CEDHCASELAW;JUDGMENTS;CHAMBER;ENG6
CEDH · CASELAW;JUDGMENTS;CHAMBER;ENG — 19 juin 2018
- ECLI
- ECLI:CE:ECHR:2018:0619JUD003525208
- Date
- 19 juin 2018
- Publication
- 19 juin 2018
droits fondamentauxCEDH
Source : DILA / Judilibre · open data
Mes notes
privées · visibles par vous seulRésumé structuré
version préliminaireFaits
Non déterminable à partir du texte fourni.
Procédure
Non déterminable à partir du texte fourni.
Question juridique
Non déterminable à partir du texte fourni.
Solution
source officiellePreliminary objection joined to merits and dismissed (Art. 34) Individual applications;(Art. 34) Victim;No violation of Article 8 - Right to respect for private and family life (Article 8-1 - Respect for correspondence)
Résumé généré automatiquement — à vérifier avec la décision originale.
Analyse IA non disponible
Générez un résumé intelligent de cette décision
Texte intégral
.s800EAC49 { font-size:12pt } .sFE10DC93 { margin-top:0pt; margin-bottom:0pt; text-align:center } .sBB9EE52A { font-family:Arial } .s29100277 { font-family:Arial; font-weight:bold } .sA36B60A1 { font-family:Arial; font-style:italic } .s23860FF7 { margin-top:0pt; margin-bottom:0pt; text-indent:14.2pt; text-align:center } .s598389FB { margin-top:0pt; margin-bottom:0pt; text-align:center; font-size:14pt } .sE208486F { font-family:Arial; color:#ff0000 } .s2E932ED2 { margin-top:0pt; margin-bottom:0pt; font-size:11pt } .s4ACA9207 { page-break-before:always; clear:both; mso-break-type:section-break } .s9793A85B { margin-top:0pt; margin-bottom:0pt; text-indent:14.2pt } .sCB9E0544 { margin-top:0pt; margin-bottom:0pt; text-align:left } .sB9D5CABB { width:28.35pt; display:inline-block } .sD3B63DAD { margin-top:36pt; margin-bottom:12pt; page-break-inside:avoid; page-break-after:avoid; font-size:14pt } .s79DE5897 { margin-top:18pt; margin-left:17.85pt; margin-bottom:12pt; text-indent:-17.85pt; page-break-inside:avoid; page-break-after:avoid } .sA8776625 { margin-top:18pt; margin-left:29.2pt; margin-bottom:12pt; text-indent:-17.6pt; page-break-inside:avoid; page-break-after:avoid } .sF7A86111 { margin-top:6pt; margin-left:21.25pt; margin-bottom:6pt; text-indent:7.1pt; font-size:10pt } .s72C8F48C { margin-top:12pt; margin-left:36.6pt; margin-bottom:6pt; text-indent:-15.05pt; page-break-inside:avoid; page-break-after:avoid } .s34D46E87 { margin-top:12pt; margin-bottom:6pt; text-align:center; page-break-inside:avoid; page-break-after:avoid; font-size:10pt } .sBB355983 { margin-top:6pt; margin-left:21.25pt; margin-bottom:6pt; text-indent:7.1pt; page-break-inside:avoid; page-break-after:avoid; font-size:10pt } .s4B910EEF { margin-top:6pt; margin-left:42.55pt; margin-bottom:6pt; text-indent:7.1pt; font-size:10pt } .s4A833193 { margin-top:6pt; margin-left:42.55pt; margin-bottom:6pt; text-indent:-14.2pt; font-size:10pt } .s275CCCF2 { width:5.86pt; text-indent:0pt; display:inline-block } .s9F7AB5CD { width:7.05pt; text-indent:0pt; display:inline-block } .sD982FC80 { margin-top:6pt; margin-left:42.55pt; margin-bottom:6pt; font-size:10pt } .sF74FAE9B { font-family:Arial; font-size:9.5pt } .sA20670C4 { margin-top:12pt; margin-left:48.75pt; margin-bottom:6pt; text-indent:-17pt; page-break-inside:avoid; page-break-after:avoid; font-size:10pt } .s39A7D870 { margin-top:0pt; margin-bottom:0pt; text-indent:14.2pt; page-break-inside:avoid; page-break-after:avoid } .s59DEA84 { margin-top:12pt; margin-left:59.5pt; margin-bottom:6pt; text-indent:-17.85pt; page-break-inside:avoid; page-break-after:avoid; font-size:10pt } .sB206C230 { margin-top:12pt; margin-left:68.65pt; margin-bottom:6pt; text-indent:-16.75pt; page-break-inside:avoid; page-break-after:avoid; font-size:10pt } .s583D00FA { margin-top:0pt; margin-left:17pt; margin-bottom:0pt; text-indent:-17pt } .s4B243ECC { margin-top:12pt; margin-bottom:0pt; text-indent:14.2pt; page-break-inside:avoid; page-break-after:avoid } .sF7A4323 { margin-top:36pt; margin-bottom:0pt; text-align:left } .s2650D24D { width:191.6pt; display:inline-block } .s7602FED2 { width:18.21pt; display:inline-block } .sC1AC44A4 { width:228.11pt; display:inline-block }     THIRD SECTION           CASE OF CENTRUM FÖR RÄTTVISA v. SWEDEN   (Application no. 35252/08)           JUDGMENT     STRASBOURG   19 June 2018         THIS CASE WAS REFERRED TO THE GRAND CHAMBER WHICH DELIVERED JUDGMENT IN THE CASE ON 25/05/2021         This judgment may be subject to editorial revision.   In the case of Centrum för rättvisa v. Sweden, The European Court of Human Rights (Third Section), sitting as a Chamber composed of:   Branko Lubarda, President,   Helena Jäderblom,   Helen Keller,   Pere Pastor Vilanova,   Alena Poláčková,   Georgios A. Serghides,   Jolien Schukking, judges, and Stephen Phillips, Section Registrar, Having deliberated in private on 29 May 2018, Delivers the following judgment, which was adopted on that date: PROCEDURE 1.     The case originated in an application (no. 35252/08) against the Kingdom of Sweden lodged with the Court under Article 34 of the Convention for the Protection of Human Rights and Fundamental Freedoms (“the Convention”) by Centrum för rättvisa on 14 July 2008. 2.     The Swedish Government (“the Government”) were represented by their Agent, Mr A. Rönquist, Ministry for Foreign Affairs. 3.     The applicant alleged that Swedish legislation and practice in the field of signals intelligence have violated and continue to violate its rights under Article 8 of the Convention. It also complained that it has had no effective domestic remedy through which to challenge this violation. 4.     On 1 November 2011 (admissibility) and 14 October 2014 (admissibility and merits) the application was communicated to the Government. 5.     On 14 October 2014 the International Commission of Jurists, Norwegian Section, was granted leave to submit written comments, under Rule 44 § 3 of the Rules of the Court. THE FACTS I.     INTRODUCTION 6.     