ECJ rejects Estonian regulation
No time right now?
Are authorities allowed to use electronic communication data for law enforcement? Only in certain cases, says the ECJ.
The European Court of Justice ruled against data retention in Estonia on Tuesday. The fact that the public prosecutor there had used traffic or location data of an accused is not compatible with EU law, informs the ECJ.
Contents
Personal location data used for investigations
It was about an Estonian who was charged with theft, use of a third party bank card and acts of violence. After being found guilty by two instances and sentenced to two years’ imprisonment, she complained to the Supreme Court in Estonia.
He asked the European Court of Justice to interpret the applicable law. The problem: The Estonian authorities had judged, among other things, on the basis of personal data that had been collected via electronic communication.
National law contradicts EU law
According to a national regulation in Estonia, the public prosecutor’s office was allowed to grant the investigative authorities access to this data. Estonian authorities are therefore allowed to use traffic and location data to “prevent, investigate, detect and prosecute criminal offenses”.
According to the ECJ, however, this rule contradicts EU law – namely, that such data may only be used to combat serious crime or to prevent serious threats to public security. In addition, the principle of proportionality always applies.
Estonia needs to sharpen the rule
For this reason, the national regulation in Estonia must be expanded to include specific requirements that determine when authorities are entitled to data from operators of electronic communications services.
In addition, a court or an independent administrative body must decide in each individual case whether the use of the data is appropriate. This role cannot be taken over by the public prosecutor, who is leading the proceedings.