Skip to main content
SpringerLink
Log in

Introducing a Regulation on (Banking) Data Surveillance in the EU: Some Proposals

  • Chapter
  • First Online:
Banking Supervision and Criminal Investigation

Part of the book series: Comparative, European and International Criminal Justice ((CEICJ,volume 1))

  • 428 Accesses

Abstract

Against the composite framework and the increasing urgency to provide for clear legal basis, and above all for adequate guarantees in case forms of real-time monitoring of banking records are performed, this Chapter concludes the present work, introducing some proposals on the key features that should characterize a regulation concerning surveillance on banking data within the EU legal framework.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 129.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Cf. above, Sect. 7.3.

  2. 2.

    Either because the information is valuable in itself, or because it might become so through data mining operations. Only with regard to cell phone data, the market “is now estimated to be in the billions of dollars” cf. Carpenter v US, cit., Kennedy J, dissenting, p. 5.

  3. 3.

    Recital (6), Regulation (EU) 2016/679 of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

  4. 4.

    Cf. Recital (3), Directive (EU) 2016/680 of 27.04.2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data. On the impact of new technologies in criminal investigations, see also Orlandi (2009), p. 129; Orlandi (2014).

  5. 5.

    BVerfG, 27.02.2008, BVerfGE 120, 274 et seq., on the impact for the decision and its following case-law see, e.g., Knierim (2008), p. 253764; Kudlich (2008), p. 475; Maisch (2015), p. 56 et seq.; Bull et al. (2016), Nicolicchia (2017), and Orlandi (2018), note 7.

  6. 6.

    Cf., e.g., in the Italian case-law, Cass., Sez. V, sent. 8.05.2012, dep. 26.10.2012, n. 42021, in Foro it., 2012, 12, 2, p. 709. On the notion of “virtual domicile”, see Torre (2017), p. 84 et seq.; Maioli and Sanguedolce (2012), Pica (1999), p. 66; Signorato (2017), pp. 59–66.

  7. 7.

    Respectively 460 U.S. 276 (beeper tracking) and 615 F. 3d 544, affirmed (GPS tracking).

  8. 8.

    533 U.S. 27, 34 (2001), concerning the use of a thermal imager to detect heat radiating from the side of the defendant’s home.

  9. 9.

    573 U.S. __ (2014), with specific regard to cell phones, cf. e.g., Logan (2001), and, if you please, Lasagni (2018).

  10. 10.

    Cf. Sect. 7.6. In this sense, see, for all, Electronic Privacy Information Center (2017).

  11. 11.

    Since also other major corporations or search engines, such as Google and Yahoo, report of thousands of government requests for user’s information, “including web pages visited and the search terms used”, cf. Gray (2017), p. 107; see also Schulhofer (2012).

  12. 12.

    Cf. Giacomelli v Italy, 2.11.2006, Application no. 59909/00, § 76; Gillow v the United Kingdom, 24.11.1986, Application no. 9063/80, § 46.

  13. 13.

    Such as Italy, cf., if you please, with regard to smartphone search, Lasagni (2018).

  14. 14.

    Cf. e.g. Bernal (2016), p. 247 “‘new’ surveillance is both qualitatively and quantitatively different from ‘traditional’ surveillance or interception of communications. Where traditional ‘communications’ was seen as a subset of traditional privacy rights […] the new form of communications has a much broader relevance, a wider scope, and brings into play a much broader array of human rights. The surveillance too is different—and the impact that it can have is different: more extensive, more multifaceted and with a greater impact on the people subjected to it”.

  15. 15.

    As currently occurring in Italy (regardless of the criticism of academics, see for all Orlandi (2018); Torre (2017), p. 85), cf. Cass., Sez. V, sent. 14.10.2009, dep. 29.04.2010, n. 16556, Pres. Calabrese, Rel. Pizzuti, Imp. Virruso e a., C.E.D. 246954, pp. 20–21, commented by Aterno (2013), p. 955 et seq. and Torre (2015), p. 1167, which applied the notion depending not on the sensitive content of the information itself, but rather on whether the servers are physically located in a private domicile or not.

  16. 16.

    Cf. above Sect. 7.3.

  17. 17.

    As seemingly occurs in IT with the transposition of the EIO Directive, cf. Sect. 7.5.

  18. 18.

    On the impact of new technology in wiretapping regulation see e.g. Camon (1996), p. 7 et seq.

  19. 19.

    Such as the 2005 COE Convention, and the EIO Directive, cf. Sect. 7.3.

  20. 20.

    Cf. Sect. 7.6.

  21. 21.

    Such as in Italy, see Cass., Sez. un., 28.05.2003, dep. 24.09.2003, n. 36747, Pres. Marvulli, Rel. Milo, Imp. Torcasio, in Cass. pen., 2004, p. 2094 commented by Filippi (2003); see also Fumu (2003), p. 762.

  22. 22.

    Digital Rights Ireland, Case C-293/12, § 27.

  23. 23.

    Joined cases Tele2 Sverige AB (C-203/15) v Post- och telestyrelsen and Secretary of State for the Home Department v Tom Watson and Others (C-698/15), § 99.

  24. 24.

    Cf. e.g., Harris et al. (2014), p. 522 et seq.

  25. 25.

