Ministry of Justice: Amending laws regarding police obtaining personal data from telecommunications companies to investigate crimes

The Danish Ministry of Justice issued a statement on its website which read as follows:

The European Court of Justice ruling of April 5, 2022 necessitates a change to the Danish rules on the “registration“ of personal data such as data of people on smart devices such as messages, geographical location and other data.

On May 25, 2022, the Ministry of Justice assessed the European Court of Justice ruling of April 5, 2022, concerning Irish data registration rules and the implications of this ruling for Danish rules. In light of this, the Danish registration rules need to be amended. Furthermore, the Ministry of Justice will issue, as soon as possible, rules on targeted data registration, which should be applied in parallel with the existing rules on general registration.

On April 5, 2022, the European Court of Justice ruled in an Irish case concerning the rules of recording, which is important for Danish law enforcement authorities to obtain recorded communications information in order to combat serious crimes.

Immediately following the ruling, the Department of Justice assessed that the decision implied that police, during investigations of serious crimes such as theft or murder, would no longer have access to publicly recorded and indistinguishable data held by telecommunications service providers in order to protect national security. The Department of Justice now affirms this assessment.

Therefore, certain rules of the Code of Criminal Procedure concerning registration need to be amended to align with EU law. The Ministry of Justice will submit a draft law on this matter after the summer recess, and until then, the existing registration rules must be interpreted and applied in accordance with EU law.

Furthermore, the Ministry of Justice is currently in dialogue with the National Police, the National Special Crime Unit, and telecommunications service providers to launch targeted registration rules as soon as possible to combat serious crime—anticipated before the summer holidays. Targeted registration should be implemented in conjunction with existing general and non-differentiated registration rules.

In addition, the Ministry of Justice assesses, in light of the ruling of April 5, 2022 and other precedents of the European Court of Justice, that the police and prosecution authorities – under procedural risk – in cases of serious crimes can obtain all telecommunications information, including traffic data.

According to a statement issued by the Danish Ministry of Justice, Justice Minister Mattias Tesfaye says:

“There should be no doubt that the government would have preferred the European Court of Justice to reach a different conclusion and that it would have been possible to use the recorded information generally and undifferentiated to protect national security as well as to prosecute serious crimes such as murder and rape. However, we must state that this is not possible under EU law, as the European Court of Justice found that it would be contrary to the Electronic Data Protection Directive in conjunction with the EU Charter of Fundamental Rights. Nevertheless, we must ensure that the police and public prosecutors have the best possible conditions to investigate and prosecute serious crimes. Recorded information is an important tool. Therefore, the Ministry of Justice will launch a targeted registration process as soon as possible so that it can be used to prosecute serious crimes. In this regard, the Ministry of Justice estimates that the police and public prosecutors will be able to access communications information from service providers during the period in which the service providers themselves store the information on a basis different from the registration rules. In the situation we are in, I believe, on the whole, that the country is a place we can live in.”.

Background on the Ministry of Justice assessment

The telecommunications industry has stated that telecom companies record and store certain user traffic and location data for limited periods for reasons other than those arising from logging rules, such as error correction (see note at the bottom of the article). If there is no obligation to record and store traffic data for national security purposes or to combat serious crime, telecom companies will still record and store data, including traffic data, for limited periods to correct errors, etc. The telecommunications industry has stated that service providers record and store communications information in a way that distinguishes between information stored as a result of logging rules and information stored on other grounds.

The Ministry of Justice assessment indicates that in the future, police will be able to access all communications information, including traffic data, held by service providers for reasons other than registration requirements, for use in serious crimes. However, this information will only be accessible during the period when providers store it for reasons other than registration rules. The telecommunications industry has stated that service providers record and store error correction data for a short period, for example, 14 days, while other data is stored for longer periods.

Regarding the Ministry of Justice's assessment of the risks of the operation
The European Court of Justice has not ruled on whether police and prosecutors in serious crime cases can access traffic data recorded and stored by service providers on a non-recording basis when there is simultaneously an obligation to store login information for national security purposes. This relates, for example, to information stored by providers for error correction.

The risks of the process are that the traffic data recorded and stored as a result of the registration obligation – which the European Court of Justice ruled in its recent judgment of 5 April 2022 can only be obtained for the purpose of protecting national security – is largely the same information stored by service providers for error correction reasons, etc., for a limited period.

Among other things. Against this background, the Ministry of Justice assesses – subject to procedural risks – that the authorities can, in accordance with EU law, access this information when it is stored by service providers for reasons other than those relating to the registration obligation.

Implementing targeted registration
The possibility of initiating targeted registration for the purpose of combating serious crimes is included in the current registration rules, but service providers are not currently required to carry out targeted registrations for areas or individuals associated with serious crimes.

Through targeted geographic and personal registration, authorities will also be able to obtain traffic data for use in serious crimes for one year.

(noteThe term “error correction“ implies that telecommunications companies store data for technical improvement and to address errors in their systems. The word ”pass“ in the statement is a translation of ”trafik,” referring to all internet browsing and wired and wireless devices.