A legal duty to store and retain certain data relating to e-communications users has been overturned by the Constitutional Court.

Providers of public communication services will need to review their current retention policies to ensure that they do not retain a wider scope of data and for a longer period than is permitted after the legislation was cancelled as of 12 April 2011.

Under the Act on Electronic Communications, providers of fixed and mobile telephones, internet and other public communications services were obliged to retain certain data about their users for between 6 and 12 months.

In practice, the data stored by providers included:

  • the source, destination, date, time, duration and type of all phone calls, whether successful or unsuccessful
  • IP addresses, data transfer volumes, domain names visited, data indentifying communications equipment and the URLs for all uses of the internet and other public network services

The obligation to retain the data derived from EU Directive 2006/24/EC requiring providers of public communication services to retain certain data for investigating, detecting and prosecuting serious crimes.

However, the Constitutional Court ruled that the Act on Electronic Communications (and the decree implementing it) should be cancelled on the grounds that:

  • it did not provide sufficient safeguards to guarantee that users´ data would be sufficiently protected against unauthorised or excessive use by public authorities
  • the relevant provisions of the Act therefore infringed individuals' constitutionally protected right to privacy
  • the scope of users´ data required to be retained under the Act was significantly wider than that required by the Directive
  • the Act permitted data retention for purposes other than the investigation, detection and prosecution of serious crimes (eg for minor crimes) whereas the Directive did not
  • the Act did not sufficiently specify which public authorities were entitled to access the data, and that users were not given sufficient rights to be informed which authorities had access to their data.

Law: Act on Electronic Communications; Directive 2006/24/EC; Decree No.485/2005 Coll., on Scope of Traffic and Localisation data, Its Retention Periods and on Form of Its Manner of Handing Over to Public Authorities

This article was written for Law-Now, CMS Cameron McKenna's free online information service. To register for Law-Now, please go to www.law-now.com/law-now/mondaq

Law-Now information is for general purposes and guidance only. The information and opinions expressed in all Law-Now articles are not necessarily comprehensive and do not purport to give professional or legal advice. All Law-Now information relates to circumstances prevailing at the date of its original publication and may not have been updated to reflect subsequent developments.

The original publication date for this article was 29/04/2011.