The Constitutional Court of the Republic of Slovenia abrogated the data retention provisions of the Act on Electronic Communications (ZEKom-1) in its judgement U-I-65/13-19 of 3 July 2014 following the constitutional request lodged by the Information Commissioner in March 2013 and ECJ judgment of 8 April 2014 in Joined Cases C-293/12 and C-594/12.
The Court abrogated ZEKom-1 articles 162, 163, 164, 165, 166, 167, 168 in 169 and instructed operators of electronic communications to delete retained data immediately after the judgment is published in the Official Gazette. The Court holds data retention as disproportionate for the following reasons:
- unselective retention of data iconstitutes a breach of rights of a large proportion of population that did not provide any reason tj justify such this; – blanket data retention does not provide for anonymous use of communications, which is particularly important in cases where untraceable use is necessary (e.g. calling for help in mental distress);
- arguments for the selected retention periods (8 months for internet related and 14 months for telephony related data) were not provided nor explained in the legislative preparatory documents;
- the use of retained data was not limited to serious crime.
The Slovenian Information Commissioner Nataša Pirc Musar welcomed the ruling and sees it as an important step in protection of the right to privacy and data protection. The Court recognised the importance of personal data protection in relation to the use of modern information and communication technologies, particularly when used by law enforcement as repressive bodies of the state.
The Commissioner has been regularly warning about the problems of major breaches of privacy by law enforcement created by introduction of surveillance technologies. These tend to be used indiscriminately on large proportions of population, thereby encroaching on their right to privacy and data protection. The availability of new technologies such as drones, IMSI catchers and similar has, in several cases, led to requests by the police to the Ministry of Justice to legislate their use and to provide legal grounds enabling their deployment. Unfortunately these requests have often not been backed by sufficient assessments as regards their impact on human rights. In order to allow for transparency and to ensure that new law enforcement powers respect the principles of necessity and proportionality, the Commissioner has issued guidelines on privacy impact assessments (PIA) for the introduction of new police measures, representing a methodological framework for a prudent, reasonable and legitimate introduction of new measures.
The Information Commissioner Pirc Musar emphasised that this is one of her most important achievements during her 10-year mandate which is now ending. The decision of the Court represents an important part in the debate about the necessity and proportionality of the use of surveillance measures and technologies in the context of law enforcement and intelligence agencies.
Request to the Constitutional Court (only in Slovenian)
Decision of the Constitutional Court (only in Slovenian, 03.07.2014)
Electronic Communications Act (ZEKom-1)
Information Commissioner of the Republic of Slovenia (only in Slovenian)
Privacy Impact Assessment (PIA) Guidelines for the Introduction of new Police Powers
(Contribution by Andrej Tomšič, Deputy Information Commissioner,
Information Commissioner, Republic of Slovenia)