    Benedik v Slovenia, 24.04.2018, Application no. 62357/14, §§ 100 and 102.

  26. 26.

    Cf. Niemietz v Germany, 16.12.1992, Application no. 13710/88, § 29; Uzun v Germany, 2.09.10, Application no. 35623/05, § 43.

  27. 27.

    Cf., e.g., Malone v the UK, 2.08.1984, Application no. 8691/79; Kroon and Others v. the Netherlands, 27.10.1994, Application no. 18535/91, § 31.

  28. 28.

    Cf., e.g., Evans v. the United Kingdom, 10.04.2007, Application no. 6339/05, § 75, although the principle was first set out in Marckx v. Belgium, 13.06.1979, Application no. 6833/74; cf. also Pollicino (2017), p. 136; Martinico (2017), p. 118.

  29. 29.

    Cf., e.g., G.S.B. v. Switzerland, 22.12.2015, Application no. 28601/11, § 90; S. and Marper v. The United Kingdom, 4.12.2008, Applications nos. 30562/04, 30566/04, §§ 66–67.

  30. 30.

    M.N. and Others v. San Marino, 7.07.2015, Application no. 28005/12, § 53.

  31. 31.

    Digital Rights Ireland, Case C-293/12, § 34; cf. also Balsamo (2015), pp. 168–175.

  32. 32.

    Cf. X v The Federal Republic of Germany, Decision of 7.05.1981, Application no 8334/78.

  33. 33.

    Cf., e.g., Bernh Larsen Holding As and Others v. Norway, 14.03.2013, Application no. 24117/08, where, against the Government’s opinion that “only natural persons could be considered to have a “private life”” (§ 98), the Court reiterated that the protection of Article 8 ECHR, in the specific case with regard to home or domicile protection, “includes not only the registered office of a company owned and run by a private individual […] but also that of a legal person and its branches and other business premises” (§ 104); Saint-Paul Luxembourg S.A. v. Luxembourg, 18.04.2013, Application no. 26419/10, § 37. See also Martinico (2017), p. 118. See also Ste Colas Est, 16.04.2002, Application no. 37971/97, § 41; Buck v Germany, 28.07.2005, Application no. 41604/98.

  34. 34.

    Asselbourg and 78 Others and Greenpeace Assocation-Luxembourgv v. Luxembourg, 29.06.1999, Application no. 29121/95, p. 6; Sdružení Jihočeské Matky v. the Czech Republic (dec.), Application no. 19101/03, 10.07.2006, at 2.1. On the application of fair trail rights to legal persons in the ECtHR case-law, see above Sect. 6.2, and Sect. 6.3.5. with specific regard to the privilege against self-incrimination.

  35. 35.

    Cf., e.g., S. and Marper v. the United Kingdom, § 67.

  36. 36.

    M.N. and Others v. San Marino, § 51.

  37. 37.

    Sommer v. Germany, 27.04.2017, Application no. 73607/13, § 59, and case-law there mentioned.

  38. 38.

    G.S.B. v. Switzerland, § 89 and case-law there mentioned.

  39. 39.

    Cf., e.g., Brito Ferrinho Bexiga Villa-Nova v. Portugal, 1.12.2015, Application no. 69436/10, §§ 42–44: “42. Les parties conviennent que les données bancaires de la requérante constituent des informations personnelles relevant de sa vie privée, entrant bien dans le champ d’application de l’article 8 de la Convention. Elles s’accordent également à reconnaître qu’il y a eu ingérence dans l’exercice par la requérante de son droit au respect de sa vie privée. La Cour note aussi que les juridictions internes n’ont pas contesté que les informations bancaires étaient couvertes par le secret professionnel étant donné notamment que la requérante avait reçu des versements effectués par des clients sur son compte bancaire personnel (voir ci-dessus paragraphes 9, 10 et 12). 43. La Cour ne voit pas de raison de conclure autrement. Elle rappelle que la notion de “vie privée” peut inclure les activités professionnelles ou commerciales (Niemietz c. Allemagne, 16.12.1992, § 29, série A no 251-B). En outre, elle “accorde un poids singulier au risque d’atteinte au secret professionnel des avocats car il est la base de la relation de confiance entre l’avocat et son client (André et autre c. France, no 18603/03, § 41, 24.07.2008 et Xavier da Silveira c. France, no 43757/05, § 36, 21.01.2010) et il peut avoir des répercussions sur la bonne administration de la justice” (Wieser et Bicos Beteiligungen GmbH c. Autriche, no 74336/01, §§ 65–66, CEDH 2007-IV; Niemietz, précité, § 37, et André et autre, précité § 41). 44. La Cour en conclut que la consultation des extraits de comptes bancaires de la requérante a bien constitué une ingérence dans son droit au respect du secret professionnel, lequel rentre dans la vie privée (M.N. et autres c. Saint-Marin, no 28005/12, § 51, 7.07.2015)”.

  40. 40.