The applicant, Centrum för rättvisa, is a Swedish foundation which was established in 2002 and which has its seat in Stockholm. A not ‑ for ‑ profit organisation, its stated objective is to represent clients, in litigation against the State and otherwise, who claim that their rights and freedoms under the Convention and under Swedish law have been violated. It also conducts education and research and participates in the general debate on issues concerning individuals’ rights and freedoms. The applicant communicates on a daily basis with individuals, organisations and companies in Sweden and abroad by email, telephone and fax and asserts that a large part of that communication is particularly sensitive from a privacy perspective. Due to the nature of its function as a non-governmental organisation scrutinising the activities of State actors, it believes that there is a risk that its communication through mobile telephones and mobile broadband has been or will be intercepted and examined by way of signals intelligence. The applicant has not brought any domestic proceedings, contending that there is no effective remedy for its Convention complaints. 7.     Signals intelligence can be defined as intercepting, processing, analysing and reporting intelligence from electronic signals. These signals may be processed to text, images and sound. The intelligence collected through these procedures may concern both the content of a communication and its associated communications data (the data describing, for instance, how, when and between which addresses the electronic communication is conducted). The intelligence may be intercepted over the airways – usually from radio links and satellites – and from cables. Whether a signal is transmitted over the airways or through cables is controlled by the communications service providers. A great majority of the traffic relevant for signals intelligence is cable-based. The term “signal carriers” refers to the medium used for transmitting one or more signals. Unless indicated in the following, the regulation of Swedish signals intelligence does not distinguish between the content of communications and their communications data or between airborne and cable-based traffic. II.     RELEVANT DOMESTIC LAW AND PRACTICE A.     Generally on signals intelligence 8.     Foreign intelligence is, according to the Foreign Intelligence Act ( Lagen om försvarsunderrättelseverksamhet ; 2000:130), conducted in support of Swedish foreign, defence and security policy, and in order to identify external threats to the country. The activities should also assist in Sweden’s participation in international security cooperation. Intelligence under the Act may only be conducted in relation to foreign circumstances (section 1(1)). The Government determines the direction of the activities; it also decides which authorities may issue more detailed directives and which authority is to conduct the intelligence activities (section 1(2) and 1(3)). The Government issues general tasking directives annually. Foreign intelligence may not be conducted for the purpose of solving tasks in the area of law enforcement or crime prevention, which come under the mandate of the Police Authority, the Security Police and other authorities and which are regulated by different legislation. However, authorities that conduct foreign intelligence may support authorities dealing with law enforcement or crime prevention (section 4). Examples of such support are cryptanalysis and technical help on information security (preparatory works to amended legislation on foreign intelligence, prop. 2006/07:63, p. 136). 9.     The collection of electronic signals is one form of foreign intelligence. It is regulated by the Signals Intelligence Act ( Lagen om signalspaning i försvarsunderrättelseverksamhet ; 2008:717), which entered into force on 1   January 2009. Several amendments were made to the Act on 1 December 2009, 1 January 2013, 1 January 2015 and 15 July 2016. Supplementary provisions are found in the Signals Intelligence Ordinance ( Förordningen om signalspaning i försvarsunderrättelseverksamhet ; 2008:923). The legislation authorises the National Defence Radio Establishment ( Försvarets radioanstalt ; henceforth “the FRA”) to conduct signals intelligence (section   2 of the Ordinance compared to section 1 of the Act). During signals intelligence all cable-based cross-border communications are transferred to certain points of collection. No information is stored at these points and a limited amount of data traffic is transferred to the FRA by signals carriers (parliamentary committee report SOU 2016:45, p. 107) The FRA may conduct signals intelligence within the area of foreign intelligence only as a result of a detailed tasking directive issued by the Government, the Government Offices, the Armed Forces and, as from January 2013, the Security Police and the National Operative Department of the Police Authority ( Nationella operativa avdelningen i Polismyndigheten ; hereafter “NOA”) (sections 1(1) and 4(1) of the Act) in accordance with the issuer’s precise intelligence requirements. However, the direction of the FRA’s “development activities” (see further paragraph 14 below) may be determined solely by the Government (section 4(2)). A detailed tasking directive determines the direction of the intelligence activities and may concern a certain phenomenon or situation, but it may not solely target a specific natural person (section 4(3)). 10.     The mandate of the Security Police and the NOA to issue detailed tasking directives aims to improve these authorities’ ability to obtain data about foreign circumstances at a strategic level concerning international terrorism and other serious international crime that may threaten essential national interests. At the time of introduction of the new rules, the Government stated in the preparatory works (prop. 2011/12:179, p. 19) that the mandate is in accordance with the prohibition on conducting signals intelligence for the purpose of solving tasks in the area of law enforcement or crime prevention. 11.     According to the Foreign Intelligence Ordinance ( Förordningen om försvarsunderrättelseverksamhet ; 2000:131), a detailed tasking directive shall include information about 1) the issuing authority, 2) the part of the Government’s annual tasking directive it concerns, 3) the phenomenon or situation intended to be covered, and 4) the need for intelligence on that phenomenon or situation (section 2a). B.     Scope of application of signals intelligence 12.     