Data Protection Insider, Issue 113

Data Protection Insider, Issue 113 - DPI 26

– ECtHR: Italy Offers Insufficient Redress Against Illegal Telephone Tapping of Persons Not Party to Criminal Proceedings –

On 23rd May, the ECtHR ruled that Italian law did not offer effective guarantees against abuse in the framework of telephone tapping of individuals who are not suspected of, or charged with, crime in Contrada v Italy (N 4). As to the facts of the case, the applicant in the main proceedings – Mr. Contrada, a police officer – had previously been convicted of supporting the Italian mafia in his role as a police officer. Subsequently, he was again involved as a police officer in the investigation into crimes committed by the Italian mafia and he was suspected again of collaborating with its members. However, the Italian police investigated only against two alleged members of the mafia and another police officer, all three of which were suspected of having committed the murder of another police officer. However, Mr Contrada himself was not a suspect in this crime. Nevertheless, his telephones were tapped following a judicial order. Subsequently, his residence was searched and Mr Contrada learned from the search warrant that his telephones had been tapped. He complained that, since he was not a suspect, he did not have a recourse to an effective remedy to challenge the legality of the tap, and that his rights under Articles 6, 8 and 13 ECHR were thus breached. In its ruling, the Court recalled that telephone tapping constitutes an interference with Article 8 ECHR. It then established that the interference had a legal basis in Italian law, which is sufficiently accessible and foreseeable. The issue the Court saw with the present case concerned the specific case of individuals who are not suspects in a criminal investigation and whether they have at their disposal the same recourse to remedies as suspects. The Court assessed it as positive that suspects in a crime should be informed under Italian law of tapping once it has ended, and be granted access to the recordings and the judicial warrants authorising them, in order to challenge their lawfulness. These safeguards, however, were not envisaged in law in relation to individuals who are not suspects in a crime. According to the English summary of the judgment: ‘The Court concluded that Italian law did not afford adequate and effective guarantees against abuse to individuals who had been subjected to an interception measure but who, since they were not suspected or accused of involvement in an offence, were not parties to the proceedings. In particular, there was no provision whereby those individuals could apply to a judicial authority for an effective review of the lawfulness and necessity of the measure and to obtain appropriate redress, as applicable’. Thus, the Court established that the interception measures under Italian law did not meet the ‘necessary in a democratic society’ requirement and thus the quality of the law was insufficient. Having established the breach of Article 8 ECHR, the Court did not examine separately the complaints under Articles 6 and 13 ECHR. Editorial note: The above summary is based on the English language version of the Court’s press release to the case as the judgment is available only in French.

– ECtHR Decides on Poland’s Secret Surveillance Regime –

On 27th May, the ECtHR decided in the case of Pietrzak and Bychawska-Siniarska and Others. The case essentially concerned a complaint relating to Polish legislation authorizing a system of secret surveillance – relating to the operational control regime, national data retention law, and the national anti-terrorism law. In this regard, the plaintiffs complained to the Court under Article 8 – and Article 13, which will not be further considered here – that their rights had been infringed as a result of several aspects of national law. The Court found – after finding the applicants’ eligible to complain, despite their inability to prove they were actually the subject of the impugned surveillance regime – violations of Article 8 concerning the operational control regime, concerning the regime relating to the retention of communication data for access by the authorities, and concerning the secret surveillance regime outlined in the anti-terrorism law. Regarding the operational control regime, the Court considered it lacked sufficient guarantees against arbitrariness and risks of abuse – including inadequacies relating to the precision of the the scope of the regime, the duration of surveillance, the factual justification for surveillance, judicial oversight, the provision of information to suspects, and the protection of lawyers’ professional secrecy. Regarding the retention of communications data, the Court considered that the national data retention legislation, which foresees general and undifferentiated retention of data, did not adequately limit interference with individuals’ rights. Regarding the secret surveillance regime in the anti-terrorism law, the Court highlighted that the law did not foresee adequate independent and impartial oversight of secret surveillance measures. Unfortunately, at the time of writing, the case was available only in French. The authors are not fluent French speakers and have relied on an electronic translation of the decision. Whilst this is not ideal, the authors felt the judgment worthy of discussion. Unfortunately, the authors cannot rule out the possibility that errors were made in translation or that these errors were reproduced in this report. Accordingly, the authors urge all readers interested in the decision to consult the primary materials themselves.

– Updates from the EDPB –

In the past two weeks, the EDPB published the following significant documents:

  • On 27th May, ‘Statement 2/2024 on the financial data access and payments package’– available here.
  • On 27th May, ‘Opinion 11/2024 on the use of facial recognition to streamline airport passengers’ flow (compatibility with Articles 5(1)(e) and(f), 25 and 32 GDPR’ – available here.
  • On 24th May, ‘Report of the work undertaken by the ChatGPT Taskforce’ – available here.


DPI Editorial Team

Dara Hallinan, Editor: Legal academic working at FIZ Karlsruhe. His specific focus is on the interaction between law, new technologies – particularly ICT and biotech – and society. He studied law in the UK and Germany, completed a Master’s in Human Rights and Democracy in Italy and Estonia and wrote his PhD at the Vrije Universiteit Brussel on the better regulation of genetic privacy in biobanks and genomic research through data protection law. He is also programme director for the annual Computers, Privacy and Data Protection conference.

Diana Dimitrova, Editor: Researcher at FIZ Karlsruhe. Focus on privacy and data protection, especially on rights of data subjects in the Area of Freedom, Security and Justice. Completed her PhD at the VUB on the topic of ‘Data Subject Rights: The rights of access and rectification in the AFSJ’. Previously, legal researcher at KU Leuven and trainee at EDPS. Holds LL.M. in European Law from Leiden University.

Leave a Reply