Judges must be entitled to refuse or restrict access to telephone records intended to identify perpetrators of an offence, according to CJEU

The court or independent administrative body responsible for authorising access to telephone records in order to identify the perpetrators of an offence, and for the prosecution of which offence national law envisages such access, must be entitled to refuse or restrict that access: such was the judgment of the Court of Justice of the EU delivered on Tuesday 30 April (case C-178/22).

In the context of a criminal investigation into the aggravated theft of two mobile phones, the Public Prosecutor’s Office of Bolzano, Italy, has asked the Italian judge for authorisation to obtain the telephone records of the stolen phones from all the telephone companies in order to identify those responsible for the theft. The Italian judge has expressed doubts about the compatibility of Italian law – upon which law the request was based – with the EU Privacy and Electronic Communications’ Directive.

It was of the opinion that this law is aimed at prosecuting offences causing limited social disturbance, not justifying serious interference with fundamental rights to private life and the protection of personal data. It also considered that the Italian courts had no margin of discretion as to the actual seriousness of the offence concerned.

In its judgment, the Court holds that the interference with those fundamental rights caused by access to telephone records is likely to be classified as serious. It confirmed that such access can only be granted to data relating to individuals suspected of being implicated in a serious offence.

It specified that it was up to the Member States to define “serious offences” for the purposes of applying the directive in question. However, Member States may not distort this concept and, by extension, that of “serious crime”, by including within it offences which are manifestly not serious offences, in the light of the societal conditions prevailing in the Member State concerned, even though the legislature of that Member State has provided for such offences to be punishable by a maximum term of imprisonment of at least 3 years.

Finally, the CJEU emphasised that the court or independent administrative body concerned must be able to strike a fair balance between the needs of the investigation and the fundamental rights to privacy and the protection of personal data.

Read the judgement: https://aeur.eu/f/c0o (Original version in French by Anne Damiani)