THIRD SECTION
\nCASE OF CENTRUM F\u00d6R R\u00c4TTVISA v. SWEDEN
\n(Application no. 35252\/08)<\/p>\n
JUDGMENT
\nSTRASBOURG
\n19 June 2018<\/p>\n
Referral to the Grand Chamber
\n04\/02\/2019<\/p>\n
This judgment will become final in the circumstances set out in Article\u00a044 \u00a7\u00a02 of the Convention. It may be subject to editorial revision.<\/p>\n
In the case of Centrum f\u00f6r r\u00e4ttvisa v. Sweden,<\/strong><\/p>\n The European Court of Human Rights (Third Section), sitting as a Chamber composed of:<\/p>\n Branko Lubarda, President, Having deliberated in private on 29 May 2018,<\/p>\n Delivers the following judgment, which was adopted on that date:<\/p>\n PROCEDURE<\/strong><\/p>\n 1.\u00a0\u00a0The case originated in an application (no. 35252\/08) against the Kingdom of Sweden lodged with the Court under Article 34 of the Convention for the Protection of Human Rights and Fundamental Freedoms (\u201cthe Convention\u201d) by Centrum f\u00f6r r\u00e4ttvisa on 14 July 2008.<\/p>\n 2.\u00a0\u00a0The Swedish Government (\u201cthe Government\u201d) were represented by their Agent, Mr A. R\u00f6nquist, Ministry for Foreign Affairs.<\/p>\n 3.\u00a0\u00a0The applicant alleged that Swedish legislation and practice in the field of signals intelligence have violated and continue to violate its rights under Article 8 of the Convention. It also complained that it has had no effective domestic remedy through which to challenge this violation.<\/p>\n 4.\u00a0\u00a0On 1 November 2011 (admissibility) and 14 October 2014 (admissibility and merits) the application was communicated to the Government.<\/p>\n 5.\u00a0\u00a0On 14 October 2014 the International Commission of Jurists, Norwegian Section, was granted leave to submit written comments, under Rule 44 \u00a7 3 of the Rules of the Court.<\/p>\n THE FACTS<\/strong><\/p>\n I.\u00a0\u00a0INTRODUCTION<\/p>\n 6.\u00a0\u00a0The applicant, Centrum f\u00f6r r\u00e4ttvisa, is a Swedish foundation which was established in 2002 and which has its seat in Stockholm. A not\u2011for\u2011profit organisation, its stated objective is to represent clients, in litigation against the State and otherwise, who claim that their rights and freedoms under the Convention and under Swedish law have been violated. It also conducts education and research and participates in the general debate on issues concerning individuals\u2019 rights and freedoms. The applicant communicates on a daily basis with individuals, organisations and companies in Sweden and abroad by email, telephone and fax and asserts that a large part of that communication is particularly sensitive from a privacy perspective. Due to the nature of its function as a non-governmental organisation scrutinising the activities of State actors, it believes that there is a risk that its communication through mobile telephones and mobile broadband has been or will be intercepted and examined by way of signals intelligence. The applicant has not brought any domestic proceedings, contending that there is no effective remedy for its Convention complaints.<\/p>\n 7.\u00a0\u00a0Signals intelligence can be defined as intercepting, processing, analysing and reporting intelligence from electronic signals. These signals may be processed to text, images and sound. The intelligence collected through these procedures may concern both the content of a communication and its associatedcommunications data (the data describing, for instance, how, when and between which addresses the electronic communication is conducted). The intelligence may be intercepted over the airways \u2013 usually from radio links and satellites \u2013 and from cables. Whether a signal is transmitted over the airways or through cables is controlled by the communications service providers. A great majority of the traffic relevant for signals intelligence is cable-based. The term \u201csignal carriers\u201d refers to the medium used for transmitting one or more signals. Unless indicated in the following, the regulation of Swedish signals intelligence does not distinguish between the content of communications and their communications data or between airborne and cable-based traffic.<\/p>\n II.\u00a0\u00a0RELEVANT DOMESTIC LAW AND PRACTICE<\/p>\n A.\u00a0\u00a0Generally on signals intelligence<\/strong><\/p>\n 8.\u00a0\u00a0Foreign intelligence is, according to the Foreign Intelligence Act (Lagenom f\u00f6rsvarsunderr\u00e4ttelseverksamhet; 2000:130), conducted in support of Swedish foreign, defence and security policy, and in order to identify external threats to the country. The activities should also assist in Sweden\u2019s participation in international security cooperation. Intelligence under the Act may only be conducted in relation to foreign circumstances (section 1(1)). The Government determines the direction of the activities; it also decides which authorities may issue more detailed directives and which authority is to conduct the intelligence activities (section 1(2) and 1(3)). The Government issues general tasking directives annually. Foreign intelligence may not be conducted for the purpose of solving tasks in the area of law enforcement or crime prevention, which come under the mandate of the Police Authority, the Security Police and other authorities and which are regulated by different legislation. However, authorities that conduct foreign intelligence may support authorities dealing with law enforcement or crime prevention (section 4). Examples of such support are cryptanalysis and technical help on information security (preparatory works to amended legislation on foreign intelligence, prop. 2006\/07:63, p. 136).<\/p>\n 9.\u00a0\u00a0The collection of electronic signals is one form of foreign intelligence. It is regulated by the Signals Intelligence Act (Lagenom signalspaning i f\u00f6rsvarsunderr\u00e4ttelseverksamhet; 2008:717), which entered into force on 1\u00a0January 2009. Several amendments were made to the Act on 1 December 2009, 1 January 2013, 1 January 2015 and 15 July 2016. Supplementary provisions are found in the Signals Intelligence Ordinance (F\u00f6rordningen om signalspaning i f\u00f6rsvarsunderr\u00e4ttelseverksamhet; 2008:923). The legislation authorises the National Defence Radio Establishment (F\u00f6rsvarets radioanstalt; henceforth \u201cthe FRA\u201d) to conduct signals intelligence (section\u00a02 of the Ordinance compared to section 1 of the Act). During signals intelligence all cable-based cross-border communications are transferred to certain points of collection. No information is stored at these points and a limited amount of data traffic is transferred to the FRA by signals carriers (parliamentary committee report SOU 2016:45, p. 107)The FRA may conduct signals intelligence within the area of foreign intelligence only as a result of a detailed tasking directive issued by the Government, the Government Offices, the Armed Forces and, as from January 2013, the Security Police and the National Operative Department of the Police Authority (Nationella operativa avdelningen i Polismyndigheten; hereafter \u201cNOA\u201d) (sections 1(1) and 4(1) of the Act) in accordance with the issuer\u2019s precise intelligence requirements. However, the direction of the FRA\u2019s \u201cdevelopment activities\u201d (see further paragraph 14 below) may be determined solely by the Government (section 4(2)). A detailed tasking directive determines the direction of the intelligence activities and may concern a certain phenomenon or situation, but it may not solely target a specific natural person (section 4(3)).<\/p>\n 10.\u00a0\u00a0The mandate of the Security Police and the NOA to issue detailed tasking directives aims to improve these authorities\u2019 ability to obtain data about foreign circumstances at a strategic level concerning international terrorism and other serious international crime that may threaten essential national interests. At the time of introduction of the new rules, the Government stated in the preparatory works (prop. 2011\/12:179, p. 19) that the mandate is in accordance with the prohibition on conducting signals intelligence for the purpose of solving tasks in the area of law enforcement or crime prevention.<\/p>\n 11.\u00a0\u00a0According to the Foreign Intelligence Ordinance (F\u00f6rordningen om f\u00f6rsvarsunderr\u00e4ttelseverksamhet; 2000:131), a detailed tasking directive shall include information about 1) the issuing authority, 2) the part of the Government\u2019s annual tasking directive it concerns, 3) the phenomenon or situation intended to be covered, and 4) the need for intelligence on that phenomenon or situation (section 2a).<\/p>\n B.\u00a0\u00a0Scope of application of signals intelligence<\/strong><\/p>\n 12.\u00a0\u00a0The purposes for which electronic signals may be collected as part of foreign intelligence are specified in the Signals Intelligence Act which provides that signals intelligence may be conducted only to survey 1)\u00a0\u00a0external military threats to the country, 2)conditions for Swedish participation in international peacekeeping or humanitarian missions or threats to the safety of Swedish interests in the performance of such operations, 3)strategic circumstances concerning international terrorism or other serious cross-border crimes that may threaten essential national interests, 4) the development and proliferation of weapons of mass destruction, military equipment and other similar specified products, 5)\u00a0\u00a0serious external threats to society\u2019s infrastructure, 6) foreign conflicts with consequences for international security, 7) foreign intelligence operations against Swedish interests, and 8) the actions or intentions of a foreign power that are of substantial importance for Swedish foreign, security or defence policy (section 1(2)).<\/p>\n 13.\u00a0\u00a0These eight purposes are further elaborated upon in the preparatory worksto the legislation (prop. 2008\/09:201, pp. 108-109):<\/p>\n \u201cThe purposes for which permits to conduct signals intelligence may be granted are listed in eight points. The first point concerns external military threats to the country. Military threats include not only imminent threats, such as threats of invasion, but also phenomena that may in the long term develop into security threats. Consequently, the wording covers the surveying of military capabilities and capacities in our vicinity.<\/p>\n The second point comprises both surveying necessary to provide an adequate basis for a decision whether to participate in international peacekeeping or humanitarian missions and surveying performed during ongoing missions concerning threats to Swedish personnel or other Swedish interests.<\/p>\n The third point refers to strategic surveying of international terrorism or other serious cross-border crime, such as drug or human trafficking of such severity that it may threaten significant national interests. The task of signals intelligence in relation to such activities is to survey them from a foreign and security policy perspective; the intelligence needed to combat the criminal activity operatively is primarily the responsibility of the police.<\/p>\n The fourth point addresses the need to use signals intelligence to follow, among other things, activities relevant to Sweden\u2019s commitments in regard to non-proliferation and export control, even in cases where the activity does not constitute a crime or contravenes international conventions.<\/p>\n The fifth point includes, among other things, serious IT-related threats emanating from abroad. That the threats should be of a serious nature means that they, for example, should be directed towards vital societal systems for energy and water supply, communication or monetaryservices.<\/p>\n The sixth point refers to the surveying of such conflicts between and in other countries that may have consequences for international security. It may concern regular acts of war between states but also internal or cross-border conflicts between different ethnic, religious or political groups. The surveying of the conflicts includes examining their causes and consequences.<\/p>\n The seventh point signifies that intelligence activities conducted against Swedish interests can be surveyed through signals intelligence.<\/p>\n The eighth point provides the opportunity to conduct signals intelligence against foreign powers and their representatives in order to survey their intentions or actions that are of substantial importance to Swedish foreign, security or defence policy. Such activities may relate only to those who represent a foreign power. Through the condition\u201csubstantial importance\u201d it is emphasised that it is not sufficient that the phenomenon is of general interest but that the intelligence should have a direct impact on Swedish actions or positions in various foreign, security or defence policy matters.\u00a0…\u201d<\/p>\n 14.\u00a0\u00a0The FRA may collect electronic signals also in order to monitor changes in the international signals environment, technical advances and signals protection and to develop the technology needed for signals intelligence (section 1(3)). This is regarded as \u201cdevelopment activities\u201d and, according to the relevant preparatory works (prop. 2006\/07:63, p.72), they do not generate any intelligence reports. However, the FRA may share experiences gained on technological issues with other authorities. Development activities usually do not focus on communications between individuals, though information on individuals\u2019 identities may be intercepted.<\/p>\n 15.\u00a0\u00a0Signals intelligence conducted on cables may only concern signals crossing the Swedish border in cables owned by a communications service provider (section 2). Communications between a sender and receiver within Sweden may not be intercepted, regardless of whether the source is airborne or cable-based. If such signals cannot be separated at the point of collection, the recording of or notes about them shall be destroyed as soon as it becomes clear that such signals have been collected (section 2a).<\/p>\n 16.\u00a0\u00a0Interception of cable-based signals is automated and must only concern signals that have been identified through the use of search terms. Such terms are also used to identify signals over the airways, if the procedure is automated. The search terms must be formulated in such a way that the interference with personal integrity is limited as far as possible. Terms directly relating to a specific natural person may only be used if this is of exceptional importance for the intelligence activities (section 3).<\/p>\n 17.\u00a0\u00a0After the signals have been intercepted they are processed, which means that they are, for example, subjected to cryptanalysis or translation. Then the information is analysed and reported to the authority that gave the FRA the mission to collect the intelligence in question.<\/p>\n C.\u00a0\u00a0Authorisation of signals intelligence<\/strong><\/p>\n 18.\u00a0\u00a0For all signals intelligence, including the development activities, the FRA must apply for a permit to the Foreign Intelligence Court (F\u00f6rsvarsunderr\u00e4ttelsedomstolen). The application shall contain the mission request that the FRA has received, with information on the relevant detailed tasking directive and the need for the intelligence sought. Also, the signal carriers to which the FRA requires access have to be specified, along with the search terms or categories of search terms that will be used. Finally, the application must state the duration for which the permit is requested (section\u00a04a).<\/p>\n 19.\u00a0\u00a0A permit may only be granted if the mission is in accordance with the provisions of the Foreign Intelligence Act and the Signals Intelligence Act, if the purpose of the interception of signals cannot be met in a less interfering manner, if the mission can be expected to yield information whose value is clearly greater than the possible interference with personal integrity, if the search terms or categories of search terms are in accordance with the Signals Intelligence Act and if the application does not concern solely a specific natural person (section 5).<\/p>\n 20.\u00a0\u00a0If granted, the permit shall specify the mission for which signals intelligence may be conducted, the signal carriers to which the FRA will have access, the search terms or categories of search terms that may be used, the duration of the permit and other conditions necessary to limit the interference with personal integrity (section 5a).<\/p>\n 21.\u00a0\u00a0The FRA itself may decide to grant a permit, if the application for a permit from the Foreign Intelligence Court might cause delay or other inconveniences of essential importance for one of the specified purposes of the signals intelligence. If the FRA grants a permit, it has to report to the court immediately and the court shall without delay decide in the matter. The court may revoke or amend the permit (section 5b).<\/p>\n 22.\u00a0\u00a0The composition of the Foreign Intelligence Court and its activities are regulated by the Foreign Intelligence Court Act (LagenomF\u00f6rsvarsunderr\u00e4ttelsedomstol; 2009:966). The court consists of one president, one or two vice-presidents and two to six other members. The president is a permanent judge, nominated by the Judges Proposals Board (Domarn\u00e4mnden) and appointed by the Government. The vice-presidents, who must be legally trained and have previous experience as judges, and the other members, who are required to have special expertise of relevance for the court\u2019s work, are appointed by the Government on four-year terms. The applications for signals intelligence permits are discussed during hearings, which may be held behind closed doors, if it is clear that information classified as secret would be exposed as a result of a public hearing. During the court\u2019s examination, the FRA as well as a privacy protection representative (integritesskyddsombud) are present. The representative, who does not represent any particular person but the interests of individuals in general, monitors integrity issues and has access to the case file and may make statements. Privacy protection representatives are appointed by the Government for a period of four years and must be or have been permanent judges or attorneys. The court may hold a hearing and decide on an application without the presence of a representative only if the case is of such urgency that a delay would severely compromise the purpose of the application. The court\u2019sdecisions are final.<\/p>\n D.\u00a0\u00a0The duration of signals intelligence<\/strong><\/p>\n 23.\u00a0\u00a0A permit may be granted for a specific period of time, maximum six months. An extension may, after a renewed examination, be granted for six months at a time (Signals Intelligence Act, section 5a).<\/p>\n E.\u00a0\u00a0Procedures to be followed for storing, accessing, examining, using and destroying the intercepted data<\/strong><\/p>\n 24.