The Relation between Privacy and Security in Data Retention – An Overview of Certain Percentage of Croatian Citizens’ Opinion


  • J. Levak Faculty of Law, University of Zagreb.University of Applied Sciences Velika Gorica, Croatia
  • D. Osterman University of Applied Sciences Velika Gorica, Croatia


Court of Justice of the European Union, Retention of Electronic Communications Data, Right to Privacy, Security,


The aim of this paper is to define citizens' views on the use of telephone call lists and location (without content), i.e. the retention of, and access to retained data about, telecommunications traffic by the police for the purpose of preventing and detecting offenders, and searching for missing persons and objects. The research aimed to answer the question of whether the ruling of the Court of Justice of the European Union (CJEU), by placing the right to privacy before the right to security, took into account the rights of victims of crime and the humanitarian aspect of saving people and property; and to identify acceptable data protection measures, transparency, and control mechanisms to access the data. The data were collected through an online questionnaire between September 25, 2018 and November 13, 2018 on a sample of 252 subjects, and then processed using the PASW Statistics 18.0 statistical package. The results show that both security and privacy are equally important to citizen. The results also showed that under clearly defined conditions, citizens find it acceptable to restrict privacy in order to maintain a satisfactory level of security. It was also evident that citizens do not see police as someone potentially misusing the retained data, but they think that the problem lies in the protection of data by telecommunications service providers and the transparency of checking access to retained data.


Council of the European Union, 9663/19 (OR. en), 27 May 2019, Conclusions of the Council of the European Union on Retention of Data for the purpose of Fighting Crime - adoption

Charter of Fundamental Rights of the European Union, CELEX:12012P/TXT (accessed January 7, 2019)

Judgment of the Court (Grand Chamber) of 21st of December 2016. Tele2 Sverige AB v Post- och telestyrelsen and Secretary of State for the Home Department v Tom Watson and Others. Requests for a preliminary ruling from the Kammarrätten i Stockholm and the Court of Appeal (England & Wales) (Civil Division). Reference for a preliminary ruling — Electronic communications — Processing of personal data — Confidentiality of electronic communications — Protection — Directive 2002/58/EC — Articles 5, 6 and 9 and Article 15(1) — Charter of Fundamental Rights of the European Union — Articles 7, 8 and 11 and Article 52(1) — National legislation — Providers of electronic communications services — Obligation relating to the general and indiscriminate retention of traffic and location data — National authorities — Access to data — No prior review by a court or independent administrative authority — Compatibility with EU law. Joined Cases C-203/15 and C-698/15., available at, (accessed on January 1, 2019)

DIRECTIVE 2002/58/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of July 12, 2002 on the processing of personal data and the protection of privacy in the field of electronic communications (Directive on privacy and electronic communications)

Official Journal of the European Union, L 105/54, April 14, 2004, DIRECTIVE 2006/24/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of March 15, 2006, on the withholding of information obtained or processed in connection with the provision of publicly available electronic communications services or public communications network and amending Directive 2002/58/EC

Levak J., Osterman D., Protection, Retention and Exchange of Information Used by Law Enforcement Authorities and Possible Technical Solutions on Data Retention Following the Revocation of the Data Retention Directive by the Court of Justice of the European Union, Police and Security ( Zagreb), year 26. (2017), issue 4, p. 342- 364

Official Journal of the European Union, C 175/6, June 10, 2014, Judgment of the Court (Grand Chamber) of April 8, 2014 (reference for a preliminary ruling from the High Court of Ireland, Verfassungsgerichtshof - Ireland, Austria) - Digital Rights Ireland Ltd (C-293/12), Kärntner Landesregierung, Michael Seitlinger, Christof Tschohl et al (C-594/12) v Minister for Communications, Marine and Natural Resources, Minister for Justice, Equality and Law Reform, The Commissioner of the Garda Síochána, Ireland and the Attorney General (Joined Cases C-293/12 and C-594/12)

Council of the European Union, ST 10098/17 LIMITE, Brussels, 6 November 2017, Data retention regimes in Europe in light of the CJEU ruling of 21 December 2016 in Joined Cases C-203/15 and C-698/15- Report

Council of the European Union, ST 6713/17 LIMITE, Brussels, 1 March 2017, Retention of electronic communication data - next steps

FoP DAPIX Joint Meeting on Data Retention Formation and TELE (Working Group on Telecommunications and Information Society) in October 2017, opinions were exchanged concerning a new proposal for a draft of the e-Privacy Regulation. During 2018, two additional joint meetings were held to address the need to maintain flexibility under the new e-Privacy Regulation. Flexibility is recognized as a key element for future developments, either on the basis of the case-law of the Court of Justice or through legislative reforms at national or European level.

Council of European Union document 14480/1/17

Article 18 of the Law on Security and Intelligence System states: “In order to activate and manage the measure of covert surveillance of telecommunications services, activities and traffic, and to achieve operational and technical coordination between legal and natural persons who have a public telecommunications network and provide public telecommunications services and access services in the Republic of Croatia, and bodies authorized to apply telecommunications surveillance measures in accordance with this Act and the Criminal Procedure Code, shall establish an Operational and Technical Center for Telecommunications Surveillance (hereinafter: OTC).”

Tele2 judgment, paragraph 123

Ibid, para. 109

Ibid, paragraph 120 (see by analogy, in relation to Directive 2006/24, judgment of Digital Rights, paragraph 62; see also by analogy, in relation to Article 8 of the ECHR, ECtHR judgment of January 122016; Szabó and Vissy v. Hungary, CE: ECHR: 2016: 0112JUD003713814, paragraphs 77 and 80.)

Ibid, para. 108

Council of the European Union, ST 14319/18 LIMITE, Brussels, 23 November 2018, Data retention-State of play

It should be mentioned that the European Commission was already obliged in its COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE EUROPEAN COUNCIL AND THE COUNCIL, in its Fourth Progress Report on the Establishment of an Effective and True Security Union (COM (2017) 41 final) of January 25, 2017, to draw up guidelines for the adoption of national laws on data retention that would comply with the judgment.

United Nations (UN), Human Rights Council, Cannataci, J. (2016), Report on the Special Rapporteur on Right to Privacy, A / HRC / 31/64, 8 March 2016, p.9, paragraph 23., available at lement, (accessed December 3, 2017)

Council of the European Union, 15252/18 (OR. en), OUTCOME OF THE COUNCIL MEETING, 3661st Council meeting, Justice and Home Affairs, Brussels, 6 and 7 December 2018, (accessed March 17, 2019.




How to Cite

Levak, J., & Osterman, D. (2020). The Relation between Privacy and Security in Data Retention – An Overview of Certain Percentage of Croatian Citizens’ Opinion. Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 12(3), 31–39. Retrieved from