Council of the European Union Brussels, 6 June 2019 (OR. en)
JAI 663 COPEN 266 DAPIX 206 ENFOPOL 294 CYBER 196 EUROJUST 122 DATAPROTECT 163 TELECOM 251
OUTCOME OF PROCEEDINGS
From: General Secretariat of the Council
On: 6 June 2019
Subject: Conclusions of the Council of the European Union on Retention of Data for the Purpose of Fighting Crime
-Council conclusions (6 June 2019)
Delegations will find in Annex the Council conclusions on Retention of Data for the Purpose of
Fighting Crime adopted by the Council (Justice and Home Affairs) on 6 June 2019.
CONCLUSIONS OF THE COUNCIL OF THE EUROPEAN UNION ON RETENTION OF
DATA FOR THE PURPOSE OF FIGHTING CRIME
1.Data stemming from telecommunication operators and service providers is very important in order for law enforcement, judicial authorities and other competent authorities to successfully investigate criminal activities, such as terrorism or cyber crime, in the digital age.
1.In order to ensure that information necessary to conduct investigations effectively is available to law enforcement, judicial and other competent authorities, data retained by
telecommunications operators and service providers for business purposes may not be sufficient for those authorities' purposes. Indeed, such business purposes are no guarantee that data will be retained, and if data is retained, the period of retention time would not be predictable.
2.It is an objective of general interest to fight crime in order to maintain public security and ensure security of persons as a prerequisite for ensuring fundamental rights. It is therefore appropriate to lay down proportional, necessary and transparent data retention obligations for telecommunications operators and service providers to meet law enforcement operational needs. Such data retention regimes must provide for sufficient safeguards for fundamental rights, as enshrined in the Charter, in particular the rights to privacy, protection of personal data, non-discrimination and presumption of innocence.
3.The rulings of the Court of Justice of the European Union (the 'Court of Justice') in the cases Digital Rights Ireland 1 and Tele 2 2 , which set out the criteria for the lawful retention of data and access thereof are of fundamental importance. It should also be noted that the findings of the Court in those cases apply only to traffic and location data, and not to subscriber data 3 .
4.The conclusions of the European Council of 23 June 2017 stress the importance of securing availability of data for the effectiveness of the fight against serious crime, including
terrorism 4 . It should be underlined that the existence of different legal rules in the area of data retention may cause limitations for cooperation and information exchange between competent
authorities in cross-border cases. In this sense, the conclusions of the European Council of 18 October 2018 calls for measures to provide Member States' law enforcement authorities and Europol with adequate resources to face new challenges posed by technological developments and the evolving security threat landscape, including through pooling of equipment, enhanced partnerships with the private sector, interagency cooperation and improved access to data 5 .
5.In April 2017 a reflection process on data retention was launched for the purpose of fighting crime. The results of this process will assist Member States in analysing the requirements of the relevant case-law of the Court of Justice and in exploring possible options for ensuring the availability of data needed to fight crime effectively in light of that case-law, which is
evolving as new cases have been brought before the Court of Justice following the Tele 2 ruling. Important progress of the reflection process includes:
– The Council taking note of the progress in December 2017 6 ;
– The compilation from Member States on the use of retained data in criminal investigations 7 ;
– The outcome of data retention workshops at expert level held at Europol 8 .
6.At its meeting of 6 and 7 December 2018, the Council took note of the state of play of this reflection process, including some key directions for further work 9 . In the subsequent
exchange of views, several Ministers called upon the Commission to conduct a comprehensive study on the possible solutions for retaining data, including a legislative initiative, taking into account the development of national and EU case-law.
4 EUCO 8/17.
5 EUCO 13/18.
6 14480/1/17 REV 1.
7 WK 5296/2017 REV 1.
8 WK 5900 2018 INIT.
7.Relevant case law at national and EU level must therefore be followed closely, in particular regarding the most recent requests for a preliminary ruling by the Investigatory Powers
Tribunal in the UK 10 , the Constitutional Court in Belgium 11 , the Conseil d'Etat in France 12 , and the Supreme Court of Estonia 13 , to the Court of Justice.