\u00a0\u00a0The Foreign Intelligence Inspectorate (Statens inspektion f\u00f6r f\u00f6rsvarsunderr\u00e4ttelseverksamheten(SIUN); see further paragraphs 36-40 below) oversees access to the signal carriers. Communications service providers are obliged to transfer cable-based signals crossing the Swedish borders to \u201ccollaboration points\u201d agreed upon with the Inspectorate. The Inspectorate, in turn, provides the FRA with access to signal carriers in so far as such access is covered by a signals intelligence permit and, in so doing, implements the permits issued by the Foreign Intelligence Court (Chapter 6, section 19a of the Electronic Communications Act (Lagen om elektronisk kommunikation; 2003:389)). The Council on Legislation (Lagr\u00e5det), the body giving opinions on request by the Government or a Parliamentary committee on certain draft bills, has expressed the view that aninterference with private life and correspondence presents itself already at this point, because of the Stateobtaining access to the telecommunications (prop. 2006\/07:63, p.172).<\/p>\n 25.\u00a0\u00a0According to the Signals Intelligence Act, intercepted data must be destroyed immediately by the FRA if it 1) concerns a specific natural person and lacks importance for the signals intelligence, 2)is protected by constitutional provisions on secrecy for theprotection of anonymous authors and media sources, 3) contains information shared between a suspect and his or her legal counsel and is thus protected by attorney-client privilege, or 4)\u00a0involves information given in a religious context of confession or individual counselling, unless there are exceptional reasons for examining the information (section 7).<\/p>\n 26.\u00a0\u00a0If communications have been intercepted between a sender and receiver who are both in Sweden, despite the prohibition on suchinterception, they shall be destroyed as soon as the domestic nature of the communications has become evident (section 2a).<\/p>\n 27.\u00a0\u00a0If a permit urgently granted by the FRA (see paragraph 21 above) is revoked or amended by the Foreign Intelligence Court, all intelligence collected which is thereby no longer authorised must be immediately destroyed (section 5b(3)).<\/p>\n 28.\u00a0\u00a0The FRA Personal Data Processing Act (Lagenom behandling av personuppgifter i F\u00f6rsvarets radioanstalts f\u00f6rsvarsunderr\u00e4ttelse- och utvecklingsverksamhet; 2007:259) contains provisions on the treatment of personal data within the area of signals intelligence. The Act entered into force on 1 July 2007, with amendments made on 30 June 2009 and 15\u00a0February 2010. The purpose of the Act is to protect against violations of personal integrity (Chapter 1, section 2). The FRA shall ensure, inter alia, that personal data is collected only for certain expressly stated and justified purposes. Such purpose is either determined by the direction of the foreign intelligence activities through a detailed tasking directive or by what is necessary in order to follow changes in the signals environment, technical advances and signals protection. Also, the personal data treated has to be adequate and relevant in relation to the purpose of the treatment. No more personal data than what is necessary for that purpose may be processed. All reasonable efforts have to be made to correct, block and obliterate personal data that is incorrect or incomplete (Chapter 1, sections 6, 8 and 9).<\/p>\n 29.\u00a0\u00a0Personal data may not be processed solely because of what is known of a person\u2019s race or ethnicity, political, religious or philosophical views, membership in a union, health or sexual life. If, however, personal data is treated for a different reason, this type of information may be used if it is absolutely necessary for the treatment. Information about a person\u2019s physical appearance must always be formulated in an objective way with respect for human dignity. Intelligence searches may only use the mentioned personal indicators as search terms if this is absolutely necessary for the purpose of the search (Chapter 1, section 11).<\/p>\n 30.\u00a0\u00a0Personnel at the FRA who process personal data go through an official security clearance procedure and are subject to confidentiality in regard to data to which secrecy applies. They could face criminal sanctions if tasks relating to the processing of personal data are mismanaged (Chapter\u00a06, section 2).<\/p>\n 31.\u00a0\u00a0Personal data that has been subjected to automated processing shall be destroyed as soon as it is no longer needed (Chapter 6, section 1).<\/p>\n 32.\u00a0\u00a0Further provisions on the treatment of personal data arelaid down in the FRA Personal Data Processing Ordinance (F\u00f6rordningen om behandling av personuppgifter i F\u00f6rsvarets radioanstalts f\u00f6rsvarsunderr\u00e4ttelse- och utvecklingsverksamhet; 2007:261). It provides, inter alia, that the FRA may keep databases for raw material containing personal data. Raw material is unprocessed information which has been collected through automated treatment. Personal data in such databases shall be destroyed within one year from when it was collected (section 2).<\/p>\n F.\u00a0\u00a0Conditions for communicating the intercepted data to other parties<\/strong><\/p>\n 33.\u00a0\u00a0The intelligence collected shall be reported to the authorities concerned, as determined under the Foreign Intelligence Act (Signals Intelligence Act, section 8; see paragraphs 8-9 above).<\/p>\n 34.\u00a0\u00a0The Government Offices, the Armed Forces, the Security Police, the NOA, the Inspectorate of Strategic Products (Inspektionen f\u00f6r strategiska produkter), the Defence Material Administration (F\u00f6rsvarets materialverk), the Defence Research Agency (Totalf\u00f6rsvarets forskningsinstitut), the Civil Contingencies Agency (Myndigheten f\u00f6r samh\u00e4llsskydd och beredskap) and the Swedish Customs (Tullverket) may have direct access to completed intelligence reports to the extent the FRA so decides (section 9 of the FRA Personal Data Processing Ordinance). However, to date, no decisions permitting direct access have been taken by the FRA.<\/p>\n 35.\u00a0\u00a0Personal data may be communicated to other states or international organisations only if not prevented by secrecy and if necessary for the FRA to perform its activities within international defence and security cooperation. The Government may adopt rules or decide in a specific case to allow such communication of personal data also in other cases when necessary for the activities of the FRA (Chapter 1, section 17 of the FRA Personal Data Processing Act). The FRA may disclose personal data to a foreign authority or an international organisation if it is beneficial for the Swedish government (statsledningen) or Sweden\u2019s comprehensive defence strategy (totalf\u00f6rsvaret); information so communicated must not harm Swedish interests (section 7 of the FRA Personal Data Processing Ordinance).<\/p>\n G.\u00a0\u00a0Supervision of the implementation of signals intelligence<\/strong><\/p>\n 36.\u00a0\u00a0The Foreign Intelligence Act (section 5) and the Signals Intelligence Act (section 10) prescribe that an authority is to oversee the foreign intelligence activities in Sweden and verify thatthe FRA\u2019s activities are in compliance with the provisions of theSignals Intelligence Act. The supervisoryauthority \u2013 the Foreign Intelligence Inspectorate \u2013 is, among other things, tasked with monitoring the implementation of the Foreign Intelligence Act and the associated Ordinance and reviewing whether foreign intelligence activities are performed in compliance with the applicable directives (section 4 of the Foreign Intelligence Inspectorate Instructions Ordinance (F\u00f6rordningen med instruktion f\u00f6r Statens inspektion f\u00f6r f\u00f6rsvarsunderr\u00e4ttelseverksamheten;2009:969)). It shall also review compliance with the Signals Intelligence Act by examining in particular the search terms used, the destruction of intelligence and the communication of reports;if an inspection reveals that a particular intelligence collection is incompatible with a permit, the Inspectorate may decide that the operation shall cease or that the intelligence shall be destroyed (section 10 of the Signals Intelligence Act). The FRA shall report to the Inspectorate the search terms which directly relate to a specific natural person (section 3 of the Signals Intelligence Ordinance).<\/p>\n 37.\u00a0\u00a0The Foreign Intelligence Inspectorate is led by a board whose members are appointed by the Government on terms of at least four years. The president and the vice-president shall be or have been permanent judges. Other members are selected from candidates proposed by the party groups in the Parliament (section 10 (3) of the Signals Intelligence Act).<\/p>\n 38.\u00a0\u00a0Any opinions or suggestions for measures arising from theInspectorate\u2019s inspections shall be forwarded to the FRA, and if necessary also to the Government. The Inspectorate also submits annual reports on its inspections to the Government (section 5 of the Foreign Intelligence Inspectorate Instructions Ordinance), which are made available to the public.Furthermore, if the Inspectorate notices potential crimes, it shall report the matter to the Prosecution Authority (\u00c5klagarmyndigheten), and, if deficiencies are discovered that may incur liability for damages for the State, a report shall be submitted to the Chancellor of Justice (Justitiekanslern). A report may also be submitted to the Data Protection Authority (Datainspektionen), which is the supervisory authority on the treatment of personal data by the FRA (section 15).<\/p>\n 39.\u00a0\u00a0From the establishment of the Inspectorate in 2009 until and including 2017, the latest year covered by its annual reports,no inspections have revealed reasons to cease an intelligence collection or to destroy the results. During the same period, the Inspectorate submitted several opinions and suggestions to the FRA and one to the Government. In the annual reports, brief descriptions have been given of the 102 inspections undertaken at the FRA; they have included numerous detailed examinations of the search terms used, the destruction of intelligence, the communication of reports, the treatment of personal data and the overall compliance with the legislation, directives and permits relevant to the signals intelligence activities. For instance, an inspection in 2014 concerned a general review of the FRA\u2019s cooperation with other states and international organisations in intelligence matters. It did not give rise to any opinion or suggestion to the FRA. In 2017 the Inspectorate carried out a detailed inspection of the treatment by the FRA of personal data. The inspection concerned treatment of sensitive personal data in connection with strategic circumstances with regard to international terrorism and other serious cross-border crime threatening significant national interests. The inspection did not give rise to any opinion or suggestion. However, during that year, one opinion was submitted to the Government following an inspection of whether the FRA\u2019s intelligence activities were carried out within the direction given. During the years 2009-2017 the Inspectorate found reason to make a report to another authority \u2013 the Data Protection Authority \u2013 on one occasion, concerning the interpretation of a legal provision. In its annual reports, the Inspectorate has noted that it has been given access to all the information necessary for its inspections.<\/p>\n 40.\u00a0\u00a0The supervisory activities of the Foreign Intelligence Inspectorate have been audited by the National Audit Office (Riksrevisionen), an authorityunder Parliament. In a report published in 2015 the Office noted that the FRA had routines in place for handling the Inspectorate\u2019s opinions and that the supervision helped develop the activities of the FRA. Suggestions were dealt with in a serious manner and, when called for, gave rise to reforms. At the same time the Office criticised the Inspectorate\u2019s lack of documentation of inspections and that there were no clearly specified goals for the inspections.<\/p>\n 41.\u00a0\u00a0Within the FRA there is a Privacy Protection Council tasked with continuously monitoring measures taken to ensure protection of personal integrity. The members are appointed by the Government. The Council shall report its observations to the FRA management or, if the Council finds reasons for it, to the Inspectorate (section 11 of the Signals Intelligence Act).<\/p>\n 42.\u00a0\u00a0Further provisions on supervision are found in the FRA Personal Data Processing Act. The FRA shall appoint one or several data protection officers and report the appointment to the Data Protection Authority (Chapter 4, section 1). The data protection officer is tasked with independently monitoring that the FRA treats personal data in a legal and correct manner and point out any deficiencies. If deficiencies are suspected and no correction is made, a report shall be submitted to the Data Protection Authority (Chapter 4, section 2).<\/p>\n 43.\u00a0\u00a0The Data Protection Authority, which is an authority under the Government, has on request access to the personal data that is processed by the FRA and documentation on the treatment of personal data along with the security measures taken in this regard as well as access to the facilities where personal data is processed (Chapter 5, section 2). If the Authority finds that personal data is or could be processed illegally, it shall try to remedy the situation by communicating its observations to the FRA (Chapter 5, section 3). It may also apply to the Administrative Court (f\u00f6rvaltningsr\u00e4tten) in Stockholm to have illegally processed personal data destroyed (Chapter 5, section 4).<\/p>\n H.\u00a0\u00a0Notification of secret surveillance measures<\/strong><\/p>\n 44.\u00a0\u00a0If search terms directly related to a specific natural person have been used, he or she is to be notified by the FRA, according to the Signals Intelligence Act. The notification shall contain information on the date and purpose of the measures. Such notification shall be given as soon as it can be done without detriment to the foreign intelligence activities, but no later than one month after the signals intelligence mission has been concluded (section 11a).<\/p>\n 45.\u00a0\u00a0However, the notification may be delayed if secrecy so demands, in particular defence secrecy or secrecy for the protection of international relations. If, due to secrecy, no notification has been given within a year from the conclusion of the mission, the person does not have to be notified. Furthermore, a notification shall not be given if the measures solely concern the conditions of a foreign power or the relationship between foreign powers (section 11b).<\/p>\n I.\u00a0\u00a0Remedies<\/strong><\/p>\n 46.\u00a0\u00a0 The Signals Intelligence Act provides that the Foreign Intelligence Inspectorate, at the request of an individual, must investigate if his or her communications have been intercepted through signals intelligence and, if so, verify whether the interception and treatment of the information have been in accordance with law. The Inspectorate shall notify the individual that such an investigation has been carried out (section 10a). A request can be made by legal and natural persons regardless of nationality and residence. During the period 2010-2017, 132 requests were handled and no unlawfulness was established. In 2017, ten such requests were processed; in 2016 the number was 14. The Inspectorate\u2019s decision following a request is final.<\/p>\n 47.\u00a0\u00a0Under the FRA Personal Data Processing Act, the FRA is also required to provide information upon request. Once per calendar year, an individual may demand information on whether personal data concerning him or her is being or has been processed. If so, the FRA must specify what information on the individual is concerned, from where it was collected, the purpose of the treatment and to which recipients or categories of recipients the personal data is or wasreported. The information is normally to be given within one month from the request (Chapter 2, section 1). However, this right to information does not apply if disclosure is prevented by secrecy (Chapter 2, section 3).<\/p>\n 48.\u00a0\u00a0Following a request from the individual who has had personal data registered, the FRA shall promptly correct, block or destroy such data that has not been processed in accordance with law. The FRA shall also notify any third party who has received the data, if the individual so requests or if substantial harm or inconvenience could be avoided through a notification. No such notification has to be given if it is impossible or would involve a disproportionate effort (Chapter 2, section 4).<\/p>\n 49.\u00a0\u00a0The FRA\u2019s decisions on disclosure and corrective measures in regard to personal data may be appealed against to the Administrative Court in Stockholm (Chapter 6, section 3).<\/p>\n 50.\u00a0\u00a0The State is liable for damages following a violation of personal integrity caused by treatment of personal data not in accordance with the FRA Personal Data Processing Act (Chapter 2, section 5). A request for damages shall be submitted to the Chancellor of Justice.<\/p>\n 51.\u00a0\u00a0In addition to the above remedies, laid down in the legislation relating to signals intelligence, Swedish law provides for a number of other means of scrutiny and complaints mechanisms. The Parliamentary Ombudsmen (Justititeombudsmannen) supervise the application of laws and regulations in public activities; courts and authorities are obliged to provide information and opinions at the request of the Ombudsmen (Chapter 13, section 6 of the Instrument of Government \u2013 Regeringsformen), including access to minutes and other documents. The Ombudsmen shall ensure, in particular, that the courts and authorities observe the provisions of the Instrument of Government on objectivity and impartiality and that citizens\u2019 fundamental rights and freedoms are not encroached upon in public activities (section 3 of the Parliamentary Ombudsmen Instructions Act \u2013 Lagen med instruktion f\u00f6r Riksdagens ombudsm\u00e4n; 1986:765). The supervision, under which the Foreign Intelligence Court and the FRA come, is conducted by means of examining complaints from the public and through inspections and other investigations (section 5). The examination is concluded by a decision in which, although not legally binding, the opinion of the Ombudsman is given as to whether the court or authority has contravened the law or otherwise taken a wrongful or inappropriate action; the Ombudsman may also initiate criminal or disciplinary proceedings against a public official who has committed a criminal offence or neglected his or her duty in disregarding the obligations of the office (section 6).<\/p>\n 52.\u00a0\u00a0With a mandate similar to the Parliamentary Ombudsmen, the Chancellor of Justice scrutinises whether officials in public administrationcomply with laws and regulations and otherwise fulfil their obligations (section 1 of the Chancellor of Justice Supervision Act \u2013 Lagenom justitiekanslerns tillsyn; 1975:1339). The Chancellor does so by examining individual complaints or conducting inspections and other investigations, which could be directed at, for instance, the Foreign Intelligence Court and the FRA. At the request of the Chancellor, courts and authoritiesare obliged to provide information and opinions as well as access to minutes and other documents (sections 9 and 10).The decisions of the Chancellor of Justice are similar in nature to the decisions of the Parliamentary Ombudsmen, including their lack of legally binding power. By tradition, however, the opinions of the Chancellor and the Ombudsmen command great respect in Swedish society and are usually followed (see Segerstedt-Wiberg and Others v.