The purposes for which electronic signals may be collected as part of foreign intelligence are specified in the Signals Intelligence Act which provides that signals intelligence may be conducted only to survey 1)     external military threats to the country, 2) conditions for Swedish participation in international peacekeeping or humanitarian missions or threats to the safety of Swedish interests in the performance of such operations, 3) strategic circumstances concerning international terrorism or other serious cross-border crimes that may threaten essential national interests, 4) the development and proliferation of weapons of mass destruction, military equipment and other similar specified products, 5)     serious external threats to society’s infrastructure, 6) foreign conflicts with consequences for international security, 7) foreign intelligence operations against Swedish interests, and 8) the actions or intentions of a foreign power that are of substantial importance for Swedish foreign, security or defence policy (section 1(2)). 13.     These eight purposes are further elaborated upon in the preparatory works to the legislation (prop. 2008/09:201, pp. 108-109): “The purposes for which permits to conduct signals intelligence may be granted are listed in eight points. The first point concerns external military threats to the country. Military threats include not only imminent threats, such as threats of invasion, but also phenomena that may in the long term develop into security threats. Consequently, the wording covers the surveying of military capabilities and capacities in our vicinity. The second point comprises both surveying necessary to provide an adequate basis for a decision whether to participate in international peacekeeping or humanitarian missions and surveying performed during ongoing missions concerning threats to Swedish personnel or other Swedish interests. The third point refers to strategic surveying of international terrorism or other serious cross-border crime, such as drug or human trafficking of such severity that it may threaten significant national interests. The task of signals intelligence in relation to such activities is to survey them from a foreign and security policy perspective; the intelligence needed to combat the criminal activity operatively is primarily the responsibility of the police. The fourth point addresses the need to use signals intelligence to follow, among other things, activities relevant to Sweden’s commitments in regard to non-proliferation and export control, even in cases where the activity does not constitute a crime or contravenes international conventions. The fifth point includes, among other things, serious IT-related threats emanating from abroad. That the threats should be of a serious nature means that they, for example, should be directed towards vital societal systems for energy and water supply, communication or monetary services. The sixth point refers to the surveying of such conflicts between and in other countries that may have consequences for international security. It may concern regular acts of war between states but also internal or cross-border conflicts between different ethnic, religious or political groups. The surveying of the conflicts includes examining their causes and consequences. The seventh point signifies that intelligence activities conducted against Swedish interests can be surveyed through signals intelligence. The eighth point provides the opportunity to conduct signals intelligence against foreign powers and their representatives in order to survey their intentions or actions that are of substantial importance to Swedish foreign, security or defence policy. Such activities may relate only to those who represent a foreign power. Through the condition “substantial importance” it is emphasised that it is not sufficient that the phenomenon is of general interest but that the intelligence should have a direct impact on Swedish actions or positions in various foreign, security or defence policy matters.   ...” 14.     The FRA may collect electronic signals also in order to monitor changes in the international signals environment, technical advances and signals protection and to develop the technology needed for signals intelligence (section 1(3)). This is regarded as “development activities” and, according to the relevant preparatory works (prop. 2006/07:63, p. 72), they do not generate any intelligence reports. However, the FRA may share experiences gained on technological issues with other authorities. Development activities usually do not focus on communications between individuals, though information on individuals’ identities may be intercepted. 15.     Signals intelligence conducted on cables may only concern signals crossing the Swedish border in cables owned by a communications service provider (section 2). Communications between a sender and receiver within Sweden may not be intercepted, regardless of whether the source is airborne or cable-based. If such signals cannot be separated at the point of collection, the recording of or notes about them shall be destroyed as soon as it becomes clear that such signals have been collected (section 2a). 16.     Interception of cable-based signals is automated and must only concern signals that have been identified through the use of search terms. Such terms are also used to identify signals over the airways, if the procedure is automated. The search terms must be formulated in such a way that the interference with personal integrity is limited as far as possible. Terms directly relating to a specific natural person may only be used if this is of exceptional importance for the intelligence activities (section 3). 17.     After the signals have been intercepted they are processed, which means that they are, for example, subjected to cryptanalysis or translation. Then the information is analysed and reported to the authority that gave the FRA the mission to collect the intelligence in question. C.     Authorisation of signals intelligence 18.     