8.The report of the Special Committee on Terrorism of the European Parliament notes that the necessity of an appropriate data retention regime was consistently raised during the work of the Committee. The rapporteurs believe it is necessary to provide for an EU regime on data retention, in line with the requirements stemming from the case-law of the Court of Justice, while taking into account the needs of the competent authorities and the specificities of the
10 C-623/17. The request for a preliminary ruling is concerned with the scope of Union Law in relation to measures taken at national level for the purpose of protecting national security.
11 C-520/18. The request for a preliminary ruling by the Belgian Constitutional Court concerns the questions whether a general data retention scheme would be justified in case of (i) a
broader purpose than fighting serious crime (such as fighting other forms of crime or
guaranteeing the national security and the defence of the territory or (ii) fulfilling the
positive obligations as set out in Articles 4 and 8 of the Charter (prohibition of torture and
protection of personal data).
12 Case C-511/18. One of the requests for a preliminary ruling of the French Conseil d'Etat
concerns the legal framework for data retention for criminal investigations whereby the
Conseil d'Etat poses a similar question as the Belgian Constitutional court, namely whether
a general retention of data can be justified in light of the right to security. Case C-512/18
concerns the legal framework for data retention for intelligence services. Similar to the UK
case (C-623/17), the Conseil d'Etat asks the European Court of Justice whether the data
retention regime is justified given the existing terrorist threat.
13 Case C-746/18 regarding access to retained data.
9.It should be recalled that the rules in the currently applicable ePrivacy Directive 14 , the reformed legislative framework of the European Union, in particular the General Data Protection Regulation 15 and the Law Enforcement Directive 16 , as well as the ongoing negotiations on the Commission proposal for a new ePrivacy Regulation 17 are of particular importance for the purpose of data retention.
Considerations of the Council
1.Data retention constitutes an essential tool for law enforcement, judicial and other competent authorities to effectively investigate serious crime, as defined by national law, including
terrorism or cyber crime.
2.The use of data retention and similar investigative measures should be guided by the protection of fundamental rights and freedoms as enshrined in the Charter and the principles of purpose limitation, necessity and proportionality.
3.Legislative reforms at national or European level, including the future e-Privacy Regulation, should maintain the legal possibility for schemes for retention of data at EU and national level that take into account future developments and that are compliant with the requirements set out by the Charter of Fundamental Rights of the European Union as interpreted by the Court of Justice.
14 Directive 2002/58/EC i of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and
electronic communications), as amended by Directive 2009/136/EC i of 25 November 2009. 15 OJ L 119, 4.5.2016, p. 1.
16 OJ L 119, 27.04.2016, p. 89.
17 2017/0003(COD) i.
1.Work should continue in the DAPIX-Friends of Presidency Working Party on data retention.
2.The Commission is:
– invited to take the appropriate steps to gather information regarding the needs of Member States competent authorities to have available data that are strictly necessary with a view to fighting crime, including terrorism, effectively;
– invited, at an initial stage, to have a number of targeted consultations with relevant stakeholders to complement the work being carried out in the DAPIX-Friends of the Presidency Working Party and periodically update the Working Party on its findings from these consultations;
– requested to subsequently prepare a comprehensive study in accordance with Art. 241 TFEU, taking into account these consultations, on possible solutions for retaining data, including the consideration of a future legislative initiative. Besides the outcome of the consultations, such study should also take into account:
• the evolving case-law of the Court of Justice and of national courts relevant for
data retention; and
• the outcomes of the common reflection process in the Council 18 ;
18 As set out in particular in the Presidency Notes 14480/1/17 REV 1 and 14319/18.
– invited to further assess in the study, inter alia, the concepts of general, targeted and restricted data retention (first level of interference) and the concept of targeted access to retained data (second level of interference), and explore to what extent the cumulative effect of strong safeguards and possible limitations at both interference levels could assist in mitigating the overall impact of retaining those data to protect the fundamental rights of the Charter, while ensuring the effectiveness of the investigations, in particular when it is ensured that access is solely given to specific data needed for a specific
– requested to report on the state-of-play of its work on data retention by the end of 2019.
The EU Monitor enables its users to keep track of the European process of lawmaking, focusing on the relevant dossiers. It automatically signals the newly added documents and subsequent meetings in which these are scheduled for discussion or vote. The latest state of affairs is conveniently presented in such a way that a single glance is sufficient to keep informed. By way of alerts through e-mail or digital newsletters users and their clients are kept in the loop 24/7.If you are interested in the EU Monitor, please contact us at firstname.lastname@example.org.