    See Explanatory report to the Protocol to the 2000 Convention on mutual assistance in criminal matters between the Member States of the European Union (Text approved by the Council on 14 October 2002), pp. 10–11, and Pollicino (2017), pp. 135–136. See also Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González, Case C-131/12, 13.05. 2014, ECLI:EU:C:2014:317, § 68. The link was also confirmed in Maximillian Schrems v Data Protection Commissioner, Case C-362/14, 6.10.2015, ECLI:EU:C:2015:650, § 39, according to which “It is apparent from Article 1 of Directive 95/46 and recitals 2 and 10 in its preamble that that directive seeks to ensure not only effective and complete protection of the fundamental rights and freedoms of natural persons, in particular the fundamental right to respect for private life with regard to the processing of personal data, but also a high level of protection of those fundamental rights and freedoms. The importance of both the fundamental right to respect for private life, guaranteed by Article 7 of the Charter, and the fundamental right to the protection of personal data, guaranteed by Article 8 thereof, is, moreover, emphasised in the case-law of the Court”.

  41. 41.

    Cf. Digital Rights Ireland Ltd, Case C-293/12, § 53.

  42. 42.

    Such as Regulation 2016/679 and Directive 2016/680, cit.

  43. 43.

    Cf. in this sense, e.g., Martinico (2017), p. 120, in general terms with regard to the Charter as a whole in the ECJ case-law, see Sarmiento (2013), p. 1267; Fontanelli (2011), p. 22 et seq.; Sanchez (2012), p. 1565.

  44. 44.

    Cf. Explanatory report to the Protocol to the 2000 Convention, p. 11.

  45. 45.

    Cf. Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), § 129; see also Sayers (2014), p. 229 et seq. and case-law there mentioned.

  46. 46.

    Digital Rights Ireland Ltd, Case C-293/12, § 33; see also see, Judgement in Österreichischer Rundfunk and Others, 20.05.2003, C-465/00, C-138/01 and C-139/01, EU:C:2003:294, § 75.

  47. 47.

    Cf., e.g., Hoechst AG v Commission of the European Communities, Joined cases 46/87 and 227/88, 21.09.1989, ECLI:EU:C:1989:337, § 19, according to which “None the less, in all the legal systems of the Member States, any intervention by the public authorities in the sphere of private activities of any person, whether natural or legal, must have a legal basis and be justified on the grounds laid down by law, and, consequently, those systems provide, albeit in different forms, protection against arbitrary or disproportionate intervention”. Cf. Lamandini et al. (2015), p. 73: «The CJEU, on the other hand, established in its early decisions that some privacy rights, such as the inviolability of domicile, were typically rights of natural persons, but did not protect legal persons; legal persons only had a protection against “arbitrary or disproportionate intervention”. In Hoechst, however, the CJEU tried to establish a balance between the finality of an effective investigation, and the existence of safeguards (arising from all domestic legal systems) which introduce an element of certainty and proportionality similar to the privacy protection».

  48. 48.

    Volker und Markus Schecke GbR ( C-92/09 ) and Hartmut Eifert (C-93/09) v Land Hessen, Joined cases C-92/09 and C-93/09, 9.11.2010, ECLI:EU:C:2010:662, §§ 52–53 and 87. Article 7 and 8 CFREU also provide for protection to other interests related to the notion of privacy, such as the protection of family, the analysis of which falls however out of the scope of this work.

  49. 49.

    Cf. above Sect. 6.3.6.

  50. 50.

    Cf. Article 3(1), Directive (EU) 2016/680.

  51. 51.

    Recital (51), Directive 2016/680.

  52. 52.

    Cf. Digital Rights Ireland Ltd, Case C-293/12, §§ 26 and 27, and particularly § 26 according to which “Those data make it possible, in particular, to know the identity of the person with whom a subscriber or registered user has communicated and by what means, and to identify the time of the communication as well as the place from which that communication took place. They also make it possible to know the frequency of the communications of the subscriber or registered user with certain persons during a given period”.

  53. 53.

    Cf. United States v. Miller, see above Sect. 7.6. Critical in this sense Justice Kennedy dissenting in Carpenter v US, highlighting how “Financial records are of vast scope. Banks and credit card companies keep a comprehensive account of almost every transaction an individual makes on a daily basis. “With just the click of a button, the Government can access each [company’s] deep repository of historical [financial] information at practically no expense.” […] Today, just as when Miller was decided, “it is impossible to participate in the economic life of co contemporary society without maintaining a bank account.”” (pp. 17–18).

  54. 54.

    Similarly to what concluded under the ECtHR case-law, cf. e.g. S. and Marper v. The United Kingdom, §§ 66–67, referred to the case of retention of fingerprints and cellular samples and DNA profiles after the end of a criminal proceeding.

  55. 55.

    S. and Marper v. the United Kingdom, § 112 (concerning DNA database). In general, with regard to the impact of new technology on the case-law of the Court see, e.g., Brownsword and Goodwin (2012), Murphy and Ó Cuinn (2010), pp. 601–638.

  56. 56.

    Satakunnan Markkinapörssi Oy And Satamedia Oy v Finland, 27.06.2017, Application no. 931/13, § 137; Benedik v Slovenia, § 103.

  57. 57.

    Cf. Copland v The United Kingdom, 3.04.2007, Application no. 62617/00 (telephone calls, e-mail correspondence and Internet usage); see also Khan v The United Kingdom, 12.05.2000, Application no. 35394/97 (listening device).

  58. 58.

    Szabó and Vissy v Hungary, 12.01.2016, Application no. 37138/14, § 53; Bernal (2016), p. 251.