For all signals intelligence, including the development activities, the FRA must apply for a permit to the Foreign Intelligence Court ( Försvarsunderrättelsedomstolen ). The application shall contain the mission request that the FRA has received, with information on the relevant detailed tasking directive and the need for the intelligence sought. Also, the signal carriers to which the FRA requires access have to be specified, along with the search terms or categories of search terms that will be used. Finally, the application must state the duration for which the permit is requested (section   4a). 19.     A permit may only be granted if the mission is in accordance with the provisions of the Foreign Intelligence Act and the Signals Intelligence Act, if the purpose of the interception of signals cannot be met in a less interfering manner, if the mission can be expected to yield information whose value is clearly greater than the possible interference with personal integrity, if the search terms or categories of search terms are in accordance with the Signals Intelligence Act and if the application does not concern solely a specific natural person (section 5). 20.     If granted, the permit shall specify the mission for which signals intelligence may be conducted, the signal carriers to which the FRA will have access, the search terms or categories of search terms that may be used, the duration of the permit and other conditions necessary to limit the interference with personal integrity (section 5a). 21.     The FRA itself may decide to grant a permit, if the application for a permit from the Foreign Intelligence Court might cause delay or other inconveniences of essential importance for one of the specified purposes of the signals intelligence. If the FRA grants a permit, it has to report to the court immediately and the court shall without delay decide in the matter. The court may revoke or amend the permit (section 5b). 22.     The composition of the Foreign Intelligence Court and its activities are regulated by the Foreign Intelligence Court Act ( Lagen om Försvarsunderrättelsedomstol ; 2009:966). The court consists of one president, one or two vice-presidents and two to six other members. The president is a permanent judge, nominated by the Judges Proposals Board ( Domarnämnden ) and appointed by the Government. The vice-presidents, who must be legally trained and have previous experience as judges, and the other members, who are required to have special expertise of relevance for the court’s work, are appointed by the Government on four-year terms. The applications for signals intelligence permits are discussed during hearings, which may be held behind closed doors, if it is clear that information classified as secret would be exposed as a result of a public hearing. During the court’s examination, the FRA as well as a privacy protection representative ( integritesskyddsombud ) are present. The representative, who does not represent any particular person but the interests of individuals in general, monitors integrity issues and has access to the case file and may make statements. Privacy protection representatives are appointed by the Government for a period of four years and must be or have been permanent judges or attorneys. The court may hold a hearing and decide on an application without the presence of a representative only if the case is of such urgency that a delay would severely compromise the purpose of the application. The court’s decisions are final. D.     The duration of signals intelligence 23.     A permit may be granted for a specific period of time, maximum six months. An extension may, after a renewed examination, be granted for six months at a time (Signals Intelligence Act, section 5a). E.     Procedures to be followed for storing, accessing, examining, using and destroying the intercepted data 24.     The Foreign Intelligence Inspectorate ( Statens inspektion för försvarsunderrättelseverksamheten (SIUN); see further paragraphs 36-40 below) oversees access to the signal carriers. Communications service providers are obliged to transfer cable-based signals crossing the Swedish borders to “collaboration points” agreed upon with the Inspectorate. The Inspectorate, in turn, provides the FRA with access to signal carriers in so far as such access is covered by a signals intelligence permit and, in so doing, implements the permits issued by the Foreign Intelligence Court (Chapter 6, section 19a of the Electronic Communications Act ( Lagen om elektronisk kommunikation ; 2003:389)). The Council on Legislation ( Lagrådet ), the body giving opinions on request by the Government or a Parliamentary committee on certain draft bills, has expressed the view that an interference with private life and correspondence presents itself already at this point, because of the State obtaining access to the telecommunications (prop. 2006/07:63, p. 172). 25.     According to the Signals Intelligence Act, intercepted data must be destroyed immediately by the FRA if it 1) concerns a specific natural person and lacks importance for the signals intelligence, 2) is protected by constitutional provisions on secrecy for the protection of anonymous authors and media sources, 3) contains information shared between a suspect and his or her legal counsel and is thus protected by attorney-client privilege, or 4)   involves information given in a religious context of confession or individual counselling, unless there are exceptional reasons for examining the information (section 7). 26.     If communications have been intercepted between a sender and receiver who are both in Sweden, despite the prohibition on such interception, they shall be destroyed as soon as the domestic nature of the communications has become evident (section 2a). 27.     If a permit urgently granted by the FRA (see paragraph 21 above) is revoked or amended by the Foreign Intelligence Court, all intelligence collected which is thereby no longer authorised must be immediately destroyed (section 5b(3)). 28.     