Skip to main content

Constitutional Court: The Criteria for Access to Traffic Data Too Loose

|

Slovenia’s Constitutional Court found the provisions of the Criminal Procedure Act (CPA) enabling the prosecution (police) to access and seize traffic data (data about the circumstances of a communication) to be disproportionate and therefore in violation of the constitutionally guaranteed freedom to communication privacy. The Court set a one-year period in which the Parliament is to amend the CPA accordingly.

The relevant CPA provisions allowed for a criminal court to issue a subpoena to the telecommunication or information-society provider, forcing them to send relevant data about a certain communication (i.e., traffic data; never the contents of the communication) to the police or/and prosecution, if such data was necessary (“need to be acquired”) for the discovery, prevention, or proof of a criminal act. The subpoena could relate not only to the communication of the suspect of a criminal act but also to the communication made by the criminal act’s victim or by a person whose communication could reveal the suspect’s location.

According to the CPA, the subpoena could have been granted in case of a “reason to suspect” that a criminal act was carried out or is being carried out or is being prepared or organized. There was a list of criminal acts in relation to which the subpoena could have been granted. In addition, the CPA provided for the possibility of real-time traffic data relaying/broadcasting if a criminal act in question was punishable by more than a year’s imprisonment or if the owner of the communication device in question agreed to it.

The Constitutional Court observed that the Constitution of the Republic of Slovenia is rather strict when it comes to the derogation of one’s communication privacy. It also stressed out that in certain cases traffic data might provide even deeper insight into someone’s life, habits and relations than the contents of the communication itself. Therefore, in the Court’s view, the provisions in question failed to pass the constitutional test of proportionality. Namely, the Court found that:

  • the required standard of “reason to suspect”, as opposed to the probable cause, was too broad, meaning that subpoena could have been used against many persons, including the ones absolutely not connected to the criminal act,
  • there were neither limitations with regard to the time period for which it was possible to request the traffic data nor any criteria to ascertain that time period,
  • since, in line with the ECHR and the CJEU jurisprudence, the derogation of communication privacy should only be allowed for the most severe criminal acts, hence the catalogue of the criminal acts in the CPA that could trigger the subpoena was too broad.

The relevant CPA derogation by the Constitutional Court was not the first one in the field of communication privacy. Sadly, here the Parliament and the Government seem to have a particularly hard time striking a balance between (the legitimate goal of) fighting crime and respecting people’s constitutional and convention rights. 

Article provided by INPLP member: Boris Kozlevcar (JK Group d.o.o. /  JK Group ltd, Slovenia)

 

Discover more about the INPLP and the INPLP-Members

Dr. Tobias Höllwarth (Managing Director INPLP)

Cloud Privacy Check (CPC). Data Privacy Compliance in the Cloud Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.

VIEW STREAM

About Us

EuroCloud is an independent non-profit organization and consists of a two-tier setup where organisations form all European countries can apply to participate in as long as they respect the EuroCloud Statutes.

To act as a true European player, all programs that are developed are intended to be European activities. These European programs are the strength of EuroCloud as a whole. Respect to local cultures along with the will to promote a real European spirit.

{$page.footerData}