  59. 59.

    Digital Rights Ireland Ltd, Case C-293/12, §§ 49–51; Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), § 96. In this sense, for instance, “the use of modern investigation techniques” has been considered of fundamental in the fight against serious crime, and the data so collected deemed “valuable tool for criminal investigations” a conclusion which applies well not only to data related to electronic means of communication (as in the case dealt with by the Court), but also to banking data. Specifically on IP addresses, cf. Scarlet Extended SA contro Société belge des auteurs, compositeurs et éditeurs SCRL, Case C-70/10, 24.11.2011, ECLI:EU:C: 2011:771, § 51; Patrick Breyer v Bundesrepublik Deutschland, Case C-582/14, 19.10.2016, ECLI:EU:C:2016:779, §§ 15–16.

  60. 60.

    Cf. Bernal (2016), p. 248 “metadata can be more helpful for surveillance than content. Metadata by its nature is more easily analysed and aggregated. The formats are standardised, much of it is numeric and can be subjected to quantitative analysis—particularly significant in the ‘big data’. Moreover, content can be written in indirect forms, working by innuendo or in language not easily or automatically understandable. On the kinds of scales envisaged by mass surveillance, the idea of actually ‘reading’ or ‘listening’ to content is not practical until the very latest stages of analysis. Content is much more easily and regularly encrypted than metadata. Finally, metadata can include new types of data such as geolocation data, data about devices used and so forth”.

  61. 61.

    Cf., e.g., Strafprozeßordnung (stop), § 100b Online-Durchsuchung, German crim. proc. code.

  62. 62.

    Cf. Tricot and Martìn (forthcoming), p. 7 of the draft.

  63. 63.

    Whose provisions, as anticipated with regard to the ne bis in idem protection, have already been recognized liable of direct application in the Member States, with disapplication of contrary national provisions, cf. Sect. 2.3.3.

  64. 64.

    Cf., e.g., Buckley v. the United Kingdom, 29.09.1996, Application no. 2034/92, § 76. The margin of appreciation doctrine “refers to the room for manoeuvre the Strasbourg institutions are prepared to accord national authorities in fulfilling their obligations under the European Convention on Human Rights. However, the term is not found in the text of the Convention itself, nor in the travaux préparatoires, 1 but first appeared in 1958 in the Commission’s report in the case brought by Greece against the United Kingdom over alleged human rights violations in Cyprus.2 Since then it has been adopted in numerous other Commission decisions and in over 700 judgments of the Court”, cf., e.g., Greer (2000), p. 5; Kostoris (2017), p. 51.

  65. 65.

    Zakharov v. Russia, 4.12. 2015, Application no. 51380/07, § 228; Buckley v. the United Kingdom, § 76; McMichael v. the United Kingdom, 24.02.1995, Application no. 16424/90, § 87.

  66. 66.

    See, e.g., Google Spain, Case C-131/12, § 34; see also Martinico (2017), p. 125 et seq.

  67. 67.

    Zakharov v. Russia, § 228.

  68. 68.

    Cf. Del Río Prada v. Spain, 21.10.2013, Application no. 42750/09, § 91, according to which “When speaking of “law” Article 7 alludes to the very same concept as that to which the Convention refers elsewhere when using that term, a concept which comprises statutory law as well as case-law and implies qualitative requirements, notably those of accessibility and foreseeability”. See also S.W. v. The United Kingdom, 22.11.1995, Application no. 20166/92, § 35; Contrada c. Italia (N. 3), 14.04.2015, Application no. 66655/13, § 60 et seq., largely commented by Italian legal scholars, see e.g., Mazzacuva (2015), and Donini (2016).

  69. 69.

    Cf. Silver and Others v The United Kingdom, 25.03.1983, Application nos. 5947/72; 6205/73; 7052/75; 7061/75; 7107/75; 7113/75; 736/75, §§ 85–86.

  70. 70.

    The Sunday Times v The United Kingdom, 26.04.1979, Application no. 6538/74, §§ 48–53; Rotaru v. Romania, 4.05.2000, Application no. 28341/95, § 52. See also Kruslin v France, 24.04.1990, Application no. 11801/85; Huvig v France, 24.04.1990, Application no. 11105/84.

  71. 71.

    Schrems, Case C-362/14, § 91; Digital Rights Ireland Ltd, Case C-293/12, §§ 54–55.

  72. 72.

    In this sense, see Zakharov v. Russia, § 232; Klass and Others v Germany, 6.09.1978, Application no 5029/71, § 49 and case-law there mentioned. See also Bernal (2016), p. 259.

  73. 73.

    Klass and Others, § 49.

  74. 74.

    Klass and Others, § 50.

  75. 75.

    That although, brought a change in the admissibility test, harshly criticized in Judge Dedov’s dissenting opinion, part 3, arguing that in this way the Court would lose its case-by-case approach.

  76. 76.

    Kennedy v The UK, 18.05.2010, Application no. 26839/05; Zakharov v. Russia, § 230.

  77. 77.

    Zakharov v. Russia, § 231 and case-law mentioned there.

  78. 78.

    Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), §§ 127-133.

  79. 79.

    For the recent restatement of the need to recognize an autonomous meaning to the Charter in the field of ne bis in idem, see above Sect. 2.3.3.