\u00a0Sweden, no. 62332\/00, \u00a7118, ECHR 2006-VII). The Chancellor has the same power as the Ombudsmen to initiate criminal or disciplinary proceedings (sections 5 and 6).<\/p>\n 53.\u00a0\u00a0The Chancellor of Justice is also authorised to determine complaints and claims for damages directed against the State, including compensation claims for alleged violations of the Convention. The Supreme Court and the Chancellor of Justice have developed precedents in recent years, affirming that it is a general principle of law that compensation for Convention violations can be ordered without direct support in Swedish statute to the extent that Sweden has a duty to provide redress to victims of Convention violations through a right to compensation for damages (see Lindstrand Partners Advokatbyr\u00e5 AB v. Sweden, no. 18700\/09, \u00a7\u00a7 58-62 and 67, 20\u00a0December 2016, with further references). On 1 April 2018, through the enactment of a new provision \u2013 Chapter 3, section 4 \u2013 of the Tort Liability Act (Skadest\u00e5ndslagen; 1972:207), the right to compensation for violations of the Convention was codified.<\/p>\n 54.\u00a0\u00a0In addition to its above-mentioned supervisory functions under the Foreign Intelligence Inspectorate Instructions Ordinance and the FRA Personal Data Processing Act (see paragraphs 38, 42 and 43 above), the Data Protection Authority is generally entrusted with protecting individuals against violations of their personal integrity through the processing of personal data, under the Act with Supplementary Provisions to the EU General Data Protection Regulation (Lagen med kompletterande best\u00e4mmelser till EU:s dataskyddsf\u00f6rordning) which entered into force on 25\u00a0May 2018, the same day as the new EU regulation it supplements (paragraph 81 below). In regard to the signals intelligence conducted by the FRA \u2013 which falls outside the competence of the EU and is thus not regulated by Community law \u2013 the Personal Data Act (Personuppgiftslagen; 1998:204)continues to apply, although it is otherwise replaced by the new EU\u00a0Regulation and the supplementary act. It gives the Data Protection Authority the same general supervisory task. In performing this task, the Authority may receive and examine individual complaints.<\/p>\n J.\u00a0\u00a0Secrecy at the FRA<\/strong><\/p>\n 55.\u00a0\u00a0The Public Access to Information and Secrecy Act (Offentlighets\u2011 och sekretesslagen; 2009:400) contains a specific provision on the FRA\u2019s signals intelligence activities. Secrecy applies to information on an individual\u2019s personal or economic circumstances, unless it is evident that the information can be disclosed without the individual concerned or any other person closely related to him or her being harmed. The presumption is for secrecy (Chapter 38, section 4).<\/p>\n 56.\u00a0\u00a0According to the Act, secrecy also generally applies to foreign intelligence activities in regard to information concerning another State, international organisation, authority, citizen or legal person in another State, if it can be presumed that a disclosure will interfere with Sweden\u2019s international relations or otherwise harm the country (Chapter 15, section\u00a01).<\/p>\n 57.\u00a0\u00a0Secrecy further applies to information on activities related to the defence of the country or the planning of such activities or to information that is otherwise related to the country\u2019s comprehensive defence strategy, if it can be presumed that a disclosure will harm the country\u2019s defence or otherwise endanger national security (Chapter 15, section 2).<\/p>\n 58.\u00a0\u00a0Information which is protected by secrecy under the Public Access to Information and Secrecy Act may not be disclosed to a foreign authority or an international organisation unless 1) such disclosure is permitted by an express legal provision (cf. section 7 of the FRA Personal Data Processing Ordinance, paragraph 34 above),or 2) the information in an analogous situation may be communicated to a Swedish authority and the disclosing authority finds it evident that the communication of the information to the foreign authority or the international organisation is consistent with Swedish interests (Chapter 8, section 3 of the Act).<\/p>\n K.\u00a0\u00a0The reports of the Data Protection Authority<\/strong><\/p>\n 59.\u00a0\u00a0On 12 February 2009 the Government ordered the Data Protection Authority to examine the handling of personal data at the FRA from an integrity perspective. In its report, published on 6 December 2010, the Authority stated that its conclusions were overall positive. Issues relating to the processing of personal data and to personal integrity were given serious consideration by the FRA and a considerable amount of time and resources were spent on creating routines and educating its personnel in order to minimise the risk of unwarranted interferences with personal integrity. Moreover, no evidence had been found which indicated that the FRA was handling personal data for purposes not authorised by the legislation in force (see paragraphs 12-14 and 28 above). However, the Authority noted, inter alia, that there was a need to improve the methods for separating domestic and cross-border communications. Even if the FRA had implemented mechanisms in that area, there was no guarantee that domestic communications were never intercepted, and, although the occasions had been very few, such communications had in fact been intercepted. The Authority further noted that the procedure for notification to individuals (paragraphs 44-45 above) had never been used by the FRA, due to secrecy.<\/p>\n 60.\u00a0\u00a0A second report was issued by the Authority on 24 October 2016. Again, the Authority found no evidence that personal data had been collected for other purposes than those stipulated for the signals intelligence activities. It also noted that the FRA continuously reviewed whether data intercepted was still needed for those purposes. A similar review was made concerning the carriers from which the FRA obtained intelligence. Moreover, there was nothing to indicate that the provisions on destruction of personal data had been disregarded (see paragraphs 25-27 above). However, the FRA was criticised for not adequately monitoring logs used to detect unwarranted use of personal data, a shortcoming that had been pointed out already in 2010.<\/p>\n L.\u00a0\u00a0The report of the Signals Intelligence Committee<\/strong><\/p>\n 61.\u00a0\u00a0On 12 February 2009 the Government also decided to appoint a committee predominantly composed of members of parliament, the Signals Intelligence Committee (Signalspaningskommitt\u00e9n), with the task of monitoring the signals intelligence conducted at the FRA in order to examine the implications for personal integrity. The report was presented on 11\u00a0February 2011 (Uppf\u00f6ljning av signalspaningslagen; SOU 2011:13). The Committee\u2019s examination had its main focus on signals intelligence conducted over the airways as such activities on cable-based traffic had not yet commenced on a larger scale.<\/p>\n 62.\u00a0\u00a0The Committee concluded that concerns of personal integrity were taken seriously by the FRA and formed an integral part of the development of its procedures. It noted, however, that there were practical difficulties in separating domestic cable-based communications from those crossing the Swedish border. Any domestic communications that were not separated at the automated stage were instead separated manually at the processing or analysing stage. The Committee further observed that the search terms used for communications data were less specific than those used for interception of the content of a communication and that, consequently, a larger number of individuals could have such data stored by the FRA.<\/p>\n 63.\u00a0\u00a0Another finding in the report was that the FRA\u2019s development activities (see paragraph 14 above) could lead to non-relevant communications being intercepted and possibly read or listened to by FRA personnel. However, the Committee noted that the development activities were directly essential for the FRA\u2019s ability to conduct signals intelligence. Moreover, information obtained through the development activities could be used in the regular intelligence activities only if such use conformed with the purposes established by law and the relevant tasking directives issued for the signals intelligence.<\/p>\n 64.\u00a0\u00a0Like the Data Protection Authority (see paragraph 59 above), the Committee pointed out that, in reality, the obligation of the FRA to notify individuals that had been directly and personally subjected to secret surveillance measures was very limited due to secrecy; it concluded therefore that this obligation served no purpose as a guarantee for legal certainty or against integrity interferences. The Committee found, however, that, in particular, the authorisation procedure before the Foreign Intelligence Court, in deciding on permits to conduct signals intelligence measures (paragraphs 18-22), and the supervisory functions performed by the Foreign Intelligence Inspectorate (paragraphs 24 and 36-40) and the Privacy Protection Council (paragraph 41) provided important protection for individuals\u2019 personal integrity. It noted, in this respect, that, although the Privacy Protection Council formed part of the FRA, it acted in an independent manner.<\/p>\n III.\u00a0\u00a0RELEVANT INTERNATIONAL AND EUROPEAN LAW<\/p>\n A.\u00a0\u00a0United Nations<\/strong><\/p>\n 65.\u00a0\u00a0Resolution no. 68\/167, on The Right to Privacy in the Digital Age, adopted by the General Assembly on 18 December 2013, reads as follows:<\/p>\n \u201cThe General Assembly,<\/p>\n …<\/p>\n 4. Calls upon all States:<\/p>\n …<\/p>\n (c) To review their procedures, practices and legislation regarding the surveillance of communications, their interception and the collection of personal data, including mass surveillance, interception and collection, with a view to upholding the right to privacy by ensuring the full and effective implementation of all their obligations under international human rights law;<\/p>\n (d) To establish or maintain existing independent, effective domestic oversight mechanisms capable of ensuring transparency, as appropriate, and accountability for State surveillance of communications, their interception and the collection of personal data …\u201d<\/p>\n B.\u00a0\u00a0Council of Europe<\/strong><\/p>\n 1.\u00a0\u00a0The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, and its Additional Protocol<\/em><\/p>\n 66.\u00a0\u00a0The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data of 28 January 1981 (CETS No.108) was ratified by Sweden on 29 September 1982. It sets out standards for data protection in the sphere of automatic processing of personal data in the public and private sectors. It provides, in so far as relevant, as follows:<\/p>\n Preamble<\/strong><\/p>\n \u201cThe member States of the Council of Europe, signatory hereto,<\/p>\n Considering that the aim of the Council of Europe is to achieve greater unity between its members, based in particular on respect for the rule of law, as well as human rights and fundamental freedoms;<\/p>\n Considering that it is desirable to extend the safeguards for everyone\u2019s rights and fundamental freedoms, and in particular the right to the respect for privacy, taking account of the increasing flow across frontiers of personal data undergoing automatic processing;<\/p>\n Reaffirming at the same time their commitment to freedom of information regardless of frontiers;<\/p>\n Recognising that it is necessary to reconcile the fundamental values of the respect for privacy and the free flow of information between peoples,<\/p>\n Have agreed as follows:\u201d<\/p>\n Article 1 \u2013 Object and purpose<\/strong><\/p>\n \u201cThe purpose of this Convention is to secure in the territory of each Party for every individual, whatever his nationality or residence, respect for his rights and fundamental freedoms, and in particular his right to privacy, with regard to automatic processing of personal data relating to him (\u201cdata protection\u201d).\u201d<\/p>\n Article 8 \u2013 Additional safeguards for the data subject<\/strong><\/p>\n \u201cAny person shall be enabled:<\/p>\n a.\u00a0\u00a0to establish the existence of an automated personal data file, its main purposes, as well as the identity and habitual residence or principal place of business of the controller of the file;<\/p>\n b.\u00a0\u00a0to obtain at reasonable intervals and without excessive delay or expense confirmation of whether personal data relating to him are stored in the automated data file as well as communication to him of such data in an intelligible form;<\/p>\n c.\u00a0\u00a0to obtain, as the case may be, rectification or erasure of such data if these have been processed contrary to the provisions of domestic law giving effect to the basic principles set out in Articles 5 and 6 of this convention;<\/p>\n d.\u00a0\u00a0to have a remedy if a request for confirmation or, as the case may be, communication, rectification or erasure as referred to in paragraphs b and c of this article is not complied with.\u201d<\/p>\n Article 9 \u2013 Exceptions and restrictions<\/strong><\/p>\n \u201c1.\u00a0\u00a0No exception to the provisions of Articles 5, 6 and 8 of this convention shall be allowed except within the limits defined in this article.<\/p>\n 2.\u00a0\u00a0Derogation from the provisions of Articles 5, 6 and 8 of this convention shall be allowed when such derogation is provided for by the law of the Party and constitutes a necessary measure in a democratic society in the interests of:<\/p>\n a.\u00a0\u00a0protecting State security, public safety, the monetary interests of the State or the suppression of criminal offences;<\/p>\n b.\u00a0\u00a0protecting the data subject or the rights and freedoms of others.<\/p>\n …\u201d<\/p>\n Article 10 \u2013 Sanctions and remedies<\/strong><\/p>\n \u201cEach Party undertakes to establish appropriate sanctions and remedies for violations of provisions of domestic law giving effect to the basic principles for data protection set out in this chapter.\u201d<\/p>\n 67.\u00a0\u00a0The Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, regarding supervisory authorities and transborder data flows of 8\u00a0November\u00a02001 (CETS No. 181), ratified by Sweden on the latter date, provides as follows:<\/p>\n Article 1 \u2013 Supervisory authorities<\/strong><\/p>\n \u201c1.\u00a0\u00a0Each Party shall provide for one or more authorities to be responsible for ensuring compliance with the measures in its domestic law giving effect to the principles stated in Chapters II and III of the Convention and in this Protocol.<\/p>\n 2.\u00a0\u00a0\u00a0\u00a0\u00a0 a.\u00a0\u00a0To this end, the said authorities shall have, in particular, powers of investigation and intervention, as well as the power to engage in legal proceedings or bring to the attention of the competent judicial authorities violations of provisions of domestic law giving effect to the principles mentioned in paragraph 1 of Article 1 of this Protocol.<\/p>\n b.\u00a0\u00a0Each supervisory authority shall hear claims lodged by any person concerning the protection of his\/her rights and fundamental freedoms with regard to the processing of personal data within its competence.<\/p>\n 3.\u00a0\u00a0The supervisory authorities shall exercise their functions in complete independence.<\/p>\n 4.\u00a0\u00a0Decisions of the supervisory authorities, which give rise to complaints, may be appealed against through the courts.<\/p>\n …\u201d<\/p>\n Article 2 \u2013 Transborder flows of personal data to a recipient which is not subject to the jurisdiction of a Party to the Convention<\/strong><\/p>\n \u201c1.\u00a0\u00a0Each Party shall provide for the transfer of personal data to a recipient that is subject to the jurisdiction of a State or organisation that is not Party to the Convention only if that State or organisation ensures an adequate level of protection for the intended data transfer.<\/p>\n 2.\u00a0\u00a0By way of derogation from paragraph 1 of Article 2 of this Protocol, each Party may allow for the transfer of personal data:<\/p>\n a.\u00a0\u00a0if domestic law provides for it because of:<\/p>\n \u2013\u00a0\u00a0specific interests of the data subject, or<\/p>\n \u2013\u00a0\u00a0legitimate prevailing interests, especially important public interests, or<\/p>\n b.\u00a0\u00a0if safeguards, which can in particular result from contractual clauses, are provided by the controller responsible for the transfer and are found adequate by the competent authorities according to domestic law.\u201d<\/p>\n 2.\u00a0\u00a0Recommendation of the Committee of Ministers on the protection of personal data in the area of telecommunication services<\/em><\/p>\n 68.\u00a0\u00a0Recommendation No.R (95) 4 of the Committee of Ministers on the protection of personal data in the area of telecommunication services, with particular reference to telephone services, adopted on 7 February 1995, reads, inter alia, as follows:<\/p>\n \u201c2.4.\u00a0\u00a0Interference by public authorities with the content of a communication, including the use of listening or tapping devices or other means of surveillance or interception of communications, must be carried out only when this is provided for by law and constitutes a necessary measure in a democratic society in the interests of:<\/p>\n a.\u00a0\u00a0protecting state security, public safety, the monetary interests of the state or the suppression of criminal offences;<\/p>\n b.\u00a0\u00a0protecting the data subject or the rights and freedoms of others.<\/p>\n 2.5.\u00a0\u00a0In the case of interference by public authorities with the content of a communication, domestic law should regulate:<\/p>\n a.\u00a0\u00a0the exercise of the data subject\u2019s rights of access and rectification;<\/p>\n b.\u00a0\u00a0in what circumstances the responsible public authorities are entitled to refuse to provide information to the person concerned, or delay providing it;<\/p>\n c.\u00a0\u00a0storage or destruction of such data.<\/p>\n If a network operator or service provider is instructed by a public authority to effect an interference, the data so collected should be communicated only to the body designated in the authorisation for that interference.\u201d<\/p>\n 3.\u00a0\u00a0Report of the Venice Commission<\/em><\/p>\n 69.\u00a0\u00a0In December 2015 the European Commission for Democracy through Law \u2013 \u201cthe Venice Commission\u201d \u2013 published its \u201cReport on the Democratic Oversight of Signals Intelligence Agencies\u201d. The Commission noted, at the outset, the value that bulk interception could have for security operations, since it enabled the security services to adopt a proactive approach, looking for hitherto unknown dangers rather than investigating known ones. However, it also noted that intercepting bulk data in transmission, or requirements that telecommunications companies store and then provide telecommunications content data or metadata to law\u2011enforcement or security agencies involved an interference with the privacy and other human rights of a large proportion of the population of the world. In this regard, the Venice Commission considered that the main interference with privacy occurred when stored personal data was accessed and\/or processed by the agencies. For this reason, the computer analysis (usually with the help of selectors) was one of the important stages for balancing personal integrity concerns against other interests.