Sicurezza nazionale e diritti fondamentali alla luce della giurisprudenza UE in materia di tutela dei dati personali

In the Schrems judgment, the ECJ invalidated the Commission’s adequacy decision on the EU-US Safe Harbour allowing personal data to be transferred freely to the US. The Court found the adequacy decision to be in violation of the data protection Directive 95/46/EC, read in light of Art. 8 of the EU Charter of Fundamental Rights, in particular because it did not contain limits, safeguards and guarantees concerning access for national security purposes by US intelligence agency to data transferred from the EU. According to the Court, such an interference with the fundamental right to the protection of personal data can take place only when strictly necessary and proportionate to the national security objectives pursued This ruling, which was issued in the aftermath of the so-called Snowden revelations, raises the question of whether such principles apply only in the specific context of an adequacy decision on the international transfers of data or also to access to data by EU Member States intelligence authorities, when Art. 4 (2) TEU provides that national security remains the sole responsibility of each Member State. Through the analysis of Art. 4 (2) TEU and Art. 8 of the Charter, the new data protection Regulation 2016/679, the relevant case-law of the ECJ (e.g. Digital Rights Ireland, Tele2) and of the ECHR (e.g. Zakharov, Szabo and Vissy), the present article aims thus at assessing if, and to which extent, EU law requirements can affect the activities of Member States in the field of the protection of national security. This appears of particular importance at a time where several Member States (e.g. France, Germany, UK) have passed legislation in the field of surveillance which may not provide sufficient safeguards in line with the high standards of the Schrems judgement, if they were applicable to Member States