If data retention powers are designed to combat serious crime such as terrorism, then can they be used to investigate a relatively minor offence such as robbery?
The background to this case can be pieced together from two sources: an article published in the Spanish newspaper “La Vanguardia” (dated 7 April 2016), which republished an article in “Europa Press”; and a post containing supplementary information published on the ‘derechoynormas’ website (dated 16 May 2016).
From these sources, it is apparent that in 2015 a resident of Tarragon was robbed of their mobile telephone. The robber used some force with the result that the person was left with broken ribs, and a cut that required stitches.
To investigate this crime, the Spanish police sought an order from the local court that would require telecoms companies to release specific information about the stolen telephone. The request was turned down by the investigating magistrate. Under Spanish law, ‘data retention’ requests could only be issued in respect of investigations into serious crime, namely, where the sentence would be longer than 5 years in prison.
The Spanish ‘Ministerio Fiscal’ subsequently launched an appeal before the Audiencia Provincial in Tarragon, which in turn decided to make a preliminary ruling to the CJEU.
According to the EU’s Official Journal (OJ  C251/7), the Fourth Chamber of the Audiencia Provincial in Tarragona (Spain) has asked:
1. Can the sufficient seriousness of offences, as a criterion which justifies interference with the fundamental rights recognised by Articles 7 and 8 of the Charter, […] be determined taking into account only the sentence which may be imposed in respect of the offence investigated, or is it also necessary to identify in the criminal conduct particular levels of harm to individual and/or collective legally-protected interests?
2. If it were in accordance with the constitutional principles of the European Union, used by the Court of Justice in its judgment of 8 April 2014 [Joined Cases C-293/12 (Digital Rights Ireland) and C-594/12 (Seitlinger and Others)] as standards for the strict review of the Directive, [… 2006/24/EC … on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC (OJ 2006 L105/54] to determine the seriousness of the offence solely on the basis of the sentence which may be imposed, what should the minimum threshold be? Would it be compatible with a general provision setting a minimum of three years’ imprisonment?