The FRA Personal Data Processing Act ( Lagen om behandling av personuppgifter i Försvarets radioanstalts försvarsunderrättelse- och utvecklingsverksamhet ; 2007:259) contains provisions on the treatment of personal data within the area of signals intelligence. The Act entered into force on 1 July 2007, with amendments made on 30 June 2009 and 15   February 2010. The purpose of the Act is to protect against violations of personal integrity (Chapter 1, section 2). The FRA shall ensure, inter alia , that personal data is collected only for certain expressly stated and justified purposes. Such purpose is either determined by the direction of the foreign intelligence activities through a detailed tasking directive or by what is necessary in order to follow changes in the signals environment, technical advances and signals protection. Also, the personal data treated has to be adequate and relevant in relation to the purpose of the treatment. No more personal data than what is necessary for that purpose may be processed. All reasonable efforts have to be made to correct, block and obliterate personal data that is incorrect or incomplete (Chapter 1, sections 6, 8 and 9). 29.     Personal data may not be processed solely because of what is known of a person’s race or ethnicity, political, religious or philosophical views, membership in a union, health or sexual life. If, however, personal data is treated for a different reason, this type of information may be used if it is absolutely necessary for the treatment. Information about a person’s physical appearance must always be formulated in an objective way with respect for human dignity. Intelligence searches may only use the mentioned personal indicators as search terms if this is absolutely necessary for the purpose of the search (Chapter 1, section 11). 30.     Personnel at the FRA who process personal data go through an official security clearance procedure and are subject to confidentiality in regard to data to which secrecy applies. They could face criminal sanctions if tasks relating to the processing of personal data are mismanaged (Chapter   6, section 2). 31.     Personal data that has been subjected to automated processing shall be destroyed as soon as it is no longer needed (Chapter 6, section 1). 32.     Further provisions on the treatment of personal data are laid down in the FRA Personal Data Processing Ordinance ( Förordningen om behandling av personuppgifter i Försvarets radioanstalts försvarsunderrättelse- och utvecklingsverksamhet ; 2007:261). It provides, inter alia , that the FRA may keep databases for raw material containing personal data. Raw material is unprocessed information which has been collected through automated treatment. Personal data in such databases shall be destroyed within one year from when it was collected (section 2). F.     Conditions for communicating the intercepted data to other parties 33.     The intelligence collected shall be reported to the authorities concerned, as determined under the Foreign Intelligence Act (Signals Intelligence Act, section 8; see paragraphs 8-9 above). 34.     The Government Offices, the Armed Forces, the Security Police, the NOA, the Inspectorate of Strategic Products ( Inspektionen för strategiska produkter ), the Defence Material Administration ( Försvarets materialverk ), the Defence Research Agency ( Totalförsvarets forskningsinstitut ), the Civil Contingencies Agency ( Myndigheten för samhällsskydd och beredskap ) and the Swedish Customs ( Tullverket ) may have direct access to completed intelligence reports to the extent the FRA so decides (section 9 of the FRA Personal Data Processing Ordinance). However, to date, no decisions permitting direct access have been taken by the FRA. 35.     Personal data may be communicated to other states or international organisations only if not prevented by secrecy and if necessary for the FRA to perform its activities within international defence and security cooperation. The Government may adopt rules or decide in a specific case to allow such communication of personal data also in other cases when necessary for the activities of the FRA (Chapter 1, section 17 of the FRA Personal Data Processing Act). The FRA may disclose personal data to a foreign authority or an international organisation if it is beneficial for the Swedish government ( statsledningen ) or Sweden’s comprehensive defence strategy ( totalförsvaret ); information so communicated must not harm Swedish interests (section 7 of the FRA Personal Data Processing Ordinance). G.     Supervision of the implementation of signals intelligence 36.     The Foreign Intelligence Act (section 5) and the Signals Intelligence Act (section 10) prescribe that an authority is to oversee the foreign intelligence activities in Sweden and verify that the FRA’s activities are in compliance with the provisions of the Signals Intelligence Act. The supervisory authority – the Foreign Intelligence Inspectorate – is, among other things, tasked with monitoring the implementation of the Foreign Intelligence Act and the associated Ordinance and reviewing whether foreign intelligence activities are performed in compliance with the applicable directives (section 4 of the Foreign Intelligence Inspectorate Instructions Ordinance ( Förordningen med instruktion för Statens inspektion för försvarsunderrättelseverksamheten ; 2009:969)). It shall also review compliance with the Signals Intelligence Act by examining in particular the search terms used, the destruction of intelligence and the communication of reports; if an inspection reveals that a particular intelligence collection is incompatible with a permit, the Inspectorate may decide that the operation shall cease or that the intelligence shall be destroyed (section 10 of the Signals Intelligence Act). The FRA shall report to the Inspectorate the search terms which directly relate to a specific natural person (section 3 of the Signals Intelligence Ordinance). 37.     The Foreign Intelligence Inspectorate is led by a board whose members are appointed by the Government on terms of at least four years. The president and the vice-president shall be or have been permanent judges. Other members are selected from candidates proposed by the party groups in the Parliament (section 10 (3) of the Signals Intelligence Act). 38.     