<\/p>\n 70.\u00a0\u00a0According to the report, the two most significant safeguards were the authorisation process (of collection and access) and the oversight process. It was clear from the Court\u2019s case-law that the latter must be performed by an independent, external body. While the Court had a preference for judicial authorisation, it had not found this to be a necessary requirement. Rather, the system had to be assessed as a whole, and where independent controls were absent at the authorisation stage, particularly strong safeguards had to exist at the oversight stage. In this regard, the Venice Commission considered the example of the system in the United States, where authorisation was given by the Foreign Intelligence Surveillance Court. However, it noted that despite the existence of judicial authorisation, the lack of independent oversight of the court\u2019s conditions was problematic.<\/p>\n 71.\u00a0\u00a0Similarly, the Commission observed that notification of the subject of surveillance was not an absolute requirement of Article 8 of the Convention. In this regard, a general complaints procedure to an independent oversight body could compensate for non-notification.<\/p>\n 72.\u00a0\u00a0The report also considered internal controls to be a \u201cprimary safeguard\u201d. In this regard, recruitment and training were key issues; in addition, it was important for the agencies to build in respect for privacy and other human rights when promulgating internal rules.<\/p>\n 73.\u00a0\u00a0The report also considered the position of journalists. It accepted that they were a group which required special protection, since searching their contacts could reveal their sources (and the risk of discovery could be a powerful disincentive to whistle-blowers). Nevertheless, it considered there to be no absolute prohibition on searching the contacts of journalists, provided that there were very strong reasons for doing so. It acknowledged, however, that the journalistic profession was not one which was easily identified, since NGOs were also engaged in building public opinion and even bloggers could claim to be entitled to equivalent protections.<\/p>\n 74.\u00a0\u00a0Finally, the report briefly considered the issue of intelligence sharing, and in particular the risk that States could thereby circumvent stronger domestic surveillance procedures or any legal limits which their agencies might be subject to as regards domestic intelligence operations. It considered that a suitable safeguard would be to provide that the bulk material transferred could only be searched if all the material requirements of a national search were fulfilled and this was duly authorised in the same way as a search of bulk material obtained by the signals intelligence agency using its own techniques.<\/p>\n C.\u00a0\u00a0European Union<\/strong><\/p>\n 1.\u00a0\u00a0Charter of Fundamental Rights of the European Union<\/em><\/p>\n 75.\u00a0\u00a0Articles 7, 8 and 11 of the Charter provide as follows:<\/p>\n Article 7 \u2013 Respect for private and family life<\/strong><\/p>\n \u201cEveryone has the right to respect for his or her private and family life, home and communications.\u201d<\/p>\n Article 8 \u2013 Protection of personal data<\/strong><\/p>\n \u201c1.\u00a0\u00a0Everyone has the right to the protection of personal data concerning him or her.<\/p>\n 2.\u00a0\u00a0Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which have been collected concerning him or her, and the right to have them rectified.<\/p>\n 3.\u00a0\u00a0Compliance with these rules shall be subject to control by an independent authority.\u201d<\/p>\n Article 11 \u2013 Freedom of expression and information<\/strong><\/p>\n \u201c1.\u00a0\u00a0Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers.<\/p>\n 2.\u00a0\u00a0The freedom and pluralism of the media shall be respected.\u201d<\/p>\n 2.\u00a0\u00a0EU directives relating to protection and processing of personal data<\/em><\/p>\n 76.\u00a0\u00a0The Data Protection Directive (Directive 95\/46\/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data), adopted on 24 October 1995, regulated for many years the protection and processing of personal data within the European Union. As the activities of member States regarding public safety, defence and State security fall outside the scope of Community law, the Directive did not apply to these activities (Article 3(2)).<\/p>\n 77.\u00a0\u00a0The Privacy and Electronic Communications Directive (Directive 2002\/58\/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector), adopted on 12\u00a0July\u00a02002,states, in recitals 2 and 11:<\/p>\n \u201c(2)\u00a0\u00a0This Directive seeks to respect the fundamental rights and observes the principles recognised in particular by the Charter of fundamental rights of the European Union. In particular, this Directive seeks to ensure full respect for the rights set out in Articles 7 and 8 of that Charter.<\/p>\n (11)\u00a0\u00a0Like Directive 95\/46\/EC, this Directive does not address issues of protection of fundamental rights and freedoms related to activities which are not governed by Community law. Therefore it does not alter the existing balance between the individual\u2019s right to privacy and the possibility for Member States to take the measures referred to in Article 15(1) of this Directive, necessary for the protection of public security, defence, State security (including the economic well-being of the State when the activities relate to State security matters) and the enforcement of criminal law. Consequently, this Directive does not affect the ability of Member States to carry out lawful interception of electronic communications, or take other measures, if necessary for any of these purposes and in accordance with the European Convention for the Protection of Human Rights and Fundamental Freedoms, as interpreted by the rulings of the European Court of Human Rights. Such measures must be appropriate, strictly proportionate to the intended purpose and necessary within a democratic society and should be subject to adequate safeguards in accordance with the European Convention for the Protection of Human Rights and Fundamental Freedoms.\u201d<\/p>\n The Directive further provides,inter alia, the following:<\/p>\n Article 1 \u2013 Scope and aim<\/strong><\/p>\n \u201c1.\u00a0\u00a0This Directive harmonises the provisions of the Member States required to ensure an equivalent level of protection of fundamental rights and freedoms, and in particular the right to privacy, with respect to the processing of personal data in the electronic communication sector and to ensure the free movement of such data and of electronic communication equipment and services in the Community.<\/p>\n 2.\u00a0\u00a0The provisions of this Directive particularise and complement Directive 95\/46\/EC for the purposes mentioned in paragraph 1. Moreover, they provide for protection of the legitimate interests of subscribers who are legal persons.<\/p>\n 3. This Directive shall not apply to activities which fall outside the scope of the Treaty establishing the European Community, such as those covered by Titles V and VI of the Treaty on European Union, and in any case to activities concerning public security, defence, State security (including the economic well-being of the State when the activities relate to State security matters) and the activities of the State in areas of criminal law.\u201d<\/p>\n Article 15 \u2013 Application of certain provisions of Directive 95\/46\/EC<\/strong><\/p>\n \u201c1.\u00a0\u00a0Member States may adopt legislative measures to restrict the scope of the rights and obligations provided for in Article 5, Article 6, Article 8(1), (2), (3) and (4), and Article 9 of this Directive when such restriction constitutes a necessary, appropriate and proportionate measure within a democratic society to safeguard national security (i.e. State security), defence, public security, and the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system, as referred to in Article 13(1) of Directive 95\/46\/EC. To this end, Member States may, inter alia, adopt legislative measures providing for the retention of data for a limited period justified on the grounds laid down in this paragraph. All the measures referred to in this paragraph shall be in accordance with the general principles of Community law, including those referred to in Article 6(1) and (2) of the Treaty on European Union.\u201d<\/p>\n 78.\u00a0\u00a0On 15 March 2006 the Data Retention Directive (Directive 2006\/24\/EC on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002\/58\/EC) was adopted. It provided, inter alia, as follows:<\/p>\n Article 1 – Subject matter and scope<\/strong><\/p>\n \u201c1.\u00a0\u00a0This Directive aims to harmonise Member States\u2019 provisions concerning the obligations of the providers of publicly available electronic communications services or of public communications networks with respect to the retention of certain data which are generated or processed by them, in order to ensure that the data are available for the purpose of the investigation, detection and prosecution of serious crime, as defined by each Member State in its national law.<\/p>\n 2.\u00a0\u00a0This Directive shall apply to traffic and location data on both legal entities and natural persons and to the related data necessary to identify the subscriber or registered user. It shall not apply to the content of electronic communications, including information consulted using an electronic communications network.\u201d<\/p>\n Article 3 \u2013 Obligation to retain data<\/strong><\/p>\n \u201c1.\u00a0\u00a0By way of derogation from Articles 5, 6 and 9 of Directive 2002\/58\/EC, Member States shall adopt measures to ensure that the data specified in Article 5 of this Directive are retained in accordance with the provisions thereof, to the extent that those data are generated or processed by providers of publicly available electronic communications services or of a public communications network within their jurisdiction in the process of supplying the communications services concerned.<\/p>\n …\u201d<\/p>\n 3.\u00a0\u00a0Case-law of the Court of Justice of the European Union (CJEU) on data protection<\/em><\/p>\n 79.\u00a0\u00a0In Digital Rights Ireland v Minister for Communications & Others, (cases C-293\/12 and C-594\/12, judgment of 8 April 2014), the CJEUdeclared invalid Directive 2006\/24\/EC.The CJEU noted that, even though the directive did not permit the retention of the content of the communication, the traffic and location data covered by it might allow very precise conclusions to be drawn concerning the private lives of the persons whose data had been retained. Accordingly, the obligation on providers of publicly available electronic communications services or of public communications networks to retain those data and the access of the national authorities to the data constituted an interference with the right to respect for private life and communications and the right to protection of personal data guaranteed by Articles 7 and 8 of the Charter of Fundamental Rights. While the interference satisfied an objective of general interest, namely to contribute to the fight against serious crime and terrorism and thus, ultimately, to public security, it failed to satisfy the requirement of proportionality. The protection of the fundamental right to respect for private life required, according to the court\u2019s settled case-law, that derogations and limitations in relation to the protection of personal data could apply only in so far as was strictly necessary. The directive covered, however, in a generalised manner, all persons and all means of electronic communication as well as all communications data without any differentiation, limitation or exception being made in the light of the objective of fighting against serious crime. It therefore entailed an interference with the fundamental rights of practically the entire European population, even to persons for whom there was no evidence capable of suggesting that their conduct might have a link, even an indirect or remote one, with serious crime. Furthermore, the directive did not contain substantive and procedural conditions relating to the access of the competent national authorities to the data and to their subsequent use. By simply referringto serious crime, as defined by each member State in its national law, the directive failed to lay down any objective criterion by which to determine which offences might be considered to be sufficiently serious to justify such an extensive interference with the rights enshrined in Articles 7 and 8 of the Charter. Above all, the access by the competent national authorities to the data retained was not made dependent on a prior review carried out by a court or by an independent administrative body whose decision sought to limit access to the data and their use to what was strictly necessary for the purpose of attaining the objective pursued. The CJEU concluded that the directive entailed a wide-ranging and particularly serious interference with the rights in Articles 7 and 8 of the Charter, without having laid down clear and precise rules governing the extent of the interference and ensuring that it was actually limited to what was strictly necessary. Moreover, the directive did not provide for sufficient safeguards, by means of technical and organisational measures, to ensure effective protection of the data retained against the risk of abuse and against any unlawful access and use of those data.<\/p>\n 80.\u00a0\u00a0In joined casesTele2 Sverige AB v Post- och telestyrelsenand Secretary of State for the Home Department v Tom Watson and Others(cases C-203\/15 and C-698\/15, judgment of 21 December 2016), the CJEU (Grand Chamber) dealt, firstly, with the issue of a provider of electronic communications services having refused to retain data under Swedish legislation that had given effect to the now invalid Directive 2006\/24\/EC.The CJEU stated, inter alia, the following:<\/p>\n \u201c107.\u00a0\u00a0National legislation such as that at issue in the main proceedings therefore exceeds the limits of what is strictly necessary and cannot be considered to be justified, within a democratic society, as required by Article 15(1) of Directive 2002\/58, read in the light of Articles 7, 8 and 11 and Article 52(1) of the Charter.<\/p>\n 108.\u00a0\u00a0However, Article 15(1) of Directive 2002\/58, read in the light of Articles 7, 8 and 11 and Article 52(1) of the Charter, does not prevent a Member State from adopting legislation permitting, as a preventive measure, the targeted retention of traffic and location data, for the purpose of fighting serious crime, provided that the retention of data is limited, with respect to the categories of data to be retained, the means of communication affected, the persons concerned and the retention period adopted, to what is strictly necessary.<\/p>\n 109.\u00a0\u00a0In order to satisfy the requirements set out in the preceding paragraph of the present judgment, that national legislation must, first, lay down clear and precise rules governing the scope and application of such a data retention measure and imposing minimum safeguards, so that the persons whose data has been retained have sufficient guarantees of the effective protection of their personal data against the risk of misuse. That legislation must, in particular, indicate in what circumstances and under which conditions a data retention measure may, as a preventive measure, be adopted, thereby ensuring that such a measure is limited to what is strictly necessary. …<\/p>\n 110.\u00a0\u00a0Second, as regards the substantive conditions which must be satisfied by national legislation that authorises, in the context of fighting crime, the retention, as a preventive measure, of traffic and location data, if it is to be ensured that data retention is limited to what is strictly necessary, it must be observed that, while those conditions may vary according to the nature of the measures taken for the purposes of prevention, investigation, detection and prosecution of serious crime, the retention of data must continue nonetheless to meet objective criteria, that establish a connection between the data to be retained and the objective pursued. In particular, such conditions must be shown to be such as actually to circumscribe, in practice, the extent of that measure and, thus, the public affected.<\/p>\n 111.\u00a0\u00a0As regard the setting of limits on such a measure with respect to the public and the situations that may potentially be affected, the national legislation must be based on objective evidence which makes it possible to identify a public whose data is likely to reveal a link, at least an indirect one, with serious criminal offences, and to contribute in one way or another to fighting serious crime or to preventing a serious risk to public security. Such limits may be set by using a geographical criterion where the competent national authorities consider, on the basis of objective evidence, that there exists, in one or more geographical areas, a high risk of preparation for or commission of such offences.<\/p>\n 112.\u00a0\u00a0Having regard to all of the foregoing, … Article 15(1) of Directive 2002\/58, read in the light of Articles 7, 8 and 11 and Article 52(1) of the Charter, must be interpreted as precluding national legislation which, for the purpose of fighting crime, provides for the general and indiscriminate retention of all traffic and location data of all subscribers and registered users relating to all means of electronic communication.\u201d<\/p>\n The CJEU also examined a question by the Court of Appeal (England & Wales) (Civil Division) as to whether, in the Digital Rightsjudgment, the Court had interpreted Article7 or 8 of the Charter in such a way as to expand the scope conferred on Article 8 of the Convention by the European Court of Human Rights. The CJEU stated:<\/p>\n \u201c127.\u00a0\u00a0As a preliminary point, it should be recalled that, whilst, as Article6(3) [of the Treaty on European Union] confirms, fundamental rights recognised by the [Convention] constitute general principles of EU law, the [Convention] does not constitute, as long as the European Union has not acceded to it, a legal instrument which has been formally incorporated into EU law … .<\/p>\n 128.\u00a0\u00a0Accordingly, the interpretation of Directive 2002\/58, which is at issue in this case, must be undertaken solely in the light of the fundamental rights guaranteed by the Charter … .<\/p>\n 129.\u00a0\u00a0Further, it must be borne in mind that the explanation on Article52 of the Charter indicates that paragraph3 of that article is intended to ensure the necessary consistency between the Charter and the [Convention], \u2018without thereby adversely affecting the autonomy of Union law and … that of the Court of Justice of the European Union\u2019 (judgment of 15February 2016,N., C-601\/15 PPU, EU:C:2016:84, paragraph 47). In particular, as expressly stated in the second sentence of Article 52(3) of the Charter, the first sentence of Article52(3) does not preclude Union law from providing protection that is more extensive then the [Convention].It should be added, finally, that Article 8 of the Charter concerns a fundamental right which is distinct from that enshrined in Article7 of the Charter and which has no equivalent in the [Convention].