On the 13th of February 2024, the European Court of Human Rights (‘the Court’) issued a judgement in the names of ‘Podchasov v. Russia’ in which it discussed the statutory requirement for ‘Internet communication organisers’ (‘ICOs’) to store all communications data for a period of one year, together with the contents of said communications for a period of six months. It also continued by discussing the requirement that said data be submitted to law-enforcement authorities or security services in circumstances specified by law, together with information necessary to decrypt electronic messages if encrypted.

The Court began by specifying at the outset that merely storing data relating to the private life of an individual amounts to an interference with the spirit of Article 8 of the European Convention on Human Rights (‘the ECHR’), which deals with the right to the enjoyment of private and family life. Having said that, in determining whether personal information retained by authorities involves any of the private-life aspects, the Court stated that it considers the specific context in which the relevant information has been recorded and retained, together with the nature of the records, the way in which the records are used and processed and the results obtained.

The Court found that the storage by the applicant’s ICO of the contents of his Internet communications and other data interfered with his right to respect for his private life and correspondence. The storage, therefore, amounted to an interference with Article 8, regardless of whether the authorities accessed the data afterwards. Even though the storage had been carried out by private persons, i.e. the ICOs, it was required by law, meaning that the interference ought to be attributable to the Russian state. The Court continued by observing that the interference complained of does not relate solely to the storage of data as described, but also to the potential for national authorities to access said data.

Furthermore, while the Court recognised that no evidence was present that the authorities had accessed applicant’s data via Telegram – the application of which applicant was a user – and that it is impossible for a person to know for certain that their data has been accessed, one ought to analyse the question whether applicant may claim that he is a victim of interference with his rights under Article 8 ECHR owing to the existence of laws which permit authorities to act in such a way with reference to the criteria used in secret surveillance. To this end, the case in the names of Roman Zakharov v. Russia (‘Roman Zakharov’) was quoted, in which the Court had examined Russian legislation on secret surveillance and found that, considering the secret nature of surveillance measures, the broad scope of their application, which affects all users communication networks and the lack of effective means to challenge the alleged application of secret surveillance measures domestically, the existence of legislation permitting secret surveillance constitutes interference with a user’s private life. In the case at hand, the Court did not find any reason why it should hold otherwise, as the Russian state itself confirmed that access to retained internet communications and related communications data is governed by the same legal regime examined in Roman Zakharov. Therefore, the mere existence of contested legislation brings about an interference with the exercise of the applicant’s rights under Article 8. Another argument brought forth by applicant was that it was impossible to provide authorities with encryption keys associated with specific users of the Telegram messenger application as, in order to enable the decryption of end-to-end encrypted communication, the encryption technology used by said application would be weakened and would affect everyone due to their nature as measures not limited to specific individuals. The Court, therefore, found that applicant’s rights under Article 8 had been interfered with.

In the Court’s view, elucidated in its conclusion, there are other ways in which encrypted communications may be monitored which do not involve the creation of backdoors. Finding in favour of Podchasov, the Court stated that the requirement of encrypting end-to-end communications ‘cannot be regarded as necessary in a democratic society’, and that laws permitting the access to communications enacted without the presence of safeguards  impair rights and, as such, the Russian government ‘overstepped any acceptable margin of appreciation in that regard’.

Disclaimer This article is not intended to impart legal advice and readers are asked to seek verification of statements made before acting on them.
Skip to content