Any opinions or suggestions for measures arising from the Inspectorate’s inspections shall be forwarded to the FRA, and if necessary also to the Government. The Inspectorate also submits annual reports on its inspections to the Government (section 5 of the Foreign Intelligence Inspectorate Instructions Ordinance), which are made available to the public. Furthermore, if the Inspectorate notices potential crimes, it shall report the matter to the Prosecution Authority ( Åklagarmyndigheten ), and, if deficiencies are discovered that may incur liability for damages for the State, a report shall be submitted to the Chancellor of Justice ( Justitiekanslern ). A report may also be submitted to the Data Protection Authority ( Datainspektionen ), which is the supervisory authority on the treatment of personal data by the FRA (section 15). 39.     From the establishment of the Inspectorate in 2009 until and including 2017, the latest year covered by its annual reports, no inspections have revealed reasons to cease an intelligence collection or to destroy the results. During the same period, the Inspectorate submitted several opinions and suggestions to the FRA and one to the Government. In the annual reports, brief descriptions have been given of the 102 inspections undertaken at the FRA; they have included numerous detailed examinations of the search terms used, the destruction of intelligence, the communication of reports, the treatment of personal data and the overall compliance with the legislation, directives and permits relevant to the signals intelligence activities. For instance, an inspection in 2014 concerned a general review of the FRA’s cooperation with other states and international organisations in intelligence matters. It did not give rise to any opinion or suggestion to the FRA. In 2017 the Inspectorate carried out a detailed inspection of the treatment by the FRA of personal data. The inspection concerned treatment of sensitive personal data in connection with strategic circumstances with regard to international terrorism and other serious cross-border crime threatening significant national interests. The inspection did not give rise to any opinion or suggestion. However, during that year, one opinion was submitted to the Government following an inspection of whether the FRA’s intelligence activities were carried out within the direction given. During the years 2009-2017 the Inspectorate found reason to make a report to another authority – the Data Protection Authority – on one occasion, concerning the interpretation of a legal provision. In its annual reports, the Inspectorate has noted that it has been given access to all the information necessary for its inspections. 40.     The supervisory activities of the Foreign Intelligence Inspectorate have been audited by the National Audit Office ( Riksrevisionen ), an authority under Parliament. In a report published in 2015 the Office noted that the FRA had routines in place for handling the Inspectorate’s opinions and that the supervision helped develop the activities of the FRA. Suggestions were dealt with in a serious manner and, when called for, gave rise to reforms. At the same time the Office criticised the Inspectorate’s lack of documentation of inspections and that there were no clearly specified goals for the inspections. 41.     Within the FRA there is a Privacy Protection Council tasked with continuously monitoring measures taken to ensure protection of personal integrity. The members are appointed by the Government. The Council shall report its observations to the FRA management or, if the Council finds reasons for it, to the Inspectorate (section 11 of the Signals Intelligence Act). 42.     Further provisions on supervision are found in the FRA Personal Data Processing Act. The FRA shall appoint one or several data protection officers and report the appointment to the Data Protection Authority (Chapter 4, section 1). The data protection officer is tasked with independently monitoring that the FRA treats personal data in a legal and correct manner and point out any deficiencies. If deficiencies are suspected and no correction is made, a report shall be submitted to the Data Protection Authority (Chapter 4, section 2). 43.     The Data Protection Authority, which is an authority under the Government, has on request access to the personal data that is processed by the FRA and documentation on the treatment of personal data along with the security measures taken in this regard as well as access to the facilities where personal data is processed (Chapter 5, section 2). If the Authority finds that personal data is or could be processed illegally, it shall try to remedy the situation by communicating its observations to the FRA (Chapter 5, section 3). It may also apply to the Administrative Court ( förvaltningsrätten ) in Stockholm to have illegally processed personal data destroyed (Chapter 5, section 4). H.     Notification of secret surveillance measures 44.     If search terms directly related to a specific natural person have been used, he or she is to be notified by the FRA, according to the Signals Intelligence Act. The notification shall contain information on the date and purpose of the measures. Such notification shall be given as soon as it can be done without detriment to the foreign intelligence activities, but no later than one month after the signals intelligence mission has been concluded (section 11a). 45.     However, the notification may be delayed if secrecy so demands, in particular defence secrecy or secrecy for the protection of international relations. If, due to secrecy, no notification has been given within a year from the conclusion of the mission, the person does not have to be notified. Furthermore, a notification shall not be given if the measures solely concern the conditions of a foreign power or the relationship between foreign powers (section 11b). I.     Remedies 46.     The Signals Intelligence Act provides that the Foreign Intelligence Inspectorate, at the request of an individual, must investigate if his or her communications have been intercepted through signals intelligence and, if so, verify whether the interception and treatment of the information have been in accordance with law. The Inspectorate shall notify the individual that such an investigation has been carried out (section 10a). A request can be made by legal and natural persons regardless of nationality and residence. During the period 2010-2017, 132 requests were handled and no unlawfulness was established. In 2017, ten such requests were processed; in 2016 the number was 14. The Inspectorate’s decision following a request is final. 