  80. 80.

    Cf. Martinico (2017), p. 116 et seq.

  81. 81.

    Cf. Explanation relating to the Charter, 2007, OJ C303/17, sub Article 7, p. 10.

  82. 82.

    Digital Rights Ireland Ltd, Case C-293/12, §§ 38 and 52.

  83. 83.

    In this line in the conclusion, Martinico (2017), p. 116.

  84. 84.

    Digital Rights Ireland Ltd, Case C-293/12, § 38; Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), § 94. See also above Sect. 2.3.3.

  85. 85.

    Digital Rights Ireland Ltd, Case C-293/12, § 24, cf. also §§ 41–44 and Iovene (2014); see also Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), § 102.

  86. 86.

    Digital Rights Ireland Ltd, Case C-293/12, § 40.

  87. 87.

    Cf., e.g., Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), §§ 96 and 107; see also Productores de Música de España (Promusicae) v Telefónica de España SAU, Case C-275/06, 29.01.2008, ECLI:EU:C:2008:54, §§ 68–70.

  88. 88.

    Digital Rights Ireland Ltd, Case C-293/12, § 51; Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), § 103.

  89. 89.

    Digital Rights Ireland Ltd, Case C-293/12, § 46 and case-law there mentioned.

  90. 90.

    Idem, §§ 54–55.

  91. 91.

    Idem, § 56.

  92. 92.

    Schrems, Case C-362/14, § 42.

  93. 93.

    Schrems, Case C-362/14, § 92; Digital Rights Ireland Ltd, Case C-293/12, § 52.

  94. 94.

    Digital Rights Ireland Ltd, Case C-293/12, §§ 54–55.

  95. 95.

    Idem, § 57; see also Schrems, Case C-362/14, §§ 93–94 according to which a generalized access implies a violation of the essence of the fundamental right to respect for private life. Cf. Mitsilegas (2016).

  96. 96.

    Digital Rights Ireland Ltd, Case C-293/12, § 58; Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), § 105.

  97. 97.

    Digital Rights Ireland Ltd, Case C-293/12, § 59; Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), § 106.

  98. 98.

    Digital Rights Ireland Ltd, Case C-293/12, § 60.

  99. 99.

    Idem, § 61.

  100. 100.

    See also Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), § 95.

  101. 101.

    Idem, § 108.

  102. 102.

    Digital Rights Ireland Ltd, Case C-293/12, § 54 and the case-law cited; Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), § 109.

  103. 103.

    Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), §§ 110–111.

  104. 104.

    Idem, § 119 see also Zakharov v. Russia, § 260, and case-law there cited.

  105. 105.

    In case of criminal investigation, that is where the search for evidence begins after a crime has been committed, the problem appears less pressing, as certain objective suspicious elements are generally required to open a criminal proceeding. Cf. also Mitsilegas (2015).

  106. 106.

    Especially when data collected are particularly capable of profiling individuals (see, a contrario), Proceedings brought by Ministerio Fiscal, Case C-207/16, 2.10.2018, ECLI:EU:C:2018:788.

  107. 107.

    Cf. above Sect. 6.3.5.

  108. 108.

    Such as in Italy, cf. Article 226(5) disp. att. c.p.p.

  109. 109.

    Gray (2017), p. 217 et seq.

  110. 110.

    Fraud (VAT fraud only if the damage involved is of at least 10 million euros), corruption, and misappropriation affecting the EU financial interests, as implemented by national law. The seriousness is here either defined by the provision of a maximum penalty of at least 4 years of imprisonment or by the involvement of “considerable damage or advantage”, meaning with that expression that it involves more than EUR 100,000 (cf. Article 7, PIF Directive).

  111. 111.

    Article 1(3), Explanatory report to the Protocol, cit.

  112. 112.

    Directive (EU) 2018/1673 of 23.10. 2018 on combating money laundering by criminal law.

  113. 113.

    Directive (EU) 2017/541 of 15.03.2017 on combating terrorism.

  114. 114.

    Cf. Annex I to the Regulation (EU) 2016/794 of 11.05.2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA.

  115. 115.

    As defined by Klip (2016), p. 231 et seq.

  116. 116.

    Cf. above Sect. 6.3.5.

  117. 117.

    Cf. Sect. 7.3.

  118. 118.

    Cf. Sect. 3.2.

  119. 119.

    Cf. Bernal (2016), p. 246 highlighting how, for instance, under the UK Investigatory Powers Bill, surveillance is operated on a “‘gather in bulk, access in detail’ basis. The question of whether this constitutes ‘mass surveillance’ is one of the key parts of the debate, but may […] be a largely semantic argument. What is clear is that surveillance law and practice as it currently exists, and is being legally proposed, involves gathering of massive amounts of data […] where there are no limits on how ‘bulky’ the bulk might be”.

  120. 120.

    On the identification of the competent authority, see below, Sect. 8.3.

  121. 121.

    Schrems, Case C-362/14, § 92; Digital Rights Ireland Ltd, Case C-293/12, §§ 67–68.

  122. 122.

    As provided in Germany, cf. Bundersverfassungsgericht, I Senate, 20.04.2016, 1 BVR 966/09, 1 BVR 1140/09, analysed, e.g., by Giordano and Venegoni (2016).

