Utilizziamo cookie tecnici per personalizzare il sito web e offrire all’utente un servizio di maggior valore. Chiudendo il banner e continuando con la navigazione verranno installati nel Suo dispositivo i cookie tecnici necessari ai fini della navigazione nel Sito. L’installazione dei cookie tecnici non richiede alcun consenso da parte Sua. Ulteriori informazioni sono contenute nella nostra Cookie Policy.



Processing of personal data in the field of electronic communications

PrintMailRate-it

​​​​​​​​published on 24 June 2024 | reading time approx. 3 minutes​​


On 30th of April 2024 the European Court of Justice, following requests for preliminary rulings made judgements in cases C-178/22 and C-470/21. In case C-178/22, the ECJ ruled that there have to be consistent requirements of the national legislation concerned that are based on objective criteria to determine under which conditions access is granted to such data as a set of traffic or location data. This data is liable to allow precise conclusions concerning the private life of a user of a means of electronic communication that is retained by providers of electronic communications services. 

The information as requested would include the users and IMEI codes of the devices called or making the calls, the sites visited and reached, the times and durations of calls and connections, the details of the cells and/or towers concerned, as well as the users and IMEI codes of senders/receivers of SMS and MMS. Furthermore, such access has to be an exception rather than the rule to ensure minimal interference with a person's fundamental rights. The court or an independent administrative body shall review and determine a fair balance between the capacity of available data of the person concerned by the access and the legitimate interest of combating crime. 

In turn, the second case C-470/21 of the same date expands on the previously mentioned criteria, adding that, if the national legislation authorizes a public authority that is responsible for the protection of copyright and related rights against infringements of those rights committed on the internet, needs information about IP addresses relating to the civil identities of people who are liable for infringements they can access the publicly available data retained by providers of electronic communications services. But it can be done if the authority ensures that their access is separate and serves exclusively to identify persons suspected of committing the offense and not to allow precise conclusions about the private life of the IP address holders unless required in an atypical situation. If such an authority needs information a data processing system used by the public authority is subject to a review at regular intervals, by an independent body acting as a third party about that public authority, intended to verify the integrity of the system. 

In Latvia, the same requirements can be observed. If an authority wishes to acquire the personal data of a person they have to process it only for a certain legitimate interest as well as the information cannot be used for anything outside of this specifically determined interest. The Consumer Rights Protection Centre, the State Data Inspectorate, and other supervisory and control bodies monitor the circulation of public information services within the scope of their competence. To also address safety concerns data registers can document any activity related to access of personal data – modification, deletion, browsing. The logs of access must be time-stamped and protected from tampering. If the processing of personal data is done based on the legitimate interest of investigation data that is used to identify a person can be kept only for the amount of time it takes to fulfill that interest and it can be used for other purposes only if it serves the legitimate interests of the public, history, statistics or science and data has to be processed proportionally to the new purpose. The purpose, besides the initial legitimate interest, can be mentioned in external laws and regulations. 

Therefore, it can be concluded that Latvian local regulation does provide almost similar considerations and requirements for the processing of personal data in the field of electronic communications, as it was explained by the recent ECJ rullings.​

 DATA PROTECTION BITES

AUTHOR

Contact Person Picture

Staņislavs Sviderskis

Assistant Attorney at Law, Cyber & Information Security Expert

Senior Associate

+371 6733 8125

Invia richiesta

 RÖDL & PARTNER LATVIA

Discover more about our offices in Latvia. 
Deutschland Weltweit Search Menu