The Strasbourg Court: operators may retain data on purchasers of prepaid SIM cards

According to a ruling of the European Court of Human Rights, storing data of those who buy a prepaid SIM card does not infringe the privacy and helps criminal investigations.
by Andrea Monti

On January 30, 2020, the European Court of Human Rights issued the judgment in Case 50001/12 (Breyer v. Germany). The Court ruled that it is lawful for telephone operators to retain personal data of prepaid SIM card users and communicate it to the authorities in response to a formal request. The principle expressed by the Court seems trivial and obvious, but it is an essential barrier to the overwhelming invasiveness of a poorly understood “right to privacy”, which is much too often invoked inappropriately.

The decision follows an action brought in Germany by two civil rights activists who had complained that their privacy had been violated because of the obligation in question, laid down in Article 111 of the German Telecommunications Code.
This provision burdens with two obligations an operator offering telecommunications services involving the allocation or otherwise management of telephone numbers. The first is the duty to ask the customer for an identity document and then to keep the number assigned, the name, address (and date of birth, in the case of natural persons) of the holder, the address of the circuit in the case of a fixed line, the IMEI of the mobile terminal (when supplied with the number), the date of entry into force of the contract. The second is to communicate these information to the authorities pursuing a legitimate request.

In a frankly captious manner, the two complainants took the view that their privacy was infringed by the mere fact that the data in question were stored, without complaining about any form of abusive interception or other electronic surveillance by the German institutions. And – it should be added – it is not clear where the “violation of privacy” would be in the conservation of data which are entirely harmless and which, moreover, at least in Italy, should in any case be preserved to ensure compliance with tax and civil law.

After an in-depth analysis of the national, European and Community regulatory framework, the Court found that the system of control over the activities of public authorities – and in particular the investigative ones – is adequate to allow the balance between the individual right to respect for private life and the duty of the State to bring to justice those responsible for criminal acts.

For the record, the decision was not unanimous because one of the judges released a dissenting opinion. In synthesis, the dissenting judge held that non-critical data such as those subject to conservation would, in any case, have allowed the police forces to associate specific contents to the identity of the holder of the SIM (hardly an issue, since this is precisely what is expected of the investigating authority).
In addition, said the dissenting judge, German law created a preventive and generalized listing of all the holders of a SIM card, i.e. … a telephone directory. Again, it is hard to see where the violation of “fundamental rights” would be.
Finally, and this is the weakest part of this dissenting opinion, the conservation of these data would be disproportionate with respect to the “protection of privacy” because German law allows access to data not only the judicial authorities but also the emergency services, customs and fiscal and tax control services. Put in these terms, therefore, “in the name of privacy” the State should not be able to use the personal data of the SIM holders to counter tax evasion, customs fraud or to intervene in an emergency. A rather paradoxical conclusion.

Net of the questionable “minority motion”, this decision – especially from an Italian perspective – expresses a rather banal principle, since, as is well known, the Italian operators acquire the identity document not only in the SIM purchase phase but also in every subsequent intervention (from substitution, to change of size, to migration toward another operator).

At the same time, however, the decision reveals how distorted and instrumental is the concept of the “right to privacy”, which is invoked in an increasingly disjointed way, in the belief that it is like Captain America’s shield or Iron Man’s Hulkbuster: an instrument capable of blocking the operation of any other law.

In reality, this is not so because the right to respect for one’s family and private life can and must step back in the name of public interests such as, precisely, that of investigating criminal actions, provided that the public authorities are under scrutiny and that the limitation of an individual right is proportionate to the judicial goal.

It is clear, therefore, that the claims of the plaintiffs had no real substance because they translated into generic, abstract and unrelated statements with actual violations of some fundamental right. And one wonders what the meaning of such actions is since they have the effect of damaging the right to respect for private life rather than protecting it.

On the sidelines, in conclusion, it is worth mentioning one collateral but no less important aspect of the judgment: the fact that the decision considers “national security” (and not only the fight against crime) as a suitable criterion for establishing the limitation of fundamental rights.