  123. 123.

    Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), § 122; Digital Rights Ireland Ltd, Case C-293/12, §§ 66–68.

  124. 124.

    Discussing about the principle of neutrality with regard to the Fourth Amendment, Kerr (2010), according to whom “Technology neutrality assumes that the degree of privacy the Fourth Amendment extends to the Internet should try to match the degree of privacy protection that the Fourth Amendment provides in the physical world […] That is, the Fourth Amendment will remain technology-neutral in the sense that the overall amount and function of Fourth Amendment protection will be roughly the same regardless of whether a wrongdoer commits his crime entirely online, entirely in the physical world, or using a mix of the two”.

  125. 125.

    Greatly contributing in maintaining it, after almost 20 years from its entry into force, one of the most applied and appreciated international legal tools.

  126. 126.

    Guide on Article 8 of the European Convention on Human Rights, § 46. https://www.echr.coe.int/Documents/Guide_Art_8_ENG.pdf. Accessed 20 July 2018; Harris et al. (2014), p. 522 et seq.

  127. 127.

    Cf. Recital (15) GDPR and Recital (18), Directive 2016/680.

  128. 128.

    Cf., respectively, above Sects. 8.1 and 7.6.

  129. 129.

    ABA (2013), also known as “LEATPR Standard”, Standard 25-4.1 Categories of information; a version of content-shaped approach has also been proposed with regard to the First Amendment, see Richards (2013), criticized by Gray and Keats Citron (2013). A third content-based approach, again referring to the First Amendment, has been developed within the Yale’s Information Society Project, see e.g. Balkin (2016).

  130. 130.

    Highlighting also how, in the US context, the Fourth Amendment case-law has a history of “neutrality” “with respect to degrees of privacy involved”, cf. Gray (2014, 2017).

  131. 131.

    Carpenter v United States, pp. 16–17.

  132. 132.

    Id., p. 17.

  133. 133.

    As famously shown by the notorious Target case, cf. Hill (2012), and Duhigg (2012).

  134. 134.

    In this sense, see, e.g., Caianiello (2014), p. 317.

  135. 135.

    Although complicated appear to define in this case when such a destruction should occur, highly depending on the features of each national legal system (for instance, regulating up until when it is possible for prosecutors to integrate the investigating material).

  136. 136.

    Cf. above Sect. 7.3.

  137. 137.

    As it emerges from the brief recollection of national legal orders illustrated in the previous, cf. above Sect. 7.5.

  138. 138.

    Cf. Sect. 6.3.3.

  139. 139.

    Cf. above Sects. 6.3 and 6.3.1.

  140. 140.

    Idem.

  141. 141.

    Cf. Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), § 123.

  142. 142.

    Cf. Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), § 114 and 120; Digital Rights Ireland Ltd, Case C-293/12, §§ 48-62.; but see also Schrems, Case C-362/14, § 95.

  143. 143.

    Klass and Others, § 56.

  144. 144.

    Zakharov v. Russia, § 232.

  145. 145.

    Cf. Zakharov v Russia, § 233; Klass and Others, §§ 55–56.

  146. 146.

    Klass and Others, § 56.

  147. 147.

    Klass and Others, § 57; Zakharov v. Russia, § 233–234; Heino v Finland, 15.02.2011, Application no. 56720/09, § 45.

  148. 148.

    Smirnov v. Russia, 7.06.2007, Application no. 71362/01, § 45.

  149. 149.

    Delta Pekárny A.S. v Czech Republic, 2.10.2014, Application no. 97/11, § 91.

  150. 150.

    See above, Sects. 6.3 and 6.3.1.

  151. 151.

    Heino v Finland, 15.02.2011, Application no. 56720/09, § 45.

  152. 152.

    According to the country analysis provided in Ligeti (2012), that includes also FR, PT, RO. In IT the power may also be activated by the Administrative FIU. Cf. Sect. 7.5.

  153. 153.

    According to MONEYVAL (2013), p. 37 et seq.

  154. 154.

    According to the country analysis provided in Ligeti (2012), see country profiles of LU and EI.

  155. 155.

    Cf. Sect. 3.3.

References

  • ABA (2013) Standards for criminal justice: law enforcement access to third party records, 3rd edn. https://www.americanbar.org/groups/criminal_justice/standards/law_enforcement_access.html. Accessed 19 July 2018

  • Aterno S (2013) Le investigazioni informatiche e l’acquisizione della prova digitale. Giur merito, p 955

    Google Scholar 

  • Balkin JM (2016) Information Fiduciaries and the first amendment. UC Davis Law Rev 49(4):1183

    Google Scholar 

  • Balsamo A (2015) Il contenuto dei diritti fondamentali. In: Kostoris RE (ed) Manuale di procedura penale europea, II edn. Giuffrè, Milano, p 109 et seq

    Google Scholar 

  • Bernal P (2016) Data gathering, surveillance and human rights: recasting the debate. J Cyber Policy 1(2):243–264

    Article  Google Scholar 

  • Brownsword R, Goodwin M (2012) Law and the technologies of the twenty-first century: text and materials. Cambridge University Press, Cambridge

