(CN) – Stealing a phone may not be a particularly serious crime, but the European Court of Justice concluded Tuesday that gathering certain telecom data about the thief likewise is not too serious a breach of privacy.
The robbery at issue occurred on Feb. 16, 2015, but police believed that they could track down the culprit if they knew what telephone numbers had been activated on the stolen phone between Feb. 16 and Feb. 27.
In addition to phone numbers, police wanted the personal data concerning whoever used the corresponding SIM cards activated with the stolen phone’s IMEI code, short for International Mobile Equipment Identity.
An investigating magistrate refused the request, however, for two reasons. In addition to asserting that the requested data would not necessarily identify the perpetrators of the robbery, the magistrate said that Spanish law allowed telecoms to share data only when a serious offense had occurred. Specifically offense in Spain are defined as serious if they are punishable by a five-year prison term.
Before it could rule on the appeal by prosecutors, the provincial court in Tarragona, Spain, referred the case to Luxembourg for guidance.
On Tuesday, the Grand Chamber of the European Court of Justice concluded that invasions of privacy are justified not just by the objective of fighting serious crime.
“When the interference that such access entails is not serious, that access is capable of being justified by the objective of preventing, investigating, detecting and prosecuting ‘criminal offenses’ generally,” the ruling states.
Here it evident, the ruling continues, that the sought-after data is not particularly serious.
“Without those data being cross-referenced with the data pertaining to the communications with those SIM cards and the location data, those data do not make it possible to ascertain the date, time, duration and recipients of the communications made with the SIM card or cards in question, nor the locations where those communications took place or the frequency of those communications with specific people during a given period,” the ruling states. “Those data do not therefore allow precise conclusions to be drawn concerning the private lives of the persons whose data is concerned.”
As such, the ruling concludes, it would not unduly interfere with privacy rights to let police access “data for the purpose of identifying the owners of SIM cards activated with a stolen mobile telephone, such as the surnames, forenames and, if need be, addresses of the owners.”
Such interference “is not sufficiently serious to entail that access being limited, in the area of prevention, investigation, detection and prosecution of criminal offenses, to the objective of fighting serious crime,” the ruling continues.