47.     Under the FRA Personal Data Processing Act, the FRA is also required to provide information upon request. Once per calendar year, an individual may demand information on whether personal data concerning him or her is being or has been processed. If so, the FRA must specify what information on the individual is concerned, from where it was collected, the purpose of the treatment and to which recipients or categories of recipients the personal data is or was reported. The information is normally to be given within one month from the request (Chapter 2, section 1). However, this right to information does not apply if disclosure is prevented by secrecy (Chapter 2, section 3). 48.     Following a request from the individual who has had personal data registered, the FRA shall promptly correct, block or destroy such data that has not been processed in accordance with law. The FRA shall also notify any third party who has received the data, if the individual so requests or if substantial harm or inconvenience could be avoided through a notification. No such notification has to be given if it is impossible or would involve a disproportionate effort (Chapter 2, section 4). 49.     The FRA’s decisions on disclosure and corrective measures in regard to personal data may be appealed against to the Administrative Court in Stockholm (Chapter 6, section 3). 50.     The State is liable for damages following a violation of personal integrity caused by treatment of personal data not in accordance with the FRA Personal Data Processing Act (Chapter 2, section 5). A request for damages shall be submitted to the Chancellor of Justice. 51.     In addition to the above remedies, laid down in the legislation relating to signals intelligence, Swedish law provides for a number of other means of scrutiny and complaints mechanisms. The Parliamentary Ombudsmen ( Justititeombudsmannen ) supervise the application of laws and regulations in public activities; courts and authorities are obliged to provide information and opinions at the request of the Ombudsmen (Chapter 13, section 6 of the Instrument of Government – Regeringsformen ), including access to minutes and other documents. The Ombudsmen shall ensure, in particular, that the courts and authorities observe the provisions of the Instrument of Government on objectivity and impartiality and that citizens’ fundamental rights and freedoms are not encroached upon in public activities (section 3 of the Parliamentary Ombudsmen Instructions Act – Lagen med instruktion för Riksdagens ombudsmän ; 1986:765). The supervision, under which the Foreign Intelligence Court and the FRA come, is conducted by means of examining complaints from the public and through inspections and other investigations (section 5). The examination is concluded by a decision in which, although not legally binding, the opinion of the Ombudsman is given as to whether the court or authority has contravened the law or otherwise taken a wrongful or inappropriate action; the Ombudsman may also initiate criminal or disciplinary proceedings against a public official who has committed a criminal offence or neglected his or her duty in disregarding the obligations of the office (section 6). 52.     With a mandate similar to the Parliamentary Ombudsmen, the Chancellor of Justice scrutinises whether officials in public administration comply with laws and regulations and otherwise fulfil their obligations (section 1 of the Chancellor of Justice Supervision Act – Lagen om justitiekanslerns tillsyn ; 1975:1339). The Chancellor does so by examining individual complaints or conducting inspections and other investigations, which could be directed at, for instance, the Foreign Intelligence Court and the FRA. At the request of the Chancellor, courts and authorities are obliged to provide information and opinions as well as access to minutes and other documents (sections 9 and 10). The decisions of the Chancellor of Justice are similar in nature to the decisions of the Parliamentary Ombudsmen, including their lack of legally binding power. By tradition, however, the opinions of the Chancellor and the Ombudsmen command great respect in Swedish society and are usually followed (see Segerstedt-Wiberg and Others v.   Sweden , no. 62332/00, § 118, ECHR 2006-VII). The Chancellor has the same power as the Ombudsmen to initiate criminal or disciplinary proceedings (sections 5 and 6). 53.     The Chancellor of Justice is also authorised to determine complaints and claims for damages directed against the State, including compensation claims for alleged violations of the Convention. The Supreme Court and the Chancellor of Justice have developed precedents in recent years, affirming that it is a general principle of law that compensation for Convention violations can be ordered without direct support in Swedish statute to the extent that Sweden has a duty to provide redress to victims of Convention violations through a right to compensation for damages (see Lindstrand Partners Advokatbyrå AB v. Sweden , no. 18700/09, §§ 58-62 and 67, 20   December 2016, with further references). On 1 April 2018, through the enactment of a new provision – Chapter 3, section 4 – of the Tort Liability Act ( Skadeståndslagen ; 1972:207), the right to compensation for violations of the Convention was codified. 54.     In addition to its above-mentioned supervisory functions under the Foreign Intelligence Inspectorate Instructions Ordinance and the FRA Personal Data Processing Act (see paragraphs 38, 42 and 43 above), the Data Protection Authority is generally entrusted with protecting individuals against violations of their personal integrity through the processing of personal data, under the Act with Supplementary Provisions to the EU General Data Protection Regulation ( Lagen med kompletterande bestämmelser till EU:s dataskyddsförordning ) which entered into force on 25   May 2018, the same day as the new EU regulation it supplements (paragraph 81 below). In regard to the signals intelligence conducted by the FRA – which falls outside the competence of the EU and is thus not regulated by Community law – the Personal Data Act ( Personuppgiftslagen; 1998:204) continues to apply, although it is otherwise replaced by the new EU   Regulation and the supplementary act. It gives the Data Protection Authority the same general supervisory task. In performing this task, the Authority may receive and examine individual complaints. J.     