    Book  Google Scholar 

  • Bull HP, Giesen T, Kühling J, Leutheusser-Schnarrenberger S, Von Lewinski K, Robrecht B, Schaar P, Schramm J, Schulzki-Haddouti C, Seemann M, Spiecker Genannt Döhmann I, Stinner J, Trepte S (2016) Zukunft der informationellen Selbstbestimmung. ESV, Berlin

    Google Scholar 

  • Caianiello M (2014) To Sanction (or not to Sanction) procedural flaws at EU level? A step forward in the creation of an EU criminal process. Eur J Crime Crim Law Crim Justice 22(4):317

    Article  Google Scholar 

  • Camon A (1996) Le intercettazioni nel processo penale. Giuffrè, Milano

    Google Scholar 

  • Donini M (2016) Il diritto giurisprudenziale penale. Collisioni vere e apparenti con la legalità e sanzioni dell'illecito interpretativo. Riv trim dir pen cont, 3

    Google Scholar 

  • Duhigg C (2012) How companies learn your secrets. In NYT, 16th February 2012. https://www.nytimes.com/2012/02/19/magazine/shopping-habits.html. Accessed 19 July 2018

  • Electronic Privacy Information Center (EPIC) (2017) Carpenter v. United States 16-402, Supreme Court (Fourth Amendment, Location Privacy) EPIC’s Amicus Brief. https://epic.org/amicus/location/carpenter/Carpenter-v-US-amicus-EPIC.pdf. Accessed 19 July 2018

  • Filippi L (2003) Le Sezioni Unite decretano la morte dell'agente segreto “attrezzato per il suono” see also G. Fumu, Registrazione di colloqui tra presenti effettuata a cura della polizia giudiziaria: insuperabili i limiti alla testimonianza indiretta. Riv pol, p 762

    Google Scholar 

  • Fontanelli F (2011) The European Union Charter of fundamental rights two years later. Perspect Federalism 3(3):22

    Google Scholar 

  • Fumu G (2003) Registrazione di colloqui tra presenti effettuata a cura della polizia giudiziaria: insuperabili i limiti alla testimonianza indiretta. Riv pol, p 762

    Google Scholar 

  • Giordano L, Venegoni A (2016) La Corte Costituzionale tedesca sulle misure di sorveglianza occulta e sulla captazione di conversazioni da remoto a mezzo di strumenti informatici. Dir pen cont, 8 maggio 2016

    Google Scholar 

  • Gray D (2014) The ABA standards for criminal justice: law enforcement access to third party records: critical perspective from a technology-centered approach to quantitative privacy. Okla Law Rev 66:919

    Google Scholar 

  • Gray D (2017) The fourth amendment in an age of surveillance. Cambridge University Press, New York

    Book  Google Scholar 

  • Gray D, Keats Citron DK (2013) Addressing the harm of total surveillance. A Reply to Professor Neil Richards. Harv Law Rev F 126:262

    Google Scholar 

  • Greer S (2000) The margin of appreciation: interpretation and discretion under the European Convention on human rights. Council of Europe Publishing. https://www.echr.coe.int/LibraryDocs/DG2/HRFILES/DG2-EN-HRFILES-17(2000).pdf. Accessed 19 July 2018

  • Harris DJ, O’Boyle M, Beates EP, Buckley M (2014) Law of the European Convention on human rights, 3rd edn. Oxford University Press, Oxford

    Google Scholar 

  • Hill K (2012) How target figured out a teen girl was pregnant before her Father Did, in Forbes, 16th February 2012. https://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/#6a7ed7b96668. Accessed 19 July 2018

  • Iovene F (2014) Le c.d. perquisizioni online tra nuovi diritti fondamentali ed esigenze di accertamento penale. Riv trim dir pen cont 3–4:329

    Google Scholar 

  • Kerr OS (2010) Applying the fourth amendment to the internet: a general approach. Stanford Law Rev 62:1005

    Google Scholar 

  • Klip A (2016) European criminal law: an integrative approach, 3rd edn. Intersentia, Cambridge

    Google Scholar 

  • Knierim TC (2008) BverfG: Reichweite und Grezen der Online-Durchsuchung, in Fachdienst Strafrecht, 253764

    Google Scholar 

  • Kostoris RE (2017) Diritto europeo e giustizia penale. In: Id (ed) Manuale di procedura penale europea, 3rd edn. Giuffrè, Milano, p 51.

    Google Scholar 

  • Kudlich H (2008) Enge Fesseln für «Landes- und Bundestrojaner» - Anforderungen an die Zulässigkeit einer (sicherheitsrechtlichen) Online-Durchsuchung, in Juristische Arbeitsblätter, p 475

    Google Scholar 

  • Lamandini M, Ramos Muñoz D, Solana Alvarez J (2015) Depicting the limits to the SSM’s supervisory powers: the role of constitutional mandates and of fundamental rights’s protection, in Quad. Ricerca Giuridica, Banca d’Italia, p 79

    Google Scholar 

  • Lasagni G (2018) Tackling phone searches in Italy and in the US. Proposals for a technological re-thinking of procedural rights and freedoms. NJECL 9(3):386–401

    Google Scholar 

  • Ligeti K (ed) (2012) Toward a prosecutor for the European Union Volume 1: a comparative analysis. Hart, Oxford