<\/p>\n 130.\u00a0\u00a0However, in accordance with the Court\u2019s settled case-law, the justification for making a request for a preliminary ruling is not for advisory opinions to be delivered on general or hypothetical questions, but rather that it is necessary for the effective resolution of a dispute concerning EU law … .<\/p>\n 131.\u00a0\u00a0In this case, in view of the considerations set out, in particular, in paragraphs128 and 129 of the present judgment, the question whether the protection conferred by Articles7 and 8 of the Charter is wider than that guaranteed in Article8 of the ECHR is not such as to affect the interpretation of Directive 2002\/58, read in the light of the Charter, which is the matter in dispute in the proceedings in Case C-698\/15.<\/p>\n 132.\u00a0\u00a0Accordingly, it does not appear that an answer to the second question in Case C-698\/15 can provide any interpretation of points of EU law that is required for the resolution, in the light of that law, of that dispute.<\/p>\n 133.\u00a0\u00a0It follows that the second question in Case C\u2011698\/15 is inadmissible.\u201d<\/p>\n The CJEU ruled as follows:<\/p>\n \u201c1.\u00a0\u00a0Article 15(1) of Directive 2002\/58\/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), as amended by Directive 2009\/136\/EC of the European Parliament and of the Council of 25 November 2009, read in the light of Articles 7, 8 and 11 and Article 52(1) of the Charter of Fundamental Rights of the European Union, must be interpreted as precluding national legislation which, for the purpose of fighting crime, provides for general and indiscriminate retention of all traffic and location data of all subscribers and registered users relating to all means of electronic communication.<\/p>\n 2.\u00a0\u00a0Article 15(1) of Directive 2002\/58, as amended by Directive 2009\/136, read in the light of Articles 7, 8 and 11 and Article 52(1) of the Charter of Fundamental Rights, must be interpreted as precluding national legislation governing the protection and security of traffic and location data and, in particular, access of the competent national authorities to the retained data, where the objective pursued by that access, in the context of fighting crime, is not restricted solely to fighting serious crime, where access is not subject to prior review by a court or an independent administrative authority, and where there is no requirement that the data concerned should be retained within the European Union.<\/p>\n 3.\u00a0\u00a0The second question referred by the Court of Appeal (England & Wales) (Civil Division) is inadmissible.\u201d<\/p>\n 4.\u00a0\u00a0The General Data Protection Regulation<\/p>\n 81.\u00a0\u00a0On 25 May 2018 the General Data Protection Regulation (Regulation (EU) 2016\/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC) entered into force.Like the Directive it replaced, the Regulation does not apply to State activities concerning public safety, defence and State security (Article 2(2)).<\/p>\n THE LAW<\/strong><\/p>\n I.\u00a0\u00a0ALLEGED VIOLATION OF ARTICLE 8 OF THE CONVENTION<\/p>\n 82.\u00a0\u00a0The applicant complained that that Swedish state practice and legislation concerning signals intelligence had violated and continued to violate its right to respect for private life and correspondence. The complaint concerned three time periods: from 2002 to 1 January 2009, from 1 January 2009 to 1 December 2009 and from 1 December 2009 onwards. The applicant invoked Article 8 of the Convention, which reads as follows:<\/p>\n \u201c1.\u00a0\u00a0Everyone has the right to respect for his private and family life, his home and his correspondence.<\/p>\n 2.\u00a0\u00a0There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.\u201d<\/p>\n A.\u00a0\u00a0Admissibility<\/strong><\/p>\n 83.\u00a0\u00a0The Government questioned whether the applicant had exhausted all domestic remedies available and left it for the Court to determine the exhaustion issue. They further submitted that the applicant could not claim to be a victim of the alleged violation of Article 8. With regard to private life, the Government disputed that such a right was afforded to legal persons. In any event, they argued that the complaint was manifestly ill\u2011founded.<\/p>\n 84.\u00a0\u00a0In regard to the Government\u2019s first objection, the Court notes, as explained below (see paragraphs 171-177), that there is, in practice, no remedy which provides detailed grounds in its response to a complainant who suspects that he or she has had his communications intercepted. Furthermore, the Government have not pointed to any individual effective remedy that would have to be exhausted for the purposes of Article 35. The Court therefore finds that the applicant was not required to bring any domestic proceedings and accordingly rejects the objection concerning the exhaustion of domestic remedies.<\/p>\n 85.\u00a0\u00a0As regards private life, the Court has previously held that it may be open to doubt whether a legal person can have a private life within the meaning of Article 8. However, it can be said that its mail and other communications are covered by the notion of \u201ccorrespondence\u201d which applies equally to communications originating from private and business premises. Moreover, applicants who are legal persons may fear that they are subjected to secret surveillance and it has accordingly been accepted that they may claim to be victims (see Association for European Integration and Human Rights and Ekimdzhiev v. Bulgaria, no. 62540\/00, \u00a7 60, 28\u00a0June\u00a02007, with further references). It is therefore appropriate to examine the complaint under the right to respect for the applicant\u2019s correspondence.<\/p>\n 86.\u00a0\u00a0Considering that the Government\u2019s objection on victim status is closely linked to the substance of the applicant\u2019s complaint, it must be joined to the merits.<\/p>\n 87.\u00a0\u00a0The Court further notes that this complaint is not manifestly ill\u2011founded within the meaning of Article 35 \u00a7 3 (a) of the Convention. It is not inadmissible on any other grounds. It must therefore be declared admissible.<\/p>\n B.\u00a0\u00a0Merits<\/strong><\/p>\n 1.\u00a0\u00a0The applicant\u2019s victim status and the existence of an interference<\/em><\/p>\n (a)\u00a0\u00a0The parties\u2019 submissions<\/p>\n 88.\u00a0\u00a0The Government submitted that the applicant could not claim to be a victim of a violation of the Convention by the mere existence of legislation concerning signals intelligence. The aggregate of control mechanisms, supervisory elements and remedies available constituted sufficient safeguards against abuse of the FRA\u2019s competence to conduct signals intelligence. Furthermore, the possibility that the applicant had been subject to signals intelligence was virtually non-existent.<\/p>\n 89.\u00a0\u00a0The applicant disagreed with the Government and remarked,with reference to the case of Kennedy v. the United Kingdom (no. 26839\/05, 18\u00a0\u00a0May 2010), that its victim status was based on the risk of secret surveillance measures having been applied.<\/p>\n (b)\u00a0\u00a0The Court\u2019s assessment<\/p>\n 90.\u00a0\u00a0In the Roman Zakharov v. Russia judgment ([GC], no. 47143\/06, \u00a7\u00a0171, ECHR 2015), which concerned covert interception of mobile telephone communications, the Court, adopting the Kennedy approach, clarified the conditions under which an applicant can claim to be a victim of a violation of Article 8 without having to prove that secret surveillance measures have in fact been applied to him or her specifically. Accordingly, the Court accepts that an applicant can claim to be the victim of a violation occasioned by the mere existence of secret surveillance measures, or legislation permitting such measures, if the following conditions are satisfied.<\/p>\n 91.\u00a0\u00a0Firstly, regard will be had to the scope of the legislation permitting secret surveillance measures through an examination of whether the applicant can possibly be affected by it, either because he or she belongs to a group of persons targeted by the contested legislation or because the legislation directly affects all users of communication services by instituting a system where any person can have his or her communications intercepted.<\/p>\n 92.\u00a0\u00a0Secondly, the availability of remedies at the national level will be taken into account; the degree of scrutiny will depend on the effectiveness of such remedies. Where the domestic system does not afford an effective remedy to the person who suspects that he or she was subjected to secret surveillance, widespread suspicion and concern among the general public that secret surveillance powers are being abused cannot be said to be unjustified. In such circumstances, the menace of surveillance can be claimed in itself to restrict free communication through postal and telecommunication services, thereby constituting for all users or potential users a direct interference with the right guaranteed by Article 8. There is therefore a greater need for scrutiny by the Court and an exception to the rule, which denies individuals the right to challenge a law in abstracto, is justified. In such cases the individual does not need to demonstrate the existence of any risk that secret surveillance measures were actually applied to him or her.<\/p>\n 93.\u00a0\u00a0By contrast, if the national system provides for effective remedies, a widespread suspicion of abuse is more difficult to justify. In such cases, the individual may claim to be a victim of a violation occasioned by the mere existence of secret measures or of legislation permitting secret measures only if he or she is able to show that, due to the specific personal situation, he or she is potentially at risk of being subjected to such measures.<\/p>\n 94.\u00a0\u00a0The Court considers that the contested legislation on signals intelligence institutes a system of secret surveillance that potentially affects all users of, for example, mobile telephone services and the internet, without their being notified about the surveillance. Also, as concluded above (see paragraph 84), no domestic remedy provides detailed grounds in response to a complainant who suspects that he or she has had his communications intercepted. In these circumstances, the Court considers an examination of the relevant legislation in abstracto to be justified.<\/p>\n 95.\u00a0\u00a0The applicant is therefore entitled to claim to be the victim of a violation of the Convention, even though it is unable to allege that it has been subjected to a concrete measure of interception. For the same reasons, the mere existence of the contested legislation amounts in itself to an interference with the exercise of the applicant\u2019s rights under Article 8. The Court therefore dismisses the Government\u2019s objection concerning the applicant\u2019s lack of victim status.<\/p>\n 2.\u00a0\u00a0The temporal scope of the Court\u2019s examination<\/em><\/p>\n 96.\u00a0\u00a0As already mentioned, the applicant has complained about three different time periods, arguing that each period is characterised by a different legal regime.<\/p>\n 97.\u00a0\u00a0In other cases where the law has been reviewed in abstracto and amendments have been made to the legislation while the application was pending, the Court has limited itself to reviewing Convention compliance of the law in force at the time of its examination (see, for example, Association for European Integration and Human Rights and Ekimdzhiev, cited above; Iordachi and Others v. Moldova, no. 25198\/02, 10 February 2009; and Roman Zakharov, cited above).<\/p>\n 98.\u00a0\u00a0As stated above, the Court\u2019s task is not to examine measures that have \u201cdirectly affected\u201d the applicant, but to review the relevant Swedish law and practice in abstracto. The Swedish legislation has been amended on many occasions since the application was lodged with the Court, also since the start of the third time period on 1 December 2009. It cannot be the task of the Court, when reviewing the law in abstracto, to examine compatibility with the Convention before and after every single legislative amendment. The review will therefore focus on the Swedish legislation as it stands at the time of the present examination.<\/p>\n 3.\u00a0\u00a0The justification of the interference<\/em><\/p>\n (a)\u00a0\u00a0General principles<\/p>\n 99.\u00a0\u00a0The Court reiterates that any interference can only be justified under Article 8 \u00a7 2 if it is in accordance with the law, pursues one or more of the legitimate aims to which paragraph 2 of Article 8 refers and is necessary in a democratic society in order to achieve any such aim. The following general principles have been collated in Roman Zakharov (see \u00a7\u00a7 228-236 of that judgment and the further references listed therein).<\/p>\n 100.\u00a0\u00a0The wording \u201cin accordance with the law\u201d requires the impugned measure both to have some basis in domestic law and to be compatible with the rule of law, which is expressly mentioned in the Preamble to the Convention and inherent in the object and purpose of Article 8. The law must thus meet quality requirements: it must be accessible to the person concerned and foreseeable as to its effects (Roman Zakharov, \u00a7 228).<\/p>\n 101.\u00a0\u00a0The Court has held on several occasions that the reference to \u201cforeseeability\u201d in the context of interception of telephone communications cannot be the same as in many other fields. Foreseeability in the special context of secret measures of surveillancecannot mean that an individual should be able to foresee when the authorities are likely to intercept communications so that he or she can adapt his or her conduct accordingly. However, especially where a power vested in the executive is exercised in secret, the risk of arbitrariness is evident. It is therefore essential to have clear, detailed rules on interception of telephone communications, especially as the technology available for use is continually becoming more sophisticated. The domestic law must be sufficiently clear to give citizens an adequate indication as to the circumstances and conditions which give public authorities the power to resort to such measures (Roman Zakharov, \u00a7\u00a0229).<\/p>\n 102.\u00a0\u00a0Moreover, since the implementation in practice of measures of secret surveillance of communications is not open to scrutiny by the individuals concerned or the public at large, it would be contrary to the rule of law for the discretion granted to the executive or to a judge to be expressed in terms of an unfettered power. Consequently, the law must indicate the scope of any such discretion conferred on the competent authorities and the manner of its exercise with sufficient clarity to give the individual adequate protection against arbitrary interference (Roman Zakharov, \u00a7 230).<\/p>\n 103.\u00a0\u00a0In its case-law on secret measures of surveillance in criminal investigations, the Court has developed the following minimum safeguards that should be set out in law in order to avoid abuses of power: a description of the nature of offences which may give rise to an interception order; a definition of the categories of people liable to have their communications intercepted; a limit on the duration of the measures; the procedure to be followed for examining, using and storing the data obtained; the precautions to be taken when communicating the data to other parties; and the circumstances in which recordings may or must be erased or destroyed (Roman Zakharov, \u00a7 231).<\/p>\n 104.\u00a0\u00a0As to the question whether an interference has been \u201cnecessary in a democratic society\u201d in pursuit of a legitimate aim, the Court has acknowledged that, when balancing the interest of the respondent State in protecting its national security through secret surveillance measures against the seriousness of the interference with an applicant\u2019s rights under Article 8, the national authorities enjoy a certain margin of appreciation in choosing the means for achieving the legitimate aim of protecting national security. However, this margin is subject to European supervision embracing both legislation and decisions applying it. In view of the risk that a system of secret surveillance set up to protect national security may undermine or even destroy democracy under the cloak of defending it, the Court must be satisfied that there are adequate and effective guarantees against abuse. The assessment depends on all the circumstances of the case, such as the nature, scope and duration of the possible measures, the grounds required for ordering them, the authorities competent to authorise, carry out and supervise them, and the kind of remedy provided by the national law. It has to be determined whether the procedures for supervising the ordering and implementation of the restrictive measures are such as to keep the \u201cinterference\u201d to what is \u201cnecessary in a democratic society\u201d (Roman Zakharov, \u00a7 232).<\/p>\n 105.\u00a0\u00a0Review and supervision of secret surveillance measures may come into play at three stages: when the surveillance is first ordered, while it is being carried out, or after it has been terminated. As regards the first two stages, the very nature and logic of secret surveillance dictate that not only the surveillance itself but also the accompanying review should be effected without the individual\u2019s knowledge. Consequently, since the individual will necessarily be prevented from seeking an effective remedy of his or her own accord or from taking a direct part in any review proceedings, it is essential that the procedures established should themselves provide adequate and equivalent guarantees safeguarding his or her rights. In addition, the values of a democratic society must be followed as faithfully as possible in the supervisory procedures if the bounds of necessity, within the meaning of Article 8 \u00a7 2, are not to be exceeded. In a field where abuse is potentially so easy in individual cases and could have such harmful consequences for democratic society as a whole, it is in principle desirable to entrust supervisory control to a judge, judicial control normally offering the best guarantees of independence, impartiality and a proper procedure (Roman Zakharov, \u00a7 233).<\/p>\n 106.\u00a0\u00a0As regards the third stage, after the surveillance has been terminated, the question of subsequent notification of surveillance measures is inextricably linked to the effectiveness of remedies and hence to the existence of effective safeguards against the abuse of monitoring powers. There is in principle little scope for recourse to a remedy by the individual concerned unless he or she is advised of the measures taken without his or her knowledge and thus able to challenge their legality retrospectively or, in the alternative, that any person who suspects that his or her communications are being or have been intercepted can apply to an appropriate body, so that the latter\u2019s jurisdiction does not depend on a notification having been given to the subject who has had communications intercepted (Roman Zakharov, \u00a7\u00a0234).<\/p>\n 107.