The attorney-general was correct to suspend prosecution of a criminal case earlier this week, but a broader question hangs over the retention of electronic data and authorities’ use of it to investigate and prosecute crime, Justice Minister Ionas Nicolaou said on Tuesday.
He was referring to the attorney-general’s decision to suspend prosecution of former Paphos mayor Savvas Vergas and three others who were accused of threatening witnesses and obstruction of justice.
The decision was made after an EU court ruled against storing telecoms data to be used by national authorities in the case of a crime.
The case against Vergas and the other three was based on telecoms data retrieved by police under a law that mandated their storage for six months.
The transmissions included death threats.
Nicolaou said the recent ruling by the Court of Justice of European Union (CJEU) would impede the ability of law enforcement authorities to investigate crime.
“It is a fact that the recent decision by the European court has caused considerable consternation and concern among all member states,” the minister said.
He said he and his EU counterparts discussed the matter during three meetings held last week.
Also present at one of the meetings were the European Justice Commissioner and the European Commissioner for Migration, Home Affairs and Citizenship.
The consensus, said Nicolaou, was that the court decision on data retention will negatively impact the investigation of not only electronic crime – such as child pornography – but also crime in general, depriving authorities of the means of acquiring leads on suspects.
He said the two European commissioners promised that by end-February they would submit their views to a committee of technocrats so that the matter would be discussed anew at the next council in March.
These proposals, he added, might lead to the drafting of a new EU directive that would be consistent with the European court’s decision.
At any rate, Nicolaou said, the attorney-general was correct to withdraw the prosecution of Vergas and the three others because a guilty verdict would inevitably have been appealed with the Supreme Court in Cyprus.
If that happened, there was a risk the Supreme Court would then rule that the national law on data retention was void and had to be scrubbed in its entirety.
On December 21, 2016 the CJEU held that while the E-Privacy Directive (EPD) did permit member states to impose national measures for the retention of data and for access to the retained data by law enforcement agencies (LEAs), it could only do so provided certain conditions are satisfied.
It said data retention must only be adopted when “strictly necessary” for the purposes of fighting crime. The crime in question must be serious crime.
Moreover, for LEAs to have access to retained data, national laws must lay down “substantive” and “procedural” conditions that govern the access by LEAs to the retained data.
National laws giving LEAs access to the retained data are only lawful if: access to retained data by LEAs is approved by a prior review carried out by national courts or administrative bodies; and LEAs notify individuals after their data has been accessed.