law.

4 EUCO 8/17.

5 EUCO 13/18.

6 14480/1/17 REV 1.

7 WK 5296/2017 REV 1.

8 WK 5900 2018 INIT.

9 14319/18.

Relevant case law at national and EU level must therefore be followed closely, in particular regarding the most recent requests for a preliminary ruling by the Investigatory Powers Tribunal in the UK 10 , the Constitutional Court in Belgium 11 12 , the Conseil d'Etat in France , and the Supreme Court of Estonia 13 , to the Court of Justice.

The report of the Special Committee on Terrorism of the European Parliament notes that the necessity of an appropriate data retention regime was consistently raised during the work of the Committee. The rapporteurs believe it is necessary to provide for an EU regime on data retention, in line with the requirements stemming from the case-law of the Court of Justice, while taking into account the needs of the competent authorities and the specificities of the counter-terrorism field.

10 C-623/17. The request for a preliminary ruling is concerned with the scope of Union Law in relation to measures taken at national level for the purpose of protecting national security.

11 C-520/18. The request for a preliminary ruling by the Belgian Constitutional Court concerns the questions whether a general data retention scheme would be justified in case of (i) a

broader purpose than fighting serious crime (such as fighting other forms of crime or

guaranteeing the national security and the defence of the territory or (ii) fulfilling the

positive obligations as set out in Articles 4 and 8 of the Charter (prohibition of torture and

protection of personal data).

12 Case C-511/18. One of the requests for a preliminary ruling of the French Conseil d'Etat

concerns the legal framework for data retention for criminal investigations whereby the

Conseil d'Etat poses a similar question as the Belgian Constitutional court, namely whether

a general retention of data can be justified in light of the right to security. Case C-512/18

concerns the legal framework for data retention for intelligence services. Similar to the UK

case (C-623/17), the Conseil d'Etat asks the European Court of Justice whether the data

retention regime is justified given the existing terrorist threat.

13 Case C-746/18 regarding access to retained data.

  It should be recalled that the rules in the currently applicable ePrivacy Directive 14 , the reformed legislative framework of the European Union, in particular the General Data Protection Regulation 15 and the Law Enforcement Directive 16 , as well as the ongoing negotiations on the Commission proposal for a new ePrivacy Regulation 17 are of particular importance for the purpose of data retention.

Considerations of the Council

Data retention constitutes an essential tool for law enforcement, judicial and other competent authorities to effectively investigate serious crime, as defined by national law, including terrorism or cyber crime.

The use of data retention and similar investigative measures should be guided by the protection of fundamental rights and freedoms as enshrined in the Charter and the principles of purpose limitation, necessity and proportionality.

Legislative reforms at national or European level, including the future e-Privacy Regulation, should maintain the legal possibility for schemes for retention of data at EU and national level that take into account future developments and that are compliant with the requirements set out by the Charter of Fundamental Rights of the European Union as interpreted by the Court of Justice.

14 Directive 2002/58/EC i of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and

electronic communications), as amended by Directive 2009/136/EC i of 25 November 2009. 15 OJ L 119, 4.5.2016, p. 1.

16 OJ L 119, 27.04.2016, p. 89.

17 2017/0003(COD) i.

Conclusions

Work should continue in the DAPIX-Friends of Presidency Working Party on data retention.

The Commission is:

– invited to take the appropriate steps to gather information regarding the needs of Member States competent authorities to have available data that are strictly necessary with a view to fighting crime, including terrorism, effectively;

– invited, at an initial stage, to have a number of targeted consultations with relevant stakeholders to complement the work being carried out in the DAPIX-Friends of the Presidency Working Party and periodically update the Working Party on its findings from these consultations;

– requested to subsequently prepare a comprehensive study in accordance with Art. 241 TFEU, taking into account these consultations, on possible solutions for retaining data, including the consideration of a future legislative initiative. Besides the outcome of the consultations, such study should also take into account:

• the evolving case-law of the Court of Justice and of national courts relevant for

data retention; and

• the outcomes of the common reflection process in the Council 18 ;

18 As set out in particular in the Presidency Notes 14480/1/17 REV 1 and 14319/18.

– invited to further assess in the study, inter alia, the concepts of general, targeted and restricted data retention (first level of interference) and the concept of targeted access to retained data (second level of interference), and explore to what extent the cumulative effect of strong safeguards and possible limitations at both interference levels could assist in mitigating the overall impact of retaining those data to protect the fundamental rights of the Charter, while ensuring the effectiveness of the investigations, in particular when it is ensured that access is solely given to specific data needed for a specific

investigation;

– requested to report on the state-of-play of its work on data retention by the end of 2019.