Secrecy at the FRA 55.     The Public Access to Information and Secrecy Act ( Offentlighets ‑ och sekretesslagen ; 2009:400) contains a specific provision on the FRA’s signals intelligence activities. Secrecy applies to information on an individual’s personal or economic circumstances, unless it is evident that the information can be disclosed without the individual concerned or any other person closely related to him or her being harmed. The presumption is for secrecy (Chapter 38, section 4). 56.     According to the Act, secrecy also generally applies to foreign intelligence activities in regard to information concerning another State, international organisation, authority, citizen or legal person in another State, if it can be presumed that a disclosure will interfere with Sweden’s international relations or otherwise harm the country (Chapter 15, section   1). 57.     Secrecy further applies to information on activities related to the defence of the country or the planning of such activities or to information that is otherwise related to the country’s comprehensive defence strategy, if it can be presumed that a disclosure will harm the country’s defence or otherwise endanger national security (Chapter 15, section 2). 58.     Information which is protected by secrecy under the Public Access to Information and Secrecy Act may not be disclosed to a foreign authority or an international organisation unless 1) such disclosure is permitted by an express legal provision (cf. section 7 of the FRA Personal Data Processing Ordinance, paragraph 34 above), or 2) the information in an analogous situation may be communicated to a Swedish authority and the disclosing authority finds it evident that the communication of the information to the foreign authority or the international organisation is consistent with Swedish interests (Chapter 8, section 3 of the Act). K.     The reports of the Data Protection Authority 59.     On 12 February 2009 the Government ordered the Data Protection Authority to examine the handling of personal data at the FRA from an integrity perspective. In its report, published on 6 December 2010, the Authority stated that its conclusions were overall positive. Issues relating to the processing of personal data and to personal integrity were given serious consideration by the FRA and a considerable amount of time and resources were spent on creating routines and educating its personnel in order to minimise the risk of unwarranted interferences with personal integrity. Moreover, no evidence had been found which indicated that the FRA was handling personal data for purposes not authorised by the legislation in force (see paragraphs 12-14 and 28 above). However, the Authority noted, inter alia , that there was a need to improve the methods for separating domestic and cross-border communications. Even if the FRA had implemented mechanisms in that area, there was no guarantee that domestic communications were never intercepted, and, although the occasions had been very few, such communications had in fact been intercepted. The Authority further noted that the procedure for notification to individuals (paragraphs 44-45 above) had never been used by the FRA, due to secrecy. 60.     A second report was issued by the Authority on 24 October 2016. Again, the Authority found no evidence that personal data had been collected for other purposes than those stipulated for the signals intelligence activities. It also noted that the FRA continuously reviewed whether data intercepted was still needed for those purposes. A similar review was made concerning the carriers from which the FRA obtained intelligence. Moreover, there was nothing to indicate that the provisions on destruction of personal data had been disregarded (see paragraphs 25-27 above). However, the FRA was criticised for not adequately monitoring logs used to detect unwarranted use of personal data, a shortcoming that had been pointed out already in 2010. L.     The report of the Signals Intelligence Committee 61.     On 12 February 2009 the Government also decided to appoint a committee predominantly composed of members of parliament, the Signals Intelligence Committee ( Signalspaningskommittén ), with the task of monitoring the signals intelligence conducted at the FRA in order to examine the implications for personal integrity. The report was presented on 11   February 2011 ( Uppföljning av signalspaningslagen ; SOU 2011:13). The Committee’s examination had its main focus on signals intelligence conducted over the airways as such activities on cable-based traffic had not yet commenced on a larger scale. 62 .     The Committee concluded that concerns of personal integrity were taken seriously by the FRA and formed an integral part of the development of its procedures. It noted, however, that there were practical difficulties in separating domestic cable-based communications from those crossing the Swedish border. Any domestic communications that were not separated at the automated stage were instead separated manually at the processing or analysing stage. The Committee further observed that the search terms used for communications data were less specific than those used for interception of the content of a communication and that, consequently, a larger number of individuals could have such data stored by the FRA. 63.     Another finding in the report was that the FRA’s development activities (see paragraph 14 above) could lead to non-relevant communications being intercepted and possibly read or listened to bCitations
Aucune citation répertoriée pour cette décision.
Décisions connexes
Aucune décision similaire identifiée pour le moment.
Synthèse
- Juridiction
- CEDH
- Chambre
- CASELAW;JUDGMENTS;CHAMBER;ENG
- Formation
- 6
- Date
- 19 juin 2018
- Matière
- droits fondamentaux
Référence
ECLI:CE:ECHR:2018:0619JUD003525208
Données disponibles
- Texte intégral