While, however, criminal law and investigation rule govern the fight against crime, the concept of “national security” is not defined by law as an objective of political action.

The consequence is that if the need to protect national security is not “incorporated” into a law defining its contents and operational limits, then national security becomes an unbearable weight that alters any balance with the protection of individual rights. In other words, that would mean to use a political (rather than legal) criterion to intervene on constitutionally guaranteed rights, without going through Parliament’s assessment.

If anything, it would have been essential to ask the Court to intervene on this issue, rather than on others of marginal importance.

Even Thumbs Deserve Privacy

This article published by Il Fatto Quotidiano is illustrated by a photo that portrays a policeman from the mobile team of Rome and an arrested man whose image is blurred. Not, as you might think without seeing it, on the face that also has a winking expression towards the photographer, but on the hand that is shaped in the pose (the thumb raised) universally become synonymous with “I like it”.

The expression of the arrested subject is disturbing because it is no different from that of a star crossing the red carpet of a film festival or a sports champion celebrating a victory. And it reinforces the mistaken perception – further distorted by television series such as Narcos and Gomorrah – that there is an aesthetic of evil in the name of which, by committing atrocious acts, one can become famous.

This “right thumb” attached to the hand of an ordinary person accused of a crime obviously means that from the desire for a “moment of glory” experienced in film/television fiction we have moved on to the lust of a celebrity at all costs, including that of becoming a protagonist of a crime story.

I don’t know who (whether the photographer or the newspaper) has made the choice to blur the anatomical detail of the arrested, but in both cases I can’t find a reasonable explanation, except for the one that, by now, even the thumbs have a right to their privacy.

The EUCJ to Alter The Personal Liability Principle

With a disturbing decision, related to case C-136/17 in re: search engine’s de-listing duties the European Court of Justice hold that

the operator of the search engine as the person determining the purposes and means of that activity must ensure, within the framework of his responsibilities, powers and capabilities, that the activity meets the requirements of EU law in order that the guarantees laid down by EU law may have full effect and that effective and complete protection of data subjects, in particular of their right to privacy, may actually be achieved.

but did not spend a single word on the role and duties of the originator of information. Continue reading “The EUCJ to Alter The Personal Liability Principle”

Copyright on Information. A Dangerous Path

In its “Re-use of Public Sector information” website section, the Irish Data Protection Commissioner writes verbatim

All of the information featured on our website is the copyright of the Data Protection Commission unless otherwise indicated. You may re-use the information on this website free of charge in any format.

At first sight this statement might looks innocuous, but actually it carries a blatant mistake that will turns into a dangerous trend: imposing copyright on information.

In the EU, Copyright – better, the Right of Author – grants legal protection to the way an idea is creatively put in writing or in whatever way can be perceived by a human beings. In other words, this Shakespear’s quote from Hamlet’s Act II, Scene II

Though this be madness, yet there is method in ‘t.

is protected by the Right of Auhtor because of the “how” (creative form) rather than of the “what” (raw information). 1

Therefore, the statement of the Irish Data Protection Commissioner is a wrong enforcement of the Right of Author prerogatives.

But why is it dangerous too?

The talk I did at the 2004 Licensing Executive Society of Britain and Ireland Annual Conference, lately edited in a paper published by Ciberspazio e Diritto (English version available here) explains what is at stake:

The impossibility of securing patents did not stop the attempts to establish some sort of “ownership” on the genetic information, and alternative ways have been sought. As far back as 1987, Walter Gilbert, one of the pioneers in bioinformatics research, declared to the Washington Post: “I don’t believe in the patentability of the genome. What we are actually interested in is securing copyrights on the sequences. This means that if someone wishes to read the code, they will have to pay us to get access. Our goal is to make the information available to everyone. Provided they pay a price.

Imposing “copyright” over information, then, is not only wrong because there is no creativity on raw data. Is dangerous because it is a way to deprive people of their right to knowledge (right to science) and to be informed (free speech)

 ?

  1. Of course Hamlet is in the public domain regime, but the moral Right of Author still stands