Judgment of the Court in Joined Cases C-339/20 - VD and C-397/20 - SR

29 settembre 2022

Accordign to the Court of Justice of the EU, the general and indiscriminate retention of traffic data by operators providing electronic communications services for a year from the date on which they were recorded is not authorised, as a preventive measure, for the purpose of combating market abuse offences including insider dealing

the Court of Justice finds, in the first place, that neither the Market Abuse Directive nor the Market Abuse Regulation can constitute the legal basis for a general obligation to retain the data traffic records held by operators providing electronic communications services for the purposes of exercising the powers conferred on the competent financial authorities under those measures.

In the second place, the Court points out that the Directive on privacy and electronic communications is the measure of reference on the retention and, more generally, the processing of personal data in the electronic communications sector. Therefore, that directive also governs the traffic data records held by operators providing electronic communications services, which the competent financial authorities, within the meaning of the Market Abuse Directive and the Market Abuse Regulation, may require from those operators. Consequently, the assessment of the lawfulness of the processing of records held by operators providing electronic communications services must be carried out in the light of the conditions laid down by the Directive on privacy and electronic communications, as interpreted by the Court.

The Court finds that the Market Abuse Directive and the Market Abuse Regulation, read in conjunction with the Directive on privacy and electronic communications and in the light of the Charter, do not authorise the general and indiscriminate retention by operators providing electronic communications services of traffic data for a year from the date on which they were recorded for the purpose of combating market abuse offences including insider dealing.

In the third place, the Court upholds its case-law according to which EU law precludes a national court from restricting the temporal effects of a declaration of invalidity which it is bound to make under national law in respect of national legislation requiring operators providing electronic communications services to retain generally and indiscriminately traffic and location data due to that legislation being incompatible with the Directive on privacy and electronic communications.

That said, the Court points out that, in accordance with the principle of procedural autonomy of the Member States, the admissibility of evidence obtained as part of such retention is a matter for national law, subject to compliance, inter alia, with the principles of equivalence and effectiveness. That latter principle requires the national criminal court to disregard the information and evidence obtained by means of the generalised and indiscriminate retention of traffic and location data in breach of EU law if the persons concerned are not in a position to comment effectively on that information and that evidence and they pertain to a field of which the judges have no knowledge and are likely to have a preponderant influence on the findings of fact.

Archivio news

 

News dello studio

mar21

21/03/2024

Correttivo al Codice delle Comunicazioni Elettroniche

Il 20 marzo 2024, il Consiglio dei Ministri ha approvato, in esame definitivo, le disposizioni correttive al decreto legislativo 8 novembre 2021, n. 207, di attuazione della direttiva (UE)

mar20

20/03/2024

Telemarketing

Attuazione del Codice di Condotta con l' accreditamento dell'organismo di monitoraggio da parte del Grante privacy. Con l’accreditamento dell’Organismo di monitoraggio (OdM) si completa

mar19

19/03/2024

GARANTE PER LA PROTEZIONE DEI DATI PERSONALI COMUNICATO Avviso pubblico di avvio della consultazione sul termine di conservazione dei metadati generati e raccolti automaticamente dai protocolli di trasmissione e smistamento della posta el

Il Garante per la protezione dei dati personali, con provvedimento del 22 febbraio 2024, n. 127, pubblicato sul sito web istituzionale (www.garanteprivacy.it), ha deliberato l'avvio di una procedura

News Giuridiche