\u00a0\u00a0Having found an interference of the applicant\u2019s rights under Article\u00a08 \u00a7 1, in examining the justification for the interference under Article\u00a08 \u00a7 2, the Court needs to determine whether the contested legislation itself is in conformity with the Convention (Roman Zakharov, \u00a7 235). In cases where the legislation permitting secret surveillance is contested, the matter of the lawfulness of the interference is closely related to the question whether the \u201cnecessity\u201d requirement has been complied with and it is therefore appropriate to address these two issues jointly. The \u201cquality of law\u201d in this sense implies that the domestic law must not only be accessible and foreseeable in its application, but must also ensure that secret surveillance measures are applied only when \u201cnecessary in a democratic society\u201d, in particular by providing for adequate and effective safeguards and guarantees against abuse (Roman Zakharov, \u00a7 236).<\/p>\n (b)\u00a0\u00a0Existing case-law on the bulk interception of communications<\/p>\n 108.\u00a0\u00a0The Court has considered the Convention compatibility of regimes which expressly permit the bulk interception of communications on two occasions: first in Weber and Saravia v. Germany ((dec.), no. 54934\/00, ECHR 2006-XI), and then in Liberty and Others v. the United Kingdom (no.\u00a058243\/00, 1 July 2008).<\/p>\n 109.\u00a0\u00a0In Weber and Saravia the applicants complained about the process of strategic monitoring under the amended G10 Act, which authorised the monitoring of international wireless telecommunications. Signals emitted from foreign countries were monitored by interception sites situated on German soil with the aid of certain catchwords which were listed in the monitoring order. Only communications containing these catchwords were recorded and used. Having particular regard to the six \u201cminimum safeguards\u201d (see paragraph 103 above), the Court considered that there existed adequate and effective guarantees against abuses of the State\u2019s strategic monitoring powers. It therefore declared the applicants\u2019 Article\u00a08 complaints to be manifestly ill-founded.<\/p>\n 110.\u00a0\u00a0In Liberty and Others the Court was considering the regime under theInterception of Communications Act 1985 which allowed the executive to intercept communications passing between the United Kingdom and an external receiver. At the time of issuing an interception warrant, the Secretary of State was required to issue a certificate containing a description of the intercepted material which he considered should be examined. On the face of the 1985 Act, external communications sent to or from an address in the United Kingdom could only be included in the certificate if the Secretary of State considered it necessary for the prevention or detection of acts of terrorism. Otherwise, the legislation provided that material could be contained in a certificate, and thus listened to or read, if the Secretary of State considered that this was required in the interests of national security, the prevention of serious crime or the protection of the United Kingdom\u2019s economy. The Court held that the domestic law at the relevant time did not indicate with sufficient clarity, so as to provide adequate protection against abuse of power, the scope or manner of exercise of the very wide discretion conferred on the State to intercept and examine external communications. In particular, it did not set out in a form accessible to the public any indication of the procedure to be followed for selecting for examination, sharing, storing and destroying intercepted material.<\/p>\n (c)\u00a0\u00a0Application of these principles to the facts of the case<\/p>\n 111.\u00a0\u00a0It has not been disputed by the parties that the Swedish signals intelligence, in its present structure, has a basis in domestic law. Furthermore, the Court considers it clear that the measures permitted by Swedish law pursue legitimate aims in the interest of national security by supporting Swedish foreign, defence and security policy and identifying external threats to the country. It therefore remains to be ascertained whether the domestic law is accessible and contains adequate and effective safeguards and guarantees to be considered \u201cforeseeable\u201d and \u201cnecessary in a democratic society\u201d.<\/p>\n 112.\u00a0\u00a0The Court has expressly recognised that the national authorities enjoy a wide margin of appreciation in choosing how best to achieve the legitimate aim of protecting national security (see Weber and Saravia, cited above, \u00a7 106). In Weber and Saravia and Liberty and Others the Court accepted that bulk interception regimes did not per se fall outside this margin. Given the reasoning of the Court in those judgments and in view of the current threats facing many Contracting States (including the scourge of global terrorism and other serious crime, such as drug trafficking, human trafficking, sexual exploitation of children and cybercrime), advancements in technology which have made it easier for terrorists and criminals to evade detection on the internet, and the unpredictability of the routes via which electronic communications are transmitted, the Court considers that the decision to operate a bulk interception regime in order to identify hitherto unknown threats to national security is one which continues to fall within States\u2019 margin of appreciation.<\/p>\n 113.\u00a0\u00a0Nevertheless, it is evident from the Court\u2019s case-law over several decades that all interception regimes (both bulk and targeted) have the potential to be abused, especially where the true breadth of the authorities\u2019 discretion to intercept cannot be discerned from the relevant legislation (see, for example, Klass and Others v. Germany, 6September 1978, Series A no.\u00a028; Kennedy, cited above; Roman Zakharov, cited above, and Szab\u00f3 and Vissyv. Hungary, no. 37138\/14, 12 January 2016). Therefore, while States enjoy a wide margin of appreciation in deciding what type of interception regime is necessary to protect national security, the discretion afforded to them in operating an interception regime must necessarily be narrower. In this regard, the Court has identified six minimum safeguards that both bulk interception and other interception regimes must incorporate in order to be sufficiently foreseeable to minimise the risk of abuses of power (see paragraph 103 above).<\/p>\n 114.\u00a0\u00a0Accordingly, adapting these minimum safeguards where necessary to reflect the operation of a bulk interception regime dealing exclusively with national security issues, the following assessment of the interference established (see paragraph 95 above) will address, in turn, the accessibility of the domestic law, the scope and duration of signals intelligence, the authorisation of the measures, the procedures to be followed for storing, accessing, examining, using, communicating and destroying the intercepted data, the arrangements for supervising the implementation of the measures, any notification mechanisms and the remedies provided for by national law.<\/p>\n (i)\u00a0\u00a0Accessibility of domestic law<\/p>\n 115.\u00a0\u00a0The Court finds that all legal provisions relevant to signals intelligence have been officially published and are accessible to the public, a fact that has not been questioned by the applicant.<\/p>\n (ii)\u00a0\u00a0Scope of application of signals intelligence<\/p>\n (\u03b1)\u00a0\u00a0The parties\u2019 submissions<\/p>\n 116.\u00a0\u00a0The applicant submitted that, whereas the conduct againstwhich signals intelligence could be directed had clear affinities to various criminal offences, for instance crimes against the security of the nation, the same could not be said for the FRA\u2019s development activities. The latter activitiesallegedly permitted bulk collection of data, including large amounts of communications data,without regard to the requirement that interception be ordered only in regard to certain specific offences. The applicant further emphasised that, since 1 January 2013, the Security Police and the NOA have been given a mandate to issue more detailed tasking directives for signals intelligence. Since the general tasks of these two authorities were crime prevention and investigation there was a risk that signals intelligence was being conducted outside the scope of foreign intelligence activities.<\/p>\n 117.\u00a0\u00a0The Government submitted that the FRA\u2019s development activities were as rigorously regulated \u2013 and subject to supervision to the same extent \u2013 as signals intelligence in general. The Government also opposed the claim that signals intelligence could be used to investigate crimes, as the law did not permit such use of signals intelligence.<\/p>\n (\u03b2)\u00a0\u00a0The Court\u2019s assessment<\/p>\n 118.\u00a0\u00a0The Court reiterates that the national law must define the scope of application of secret surveillance measures by giving citizens an adequate indication as to the circumstances in which public authorities are empowered to resort to such measures (see paragraph 103 above).<\/p>\n 119.\u00a0\u00a0The requirement of \u201cforeseeability\u201d of the law does not go so far as to compel States to enact legal provisions listing in detail all conduct that may prompt a decision to subject an individual to secret surveillance on \u201cnational security\u201d grounds. By the nature of things, threats to national security may vary in character and may be unanticipated or difficult to define in advance. At the same time, it must be emphasised that in matters affecting fundamental rights it would be contrary to the rule of law for a discretion granted to the executive in the sphere of national security to be expressed in terms of unfettered power. Consequently, the law must indicate the scope of any such discretion conferred on the competent authorities and the manner of its exercise with sufficient clarity, having regard to the legitimate aim of the measure in question, to give the individual adequate protection against arbitrary interference (see Roman Zakharov, cited above, \u00a7 247, with further references).<\/p>\n 120.\u00a0\u00a0The Signals Intelligence Act stipulates eight purposes for which signals intelligence may be conducted (see paragraph 12 above). Although some of these purposes are generally framed, they are further elaborated upon in the preparatory works (paragraph 13), which is an essential source of Swedish legislation. The Court finds that these eight purposes are adequately indicated (cf. Roman Zakharov, cited above, \u00a7\u00a7 246 and 248).<\/p>\n 121.\u00a0\u00a0It is of further importance that signals intelligence conducted on fibre optic cables may only concern communications crossing the Swedish border in cables owned by a communications service provider. Communications between a sender and a receiver in Sweden may not be intercepted, regardless whether the source is airborne or cable-based.<\/p>\n 122.\u00a0\u00a0It is true that the FRA may also intercept signals as part of its development activities which, it appears, mainly concern the collection of communications data. Such collection is made in order to monitor changes in the international signals environment and to develop the FRA\u2019s own signals intelligence technology, and may lead to data not relevant for the regular foreign intelligence being intercepted and read. Also, the search terms used for interception of communications data \u2013 whether part of the development activities or not \u2013 are less specific than those used for interception of the content of a communication (see paragraph 62 above). However, as noted by the Signals Intelligence Committee (paragraph 63), the development activities are essential for the proper functioning of the foreign intelligence and the information thereby obtained may be used in the regular foreign intelligence only if such use is in conformity with the purposes established by law and the applicable tasking directives.Moreover, the provisions applicable to the regular foreign intelligence work are also relevant to the development activities and to any interception of communications data, including the requirement of a permit issued by the Foreign Intelligence Court (paragraph 18). It is further of relevance in this context that, in its 2010 and 2016 reports, the Data Protection Authority found no evidence that personal data had been collected for other purposes than those stipulated for the signals intelligence activities (paragraphs 59\u201160). In these circumstances, the Court is satisfied that the scope of application of the development activities is sufficiently demarcated.<\/p>\n 123.\u00a0\u00a0As from 1 January 2013, the Security Police and the NOA have been authorised to issue detailed tasking directives for signals intelligence. While, as pointed out by the applicant, the tasks of these authorities include crime prevention and investigation, section 4 of the Foreign Intelligence Act clearly excludes the use of foreign intelligence to solve tasks in the area of law enforcement or crime prevention (see paragraph 8 above).<\/p>\n 124.\u00a0\u00a0Consequently, the Court finds that the law indicates the scope of mandating and performing signals intelligence conferred on the competent authorities and the manner of its exercise with sufficient clarity.<\/p>\n (iii)\u00a0\u00a0Duration of secret surveillance measures<\/p>\n (\u03b1)\u00a0\u00a0The parties\u2019 submissions<\/p>\n 125.\u00a0\u00a0The applicant submitted that the legislation satisfied the minimum requirements in terms of duration of the permit.<\/p>\n 126.\u00a0\u00a0The Government held that the Signals Intelligence Act clearly regulated the maximum duration of a permit and the conditions under which a permit could be renewed.<\/p>\n (\u03b2)\u00a0\u00a0The Court\u2019s assessment<\/p>\n 127.\u00a0\u00a0The Court has held that it is not unreasonable to leave the overall duration of interception to the discretion of the relevant domestic authorities which have competence to issue and renew interception warrants, provided that adequate safeguards exist, such as a clear indication in the domestic law of the period after which an interception warrant will expire, the conditions under which a warrant can be renewed and the circumstances in which it must be cancelled (see Roman Zakharov, cited above, \u00a7 250).<\/p>\n 128.\u00a0\u00a0As regards the first two safeguards, the Signals Intelligence Act stipulates that a permit may be granted for a maximum of six months and that it may be extended, following a new examination, for six months at a time (see paragraph 23 above). The examination preceding a renewal must be understood as encompassing a full review by the Foreign Intelligence Court as to whether the conditions set out in section 5 of the Act are still met (paragraph 19). The Act thus gives clear indications of the period after which the permit will expire and of the conditions under which it can be renewed.<\/p>\n 129.\u00a0\u00a0In respect of the third safeguard, the circumstances in which interception must be discontinued, the legislation is not equally clear. There is no provision obliging the FRA, the authorities mandated to issue detailed tasking directives or the Foreign Intelligence Court to cancel a signals intelligence mission if the conditions for it have ceased to exist or the measures themselves are no longer necessary (cf. Klass and Others, cited above, \u00a7 52; and Kennedy, cited above, \u00a7161).<\/p>\n 130.\u00a0\u00a0Nevertheless, notwithstanding that the relevant legislation is less clear with regard to the third safeguard, it must be borne in mind that any permit is valid for a maximum of six months and that a renewal requires a review as to whether the conditions are still met.Furthermore, although the Foreign Intelligence Inspectorate is not tasked with inspecting every signals intelligence permit, itmay decide that an intelligence interception shall cease, if during an inspection it is evident that the interception is not in accordance with a permit (see paragraph 36 above). The Court also has regard to the fact that the permits in question concern the collection of intelligence related to threats to national security and are not targeting individuals suspected of criminal conduct, in which case the need for specific provisions on the cancellation of permits would have been more prominent.Moreover, as noted by the Data Protection Authority (paragraph\u00a060), theFRA continuously reviews whether the specific personal data it has intercepted is still needed for its signals intelligence activities. In these circumstances, the Court is satisfied that there are safeguards in place which adequately regulate the duration, renewal and cancellation of interception measures.<\/p>\n (iv)\u00a0\u00a0Authorisation of secret surveillance measures<\/p>\n (\u03b1)\u00a0\u00a0The parties\u2019 submissions<\/p>\n 131.\u00a0\u00a0The applicant submitted that, although signals intelligence could not be conducted without prior authorisation by the Foreign Intelligence Court, the court\u2019s impartiality and independence from the Government could be questioned and its activities were covered by complete secrecy. Its hearings and decisions had never been made public. The same was true for information about the number of hearings, the number of permits granted or rejected, any reasoning of its decisions or the amount or type of search terms being used. As to the composition of the court, its members were elected for a limited period of time, except for the president.<\/p>\n 132.\u00a0\u00a0The Government emphasised that all signals intelligence conducted required a permit from the Foreign Intelligence Court, including the FRA\u2019s development activities. The Government also stressed that the court was independent from Parliament and public authorities. Although its activities were governed by secrecy, a privacy protection representative was present to safeguard the interests of individuals.<\/p>\n (\u03b2)\u00a0\u00a0The Court\u2019s assessment<\/p>\n 133.\u00a0\u00a0As the Court has previously held, the authorisation of telephone tapping by a non-judicial authority may be compatible with the Convention (see, for example, Klass and Others, cited above, \u00a7 51; and Weber and Saravia, cited above, \u00a7 115), provided that that authority is sufficiently independent from the executive (Roman Zakharov, cited above, \u00a7 258). However, the rule of law implies, inter alia, that an interference by the executive authorities with an individual\u2019s rights should be subject to an effective control which should normally be assured by the judiciary, at least in the last resort, judicial control normally offering the best guarantees of independence, impartiality and a proper procedure (Klass and Others, cited above, \u00a7\u00a7 55 and 56). Prior judicial authorisation may serve to limit the authorities\u2019 discretion in interpreting the scope of mandating and performing signals intelligence. Thus, a requirement of prior judicial authorisation constitutes an important safeguard against arbitrariness (Roman Zakharov, cited above, \u00a7 249). Nevertheless, prior authorisation of such measures is not an absolute requirement per se, because where there is extensive subsequent judicial oversight, this may counterbalance the shortcomings of the authorisation (Szab\u00f3 and Vissy, cited above, \u00a7 77).<\/p>\n 134.