    Google Scholar 

  • Logan WA (2001) An exception swallows a rule: police authority to search incident to arrest. Yale Law Policy Rev 19:381

    Google Scholar 

  • Maioli C, Sanguedolce E (2012) I “nuovi” mezzi di ricerca della prova fra informatica forense e L. 48/2008. http://www.altalex.com/documents/news/2012/05/03/i-nuovi-mezzi-di-ricerca-della-prova-fra-informatica-forense-e-l-48-2008. Accessed 20 July 2018

  • Maisch MM (2015) Informationelle Selbstbestimmung in Netzwerken. Duncker & Humblot, Berlin

    Book  Google Scholar 

  • Martinico G (2017) Commento all’art. 7. In: Mastroianni R, Pollicino O, Allegrezza S, Pappalardo F, Razzolini O (eds) Carta dei diritti fondamentali dell’Unione europea. Giuffrè, Milano, p 114

    Google Scholar 

  • Mazzacuva F (2015) L'incidenza della definizione “convenzionale” di pena sulle prospettive di riforma del sistema sanzionatorio. Riv trim dir pen cont 3:6

    Google Scholar 

  • Mitsilegas V (2015) The transformation of privacy in an era of pre-emptive surveillance. Tilburg Law Rev 20:35–57

    Article  Google Scholar 

  • Mitsilegas V (2016) Surveillance and digital privacy in the transatlantic ‘War on Terror.’ the case for a global privacy regime. Columbia Hum Rights Law Rev 47(3):1–77

    Google Scholar 

  • MONEYVAL (2013) The Postponement of Financial Transactions and The Monitoring of Bank Accounts, April 2013. https://rm.coe.int/research-report-the-postponement-of-financial-transactions-and-the-mon/168071509b. Accessed 19 July 2018

  • Murphy T, Ó Cuinn GO (2010) Works in progress: new technologies and the European Court of Human Rights. Human Rights Law Rev 10(4):601–638

    Article  Google Scholar 

  • Nicolicchia F (2017) I limiti fissati dalla Corte costituzionale tedesca agli strumenti di controllo tecnologico occulto: spunti per una trasposizione nell’ordinamento italiano. Arch pen 2

    Google Scholar 

  • Orlandi R (2009) Questioni attuali in tema di processo penale e informatica. Riv dir proc, p 129

    Google Scholar 

  • Orlandi R (2014) La riforma del processo penale fra correzioni strutturali e tutela “progressiva” dei diritti fondamentali. Riv it dir e proc pen, pp 1133–1164

    Google Scholar 

  • Orlandi R (2018) Usi investigativi dei cosiddetti captatori informatici. Criticità e inadeguatezza di una recente riforma. Riv it dir proc pen

    Google Scholar 

  • Pica G (1999) Diritto penale delle tecnologie informatiche. UTET, Torino

    Google Scholar 

  • Pollicino O (2017) Commento all’art. 8. In: Mastroianni R, Pollicino O, Allegrezza S, Pappalardo F, Razzolini O (eds) Carta dei diritti fondamentali dell’Unione europea. Giuffrè, Milano, p 132

    Google Scholar 

  • Richards NM (2013) The danger of surveillance. Harv Law Rev 126:1934

    Google Scholar 

  • Sanchez SI (2012) The court and the charter: the impact of the entry into force of the Lisbon treaty on the ECJ’s approach to fundamental rights. Common Mark Law Rev 49(5):1565

    Google Scholar 

  • Sarmiento D (2013) Who’s afraid of the Charter? Common Mark Law Rev 50:1267–1304

    Google Scholar 

  • Sayers D (2014) Sub art. 48 (Criminal law). In: Peers S, Hervey TK, Kenner J, Ward A (eds) The EU Charter of Fundamental Rights. Hart, Oxford, p 1303 et seq

    Google Scholar 

  • Schulhofer SS (2012) More essential than ever: the Fourth Amendment in the twenty-first century. Oxford University Press, Oxford

    Book  Google Scholar 

  • Signorato S (2017) Le indagini penali informatiche, I, Giappichelli, Torino

    Google Scholar 

  • Torre M (2015) Il virus di Stato nel diritto vivente tra esigenze investigative e tutela dei diritti fondamentali. Dir pen e proc, p 1167

    Google Scholar 

  • Torre M (2017) Il captatore informatico. Giuffrè, Milano

    Google Scholar 

  • Tricot J, Martìn AN (forthcoming) Monitoring of banking transactions and traffic data. In: Ligeti K (ed) Toward a prosecutor for the European Union-Draft rules of procedure, vol 2. Hart, Oxford

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Bologna, Bologna, Italy

    Giulia Lasagni

Authors
  1. Giulia Lasagni
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer International Publishing Switzerland and G. Giappichelli Editore

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Lasagni, G. (2019). Introducing a Regulation on (Banking) Data Surveillance in the EU: Some Proposals. In: Banking Supervision and Criminal Investigation. Comparative, European and International Criminal Justice, vol 1. Springer, Cham. https://doi.org/10.1007/978-3-030-12161-7_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-12161-7_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-12160-0

  • Online ISBN: 978-3-030-12161-7

  • eBook Packages: Law and CriminologyLaw and Criminology (R0)

Publish with us

Policies and ethics

Search

Navigation