\u00a0\u00a0Under Swedish law, signals intelligence conducted by the FRA must be authorised in advance by the Foreign Intelligence Court. The president of the court is a permanent judge, whereas the vice president and other members are appointed by the Government on four-year terms. Neither Parliament nor the Government or other authorities may interfere with the court\u2019s decision-making, which is legally binding.<\/p>\n 135.\u00a0\u00a0The main rule is that the court shall hold public hearings but, when secrecy applies, hearings may be held in private. As submitted by the applicant, and confirmed by the Government, the court\u2019s activities are in practice covered by complete secrecy. A hearing has never been open to the public and all decisions are confidential. As noted by the applicant, no information is disclosed to the public about the number of hearings, the number of permits granted or rejected, the reasoning of the court\u2019s decisions or the amount or type of search terms being used.<\/p>\n 136.\u00a0\u00a0The Court is mindful of the fact that the nature of signals intelligence requires that surveillance is done in secret (see paragraph\u00a0101 above). It must therefore be accepted that, where there is a system of priorauthorisation, sensitive aspects of the authorising body\u2019s activities are withheld from the public for as long as required in the individual case, in order not to defeat the purpose of the signals intelligence. However, such a procedure could only be accepted where there are adequate safeguards in place.<\/p>\n 137.\u00a0\u00a0The Government have submitted that the lack of transparency is compensated by the presence of the privacy protection representative.He or she must be present during the court\u2019s examination, except in very urgent cases. The representative is either a present or former permanent judge or attorney and has access to all the case documents and may make statements. He or she does not appear on behalf of any individual concerned by the signals intelligence permit at issue, but protects the interests of the general public.<\/p>\n 138.\u00a0\u00a0The Court is of the view that, while the privacy protection representative cannot appeal against a decision by the Foreign Intelligence Court or report any perceived irregularities to the supervisory bodies, the presence of the representative at the court\u2019s examinations compensates, to a limited degree, for the lack of transparency concerning the court\u2019s proceedings and decisions.<\/p>\n 139.\u00a0\u00a0More importantly, taking into account that proceedings and decisions relating to secret surveillance largely require secrecy, the Court considers that what is essential for the protection of individuals\u2019 rights in the context of the regime under consideration is that the FRA\u2019s signals intelligence is subject to a system of prior authorisation whereby the FRA must submit for independent examination an application for a permit to conduct surveillance in respect of each intelligence collectionmission.As an additional safeguard against abuse and arbitrariness,the task of examining whether the mission is compatible with applicable legislation and whether the intelligence collection is proportional to the resultant interference with personal integrity has been entrusted to a body whose presiding members are or have been judges.Furthermore, the supervision of the Foreign Intelligence Court is extensive as the FRA, in its applications, must specify not only the mission request in question and the need for the intelligence sought but also the signal carriers to which access is needed and the search terms \u2013 or at least the categories of search terms \u2013 that will be used (see paragraphs 18-20 above).The Court thereforeconsiders that the judicial supervision performed by the Foreign Intelligence Court is of crucial importance in that it limits the FRA\u2019s discretion by interpreting the scope of mandating and performing signals intelligence.<\/p>\n 140.\u00a0\u00a0As a final point under this heading, it should be noted that the FRA itself may decide to grant a permit, if it is feared that the application of a permit from the Foreign Intelligence Court might cause delay or other inconveniences of essential importance for one of the specified purposes of the signals intelligence. In this context the Court reiterates the need for safeguards to ensure that such emergency measures are used sparingly and only in justified cases (Roman Zakharov, cited above, \u00a7 266).As the legislation states that such a decision must be followed by an immediate notification to and a subsequent rapid review by the Foreign Intelligence Court where the permit may be changed or revoked, the Court finds this procedure acceptable (cf.Szab\u00f3 and Vissy, cited above, \u00a7 81).<\/p>\n 141.\u00a0\u00a0In light of the foregoing, the Court finds that the provisions and procedures relating to the system of prior court authorisation, on the whole, provide important guarantees against abuse.<\/p>\n (v)\u00a0\u00a0Procedures to be followed for storing, accessing, examining, using and destroying the intercepted data<\/p>\n (\u03b1)\u00a0\u00a0The parties\u2019 submissions<\/p>\n 142.\u00a0\u00a0The applicant argued that the procedures in these aspects were regulated in only very broad terms. For example, there was no general obligation to destroy data.<\/p>\n 143.\u00a0\u00a0The Government pointed out that the Foreign Intelligence Inspectoratewas responsible for scrutinising the treatment and destruction of data in general and had a mandate to terminate surveillance and order the destruction of data that had been collected in a way that was incompatible with a permit issued by the Foreign Intelligence Court.<\/p>\n (\u03b2)\u00a0\u00a0The Court\u2019s assessment<\/p>\n 144.\u00a0\u00a0The Court notes that personnel at the FRA treating personal data are security cleared and, if secrecy applies to the personal data, subject to confidentiality. They are under an obligation to handle the personal data in a safe manner. Also, they could face criminal sanctions if tasks relating to the treatment of personal data are mismanaged (see paragraph 30 above). Furthermore, the FRA must ensure that personal data is collected only for certain expressly stated and justified purposes, determined by the direction of the foreign intelligence activities through tasking directives. The personal data treated also has to be adequate and relevant in relation to the purpose of the treatment. No more personal data than what is necessary for that purpose may be processed. All reasonable efforts have to be made to correct, block and obliterate personal data which is incorrect or incomplete in relation to the purpose (paragraph 28).<\/p>\n 145.\u00a0\u00a0Contrary to the applicant\u2019s claim, there are several provisions regulating the situations when intercepted data has to be destroyed. For example, intelligence must be destroyed immediately if it 1) concerns a specific natural person and has been determined to lack importance for the purpose of the signals intelligence, 2) is protected by constitutional provisions of secrecy for the protection of anonymous authors or media sources, 3)contains information shared between a criminal suspect and his or her counsel and is thus protected by attorney-client privilege, or 4)\u00a0\u00a0involves information given in areligious context of confession or individual counselling, unless there are exceptional reasons for examining the information (see paragraph 25 above). Moreover, if communications have been intercepted between a sender and receiver both in Sweden, despite the ban on the interception of such communications, they must be destroyed as soon as their domestic nature has become evident (paragraph\u00a026). Also, where a temporary permit granted by the FRA has been revoked by the Foreign Intelligence Court, all intelligence collected on the basis of that permit must be immediately destroyed (paragraph 27).<\/p>\n 146.\u00a0\u00a0Although the FRA may maintain databases for raw material containing personal data up to one year, it has to be kept in mind that raw material is unprocessed information. That is, it has yet to be subjected to manual treatment. The Court accepts that it is necessary for the FRA to store raw material before it can be manually processed. At the same time, the Court stresses the importance of deleting such data as soon as it is evident that it lacks pertinence for a signals intelligence mission.<\/p>\n 147.\u00a0\u00a0In sum, examining the legislation on storing, accessing, examining, using and destroying intercepted data, the Court is satisfied that it provides adequate safeguards against abuse of treatment of personal data and thus serves to protect individuals\u2019 personal integrity (cf. Roman Zakharov, cited above, \u00a7\u00a7 253-256; and Kennedy, cited above, \u00a7\u00a7 162-164).<\/p>\n (vi)\u00a0\u00a0Conditions for communicating the intercepted data to other parties<\/p>\n (\u03b1)\u00a0\u00a0The parties\u2019 submissions<\/p>\n 148.\u00a0\u00a0The applicant submitted that the conditions for communicating data left a large discretion to the FRA, for instance through the lack of specification as regards the foreign authorities and international organisations to whom data could be communicated.<\/p>\n 149.\u00a0\u00a0The Government maintained that the procedures for communicating data, including the communication to other states and international organisations as part of Sweden\u2019s international cooperation, contained sufficient safeguards and that supervision was provided by the Foreign Intelligence Inspectorate.<\/p>\n (\u03b2)\u00a0\u00a0The Court\u2019s assessment<\/p>\n 150.\u00a0\u00a0With regard to the communication of intercepted data to other parties, the purpose of signals intelligence naturally demands that it may be reported to concerned national authorities, in particular the authority which ordered the mission. Furthermore, given the context \u2013 the collection of intelligence on foreign circumstances that may have an impact on Swedish national security and other essential national interests as well as the country\u2019s participation in international security operations \u2013 it is evident that there must be a possibility of exchanging intelligence collected with international partners. Thus, the FRA Personal Data Processing Act allows the communication of personal data to other states or international organisations if necessary for the activities of the FRA within international defence and security cooperation and as long as it is not prevented by secrecy. Further discretion is given to the Government, which may decide to communicate personal data to states or organisations in other cases when necessary for the activities of the FRA, thus presumably in cases where such communication would otherwise be prevented by rules of secrecy. The FRA Personal Data Processing Ordinance adds that such disclosure is permitted for the benefit of the Swedish Government and Sweden\u2019s comprehensive defence strategy as long as it does not harm Swedish interests (see paragraph 35 above). The relevant provision of the Public Access to Information and Secrecy Act contains an exception to the rule of secrecy in relation to foreign authorities and international organisations in cases where an express legal provision allows disclosure or when the information in an analogous situation may be given to a Swedish authority and the disclosing authority finds it to be consistent with Swedish interests (paragraph 58). Thus, whereas national interests are taken into account, the legislation does not indicate that possible harm to the individual concerned must be considered. Furthermore, the legislation only in very broad terms mentions that the data may be communicated to \u201cother states or international organisations\u201d;there is no provision requiring the recipient to protect the data with the same or similar safeguards as those applicable under Swedish law. Also the situation where data may be communicated \u2013 when necessary for \u201cinternational defence and security cooperation\u201d \u2013 opens up for a rather wide scope of discretion. In the Court\u2019s view, the mentioned lack of specification in the provisions regulating the communication of personal data to other states and international organisations gives some cause for concern with respect to the possibleabuse of the rights of individuals.On the whole, however, the Court considers that the supervisory elements described below sufficiently counterbalance theseregulatory shortcomings.<\/p>\n (vii)\u00a0\u00a0Supervision of the implementation of secret surveillance measures<\/p>\n (\u03b1)\u00a0\u00a0The parties\u2019 submissions<\/p>\n 151.\u00a0\u00a0The applicant, pointing to the findings of the National Audit Office, submitted that the Foreign Intelligence Inspectorate\u2019s own documentation of its supervisory work was scarce and that the Inspectorate lacked specified goals.<\/p>\n 152.\u00a0\u00a0The Government submitted that an assessment of the report of the National Audit Office had been communicated to Parliament. The Office\u2019s overall conclusion was that the Inspectorate had been given the necessary prerequisites to carry out its supervisory functions in an efficient and effective manner. The FRA had taken the Inspectorate\u2019s views seriously and implemented measures accordingly. As to the Inspectorate\u2019s goals, these were clearly specified in the legislation.<\/p>\n (\u03b2)\u00a0\u00a0The Court\u2019s assessment<\/p>\n 153.\u00a0\u00a0The Court has found that, although it is in principle desirable to entrust supervisory control to a judge, supervision by a non-judicial body may be considered compatible with the Convention, provided that the supervisory body is independent of the authorities carrying out the surveillance, and is vested with sufficient powers and competence to exercise an effective and continuous control (see Roman Zakharov, cited above, \u00a7 275, with further reference).<\/p>\n 154.\u00a0\u00a0As to the requirement of independence, the Court has taken into account the manner of appointment and the legal status of the members of the supervisory body. In particular, it has found sufficiently independent the bodies composed of members of Parliament of both the majority and the opposition, or of persons qualified to hold judicial office, appointed either by Parliament or by the Prime Minister (see Roman Zakharov, cited above, \u00a7\u00a0278, with further references).<\/p>\n 155.\u00a0\u00a0As regards the supervisory body\u2019s powers and competence, it is essential that it has access to all relevant documents, including closed materials, and that all those involved in interception activities have a duty to disclose to it any material required. Other important elements to take into account when assessing the effectiveness of the supervision are the supervisory body\u2019s powers with respect to any breaches detected and the possible public scrutiny of its activities. Moreover, it is for the Government to illustrate the practical effectiveness of the supervision arrangements with appropriate examples (see Roman Zakharov, cited above, \u00a7\u00a7 281-283, with further references).<\/p>\n 156.\u00a0\u00a0The members of the Foreign Intelligence Inspectorate are appointed by the Government on terms of at least four years and the president and vice-president are current or former permanent judges. The other members are suggested by the parliamentarian party groups (see paragraph 37 above). The Court, therefore, finds no reason to question the independence of the Inspectorate.<\/p>\n 157.\u00a0\u00a0The Inspectorate shall examine in particular the search terms used, the destruction of intelligence and how reports are communicated; the FRA shall report to it the search terms which directly relate to a specific natural person (see paragraph 36 above). The Inspectorate has access to all relevant documents (paragraph 39).It is within its powers to decide that the collection of intelligence shall cease or that information collected shall be destroyed, if during an inspection it becomes evident that the collection has not been in accordance with a particular permit; though, as of yet, no such measure has proved necessary (paragraphs 36 and 39). The Inspectorate is also in charge of the signal carriers, which includes ensuring that the FRA is only provided with access to signal carriers insofar as such access is covered by the permit (paragraph 24). The Inspectorate is to forward to the FRA, and if needed to the Government, any opinions or suggestions for measures to which the inspections give rise (paragraph 38).<\/p>\n 158.\u00a0\u00a0The Court considers that the supervision of the Foreign Intelligence Inspectorate is of particular value in ensuring that the provisions applicable to the activities of the FRA are respected and that, generally, signals intelligence is performed in a manner which offers adequate safeguards against abuse. The above-mentioned rules governing the work of the Inspectorate indicate that it has been given sufficient powers to carry out this task. Moreover, contrary to the applicant\u2019s claim, the Court understands the report of the National Audit Office as concluding that the Inspectorate has been able to carry out its supervisory task efficiently. The Office also found that the FRA has taken the Inspectorate\u2019s views and suggestions seriously and have implemented measures based on them (see paragraph\u00a040 above). The Court is therefore satisfied that the Inspectorate\u2019s supervision is efficient, not only in theory but also in practice.<\/p>\n 159.\u00a0\u00a0The Court also finds that the Inspectorate\u2019s activities are open to public scrutiny. Beyond the audit provided by the National Audit Office, the Inspectorate submits annual reports to the Government on its activities; these reports are available to the public (see paragraph 38 above).<\/p>\n 160.\u00a0\u00a0As regards personal data, further supervisory functions are provided by the Data Protection Authority. The Authority has on request access to personal data that is processed, documentation on the treatment of personal data along with the security measures taken on such treatment and access to the facilities connected to the processing of personal data. If the Authority finds that personal data is or could be processed illegally, it shall take remedial action through remarks to the FRA. The Authority may also apply to an administrative court to have illegally processed personal data destroyed (see paragraph 43 above). The Authority\u2019s supervision led to reports published in 2010 and 2016, in which some aspects of the FRA\u2019s activities were criticised. Issues of personal data and personal integrity, however, were generally considered to have been dealt with in a satisfactory manner (paragraphs 59-60).<\/p>\n 161.\u00a0\u00a0Having regard to the above, the Court finds that the supervisory elements provided by the Foreign Intelligence Inspectorate and the Data Protection Authority fulfill the requirements on supervision in general. Moreover, the Parliamentary Ombudsmen and the Chancellor of Justice have general supervisory responsibilities in regard to the FRA.<\/p>\n (viii)\u00a0\u00a0Notification of secret surveillance measures<\/p>\n (\u03b1)\u00a0\u00a0The parties\u2019 submissions<\/p>\n 162.\u00a0\u00a0The applicant submitted that the obligation on the FRA to notify natural persons when search terms directly related to them had been used was void of any practical meaning, since notifications had never been made due to secrecy.<\/p>\n 163.\u00a0\u00a0The Government confirmed that a notification had never been given by the FRA for reasons of secrecy, but submitted that this was compensated by the remedy according to which theForeign Intelligence Inspectorate could check at the request of an individual whether his or her communication had been subject to signals intelligence.<\/p>\n (\u03b2)\u00a0\u00a0The Court\u2019s assessment<\/p>\n 164.\u00a0\u00a0The Court reiterates that it may not be feasible in practice to require subsequent notification in all cases. The activity or danger against which a particular series of surveillance measures is directed may continue for years, even decades, after the suspension of those measures. Subsequent notification to each individual affected by a suspended measure might well jeopardise the long-term purpose that originally prompted the surveillance. Furthermore, such notification might serve to reveal the working methods and fields of operation of the intelligence services and even possibly to identify their agents. Therefore, the fact that persons concerned by secret surveillance measures are not subsequently notified once surveillance has ceased cannot by itself warrant the conclusion that the interference was not \u201cnecessary in a democratic society\u201d, as it is the very absence of knowledge of surveillance which ensures the efficacy of the interference. As soon as notification can be carried out without jeopardising the purpose of the restriction after the termination of the surveillance measure, information should, however, be provided to the persons concerned (see Roman Zakharov, cited above, \u00a7 287, with further references).<\/p>\n 165.\u00a0\u00a0The Court, mindful of the fact that the applicant is not a natural person, notes that, in theory, the FRA is obliged to inform a natural person, if search terms directly related to him or her have been used, about when and why the collection took place. The person shall be notified as soon as it can be done without detriment to the foreign intelligence activities, but at the latest one month after the signals intelligence mission was concluded. However, the obligation to notify does not apply where secrecy applies. The parties, as well as the Data Protection Authority in its report of 6\u00a0December\u00a02010 (see paragraph 59 above) and the Signals Intelligence Committee in its report of 11 February 2011 (paragraph 64),have confirmed that in practice a notification has never been made, due to secrecy. Thus, the Court agrees with the applicant that the obligation on the FRA to notify individuals lacks practical significance.<\/p>\n 166.\u00a0\u00a0The Court has previously found that the absence of a requirement to notify the subject of interception of postal and telephone communications at any point in time or in any circumstances was incompatible with the Convention, in that it deprived the subject of the interception an opportunity to seek redress for unlawful interferences with his or her rights under Article 8 and rendered the remedies available under national law theoretical and illusory rather than practical and effective (see Association for European Integration and Human Rights and Ekimdzhiev, cited above, \u00a7\u00a7 90 and 91). By contrast, in the case of Kennedy, the absence of a requirement to notify the subject of interception at any point in time was compatible with the Convention, because in the United Kingdom any person who suspected that his or her communications were being or had been intercepted could complain about an unlawful interception to a tribunal, whose jurisdiction did not depend on notification to the subject that there had been an interception of his or her communications (Kennedy, cited above, \u00a7 167).<\/p>\n 167.\u00a0\u00a0Taking into account that the requirement to notify the subject of secret surveillance measures is not applicable to the applicant and is, in any event, devoid of practical significance, the Court accordingly finds it pertinent to examine the issue of notification together with the remedies available in Sweden; two issues that are inextricably linked (see Roman Zakharov, cited above, \u00a7 286).<\/p>\n (ix)\u00a0\u00a0Available remedies<\/p>\n (\u03b1)\u00a0\u00a0The parties\u2019 submissions<\/p>\n 168.\u00a0\u00a0The applicant submitted that persons who had availed themselves of the possibility to request an investigation by the Foreign Intelligence Inspectorate had received a standardised reply that no unlawful surveillance had taken place. The applicant also stressed that the Inspectorate had no power to order compensation to be paid. No complaints regarding signals intelligence conducted by the FRA had been received by the Data Protection Authority after 2009. In regard to the Parliamentary Ombudsmen, the Chancellor of Justice and the other remedies mentioned by the Government, the applicant did not see any prospects of success unless there was evidence to establish that an individual had in fact been subjected to unlawful interception.<\/p>\n 169.\u00a0\u00a0The Government emphasised that Swedish legislation offered several remedies. Beyond the possibility for individuals to request the Foreign Intelligence Inspectorate to check if his or her communications had been intercepted, the FRA was obliged, upon request, to inform the individual if his or her personal data had been treated or not and to correct, block or destroy personal data that had not been processed in accordance with law. In addition, complaints could be addressed to the Parliamentary Ombudsmen and the Chancellor of Justice, who had the power to investigate that relevant laws had been properly applied and, in so doing, were entitled to have access to documents of courts and administrative authorities, including the Foreign Intelligence Court and the FRA. Although they could not render legally binding decisions, their opinions commanded great respect in Swedish society. Also the Data Protection Authority, aside from being the supervisory authority on the FRA\u2019s treatment of personal data, could examine individual complaints. Furthermore, it was possible for an individual to bring an action for damages, report a matter for prosecution and bring a claim for compensation for violations of the Convention.<\/p>\n 170.\u00a0\u00a0The International Commission of Jurists, Norwegian Section, submitted that remedies were not available to non-Swedish citizens, despite the fact that Swedish signals intelligence was focused on communications crossing the Swedish border.<\/p>\n (\u03b2)\u00a0\u00a0The Court\u2019s assessment<\/p>\n 171.\u00a0\u00a0As the Court noted above, in the case of Kennedy the absence of a requirement to notify the subject of interception was compatible with the Convention, because the jurisdiction of the tribunal where the interception could be challenged did not depend on a prior notification (see Kennedy, cited above, \u00a7 167). Under the Signals Intelligence Act, the Foreign Intelligence Inspectorate, at the request of an individual, investigates whether his or her communications have been intercepted through signals intelligence. If so, the Inspectorate verifies whether the interception and treatment of the information was in accordance with law. The Inspectorate must notify the individual that an investigation has been carried out. A request can be made by legal and natural persons regardless of nationality and residence (see paragraph 46 above). The Inspectorate has the power to decide that the collection of intelligence shall cease or that the intelligence shall be destroyed (paragraph 36).<\/p>\n 172.\u00a0\u00a0Like in the Kennedy case, the Court is therefore satisfied that the remedy offered by the Foreign Intelligence Inspectorate is not dependent on prior notification. Although the Inspectorate may decide on the discontinuation of intelligence collectionor the destruction of intelligence, unlike in Kennedy, it may not order compensation to be paid. However, with regard to compensation per se, the Court is mindful that there is an effective remedy in Sweden in that compensation from the State can be sought through the Chancellor of Justice or the domestic courts (see paragraph\u00a053 above).<\/p>\n 173.\u00a0\u00a0The Inspectorate examines if the individual\u2019s communications have been intercepted using signals intelligence. However, that examination is limited to the question whether or not the collection of intelligence was in accordance with law. The individual cannot obtain information whether his or her communications have actually been intercepted, only if there has been any unlawfulness. As pointed out by the applicant, the Inspectorate does not give any reasons for its conclusions reached on the issue of lawfulness. In contrast, the Court noted in Kennedy that the publication of the tribunal\u2019s legal rulings enhanced the level of scrutiny afforded to secret surveillance activities in the United Kingdom (see Kennedy, cited above, \u00a7\u00a0167). Moreover, as the decision of the Inspectorate is final, an individual who is not satisfied with the response from the Inspectorate may not seek review by, for instance, making an appeal to a court.<\/p>\n 174.\u00a0\u00a0As to the remedies available directly through the FRA, the Court makes the following observations. The FRA is, upon request,required to inform an individual whether personal data concerning him or her has been processed. A request may be submitted once per calendar year. If such data has been treated, the FRA must specify what information on the individual is concerned, from where it was collected, the purpose of the treatment and to which recipients or categories of recipients the personal data has been reported (see paragraph 47 above). The Court notes that such an obligation is well-tailored to lower suspicion and concern among the general public that secret surveillance measures are being abused.<\/p>\n 175.\u00a0\u00a0However, like the notification requirement, there is no obligation on the FRA to give information if secrecy applies to it. While the FRA\u2019s decisions may be appealed against to the Administrative Court in Stockholm (see paragraph 49 above), the Court has to assume that, like with other aspects of the FRA\u2019s activities, strict secrecy applies and, therefore, no information on personal data is given to requesting individuals. In the absence of examples provided by the Government that illustrate the effectiveness of this remedy, the Court cannot find that ithas practical importance. Furthermore, the FRA\u2019s procedure to correct, block or destroy personal data (paragraph 48) is dependent on the individual\u2019s knowledge that personal data has been registered and the nature of that data. Therefore, that remedy must be deemed to be ineffective in practice.<\/p>\n 176.\u00a0\u00a0The Court notes, however, that Swedish law provides for several remedies of a general nature, in particular the possibility of addressing individual complaints to the Parliamentary Ombudsmen and the Chancellor of Justice (see paragraphs 51-53 above). These two institutions examine whether courts and authorities and their officials comply with laws and regulations and fulfil their obligations, not the least in regard to citizens\u2019 fundamental rights and freedoms. They are thus authorised to scrutinise the work of the courts and authorities involved in signals intelligence activities and there appears to be no impediment preventing an individual from introducing a complaint about an interference of privacy rights. The two institutionshave the right of access to documents and other materials for the performance of their scrutiny. While their decisions are not legally binding, their opinions command great respect in Sweden. They also have the power to initiate criminal or disciplinary proceedings against public officials for actions taken in the discharge of their duties. As regards the Chancellor of Justice, it is also of relevance that a practice has developed in the last several years according to which the Chancellor may receive and resolve individual compensation claims for alleged violations of the Convention (paragraphs\u00a053 and 172).<\/p>\n Moreover, the Court notes that the Data Protection Authority may receive and examine individual complaints under the Personal Data Act (paragraph 54).<\/p>\n 177.\u00a0\u00a0To sum up, the Court observes that the Swedish remedies available for complaints relating to secret surveillance do not include the recourse to a court, save for an appeal against the FRA\u2019s decisions on disclosure and corrective measures, which remedies the Court have as such found to be ineffective. Furthermore, there does not appear to be a possibility for an individual to be informed of whether his or her communications have actually been intercepted or, generally, to be given reasoned decisions. Thus, in regard to the final stage of supervision of signals intelligence measures \u2013 reviews requested by individuals after the measures have been carried out \u2013 the Swedish system does not offer the same guarantees in these respects as the scrutiny in the United Kingdom, examined in the Kennedy case.<\/p>\n 178.\u00a0\u00a0Nevertheless, there are several remedies by which an individual may initiate an examination of the lawfulness of measures taken during the operation of the signals intelligence system, notably through requests to the Foreign Intelligence Inspectorate, the Parliamentary Ombudsmen and the Chancellor of Justice. In the Court\u2019s view, the aggregate of remedies, although not providing a full and publicresponse to the objections raised by a complainant, must be considered sufficient in the presentcontext, which involves an abstract challenge to the signals intelligence regime itself and does not concern a complaint against a particular intelligence measure. In reaching this conclusion, the Court attaches importance to the earlier stages of supervision of the regime, including the detailed judicial examination by the Foreign Intelligence Court of the FRA\u2019s requests for permits to conduct signals intelligence and the extensive and partly public supervision by several bodies, in particular the Foreign Intelligence Inspectorate.<\/p>\n (x)\u00a0\u00a0Conclusion<\/p>\n 179.\u00a0\u00a0The Court is mindful of the potentially harmful effects that the operation of a signals intelligence scheme may have on the protection of privacy. Nevertheless,the Court acknowledges the importance for national security operations of a systemsuch as the one examined in the present case. It notes, in this respect, the similar conclusions drawn by the Venice Commission (see paragraph 69 above). Having regard to the present-day threats being posed by global terrorism and serious cross-border crimeas well as the increased sophistication of communications technology, the decision to set up a bulk interception regime in order to identify such threats was one which fell within the respondent State\u2019s margin of appreciation. As noted above (paragraph 112), in deciding on the type of regime necessary, the margin afforded was a wide one.<\/p>\n 180.\u00a0\u00a0As noted simultaneously, the State\u2019s discretion inoperating the interception regime is more narrow. When examining the Swedish system of signals intelligence in abstracto, the Court has had regard to the relevant legislation and the other information available in order to assess whether, on the whole, there are sufficient minimum safeguards in place to protect the public from abuse. While the above assessment has disclosedsome areas where there is scope for improvement \u2013 notably the regulation of the communication of personal data to other states and international organisations (see paragraph 150 above) and the practice of not giving public reasons following a review of individual complaints (paragraphs\u00a0173 and\u00a0177) \u2013 the Court is of the opinion that thesystem reveals no significant shortcomings in its structure and operation. The regulatory framework has been reviewed several times, in order to expand the use of signals intelligence but also, more importantly, with the aim to enhance protection of privacy. It has developed in such a way that it minimises the risk of interference with privacy and compensates for the lack of openness. In particular, the scope of the signals intelligence measures and the treatment of intercepted data are clearly defined in law, the authorisation procedure is detailed and entrusted to a judicial body and there are several independent bodies tasked with the supervision and review of the system.The Court\u2019s finding that the system reveals no significant shortcomings is the result of an examination in abstracto and does not preclude a review of the State\u2019s liability under the Convention where, for example, the applicant has been made aware of an actual interception.<\/p>\n 181.\u00a0\u00a0Accordingly, making an overall assessment and having regard to the margin of appreciation enjoyed by the national authorities in protecting national security, the Court finds thatthe Swedish system of signals intelligence provides adequate and sufficient guarantees against arbitrariness and the risk of abuse.The relevant legislation meets the \u201cquality of law\u201d requirement and the \u201cinterference\u201d established can be considered as being \u201cnecessary in a democratic society\u201d. Furthermore, the structure and operation of the system are proportionate to the aim sought to be achieved.<\/p>\n There has accordingly been no violation of Article 8 of the Convention.<\/p>\n II.\u00a0\u00a0ALLEGED VIOLATION OF ARTICLE 13 OF THE CONVENTION<\/p>\n 182.\u00a0\u00a0The applicant complained that it has had no effective domestic remedy through which to challenge the violation of its rights under Article 8 of the Convention. The applicant relied on Article 13 of the Convention, which reads as follows:<\/p>\n \u201cEveryone whose rights and freedoms as set forth in [the] Convention are violated shall have an effective remedy before a national authority notwithstanding that the violation has been committed by persons acting in an official capacity.\u201d<\/p>\n 183.\u00a0\u00a0The Government contested that argument.<\/p>\n 184.\u00a0\u00a0Having regard to the findings under Article 8 (see, in particular, paragraph 178 above), the Court considers that, although the present complaint is closely linked to the complaint under Article 8 and therefore has to be declared admissible, it raises no separate issue under Article 13 of the Convention.<\/p>\n FOR THESE REASONS, THE COURT, UNANIMOUSLY,<\/strong><\/p>\n 1.\u00a0\u00a0Joins to the merits the Government\u2019s objection regarding the applicant\u2019s lack of victim status and declares the application admissible;<\/p>\n 2.\u00a0\u00a0Dismisses the Government\u2019s above-mentioned objection;<\/p>\n 3.\u00a0\u00a0Holds that there has been no violation of Article 8 of the Convention;<\/p>\n 4.\u00a0\u00a0Holds that there is no need to examine separately the complaint under Article 13 of the Convention.<\/p>\n Done in English, and notified in writing on 19 June 2018, pursuant to Rule 77 \u00a7\u00a7 2 and 3 of the Rules of Court.<\/p>\n Stephen Phillips\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Branko Lubarda
\nHelena J\u00e4derblom,
\nHelen Keller,
\nPere Pastor Vilanova,
\nAlena Pol\u00e1\u010dkov\u00e1,
\nGeorgios A. Serghides,
\nJolien Schukking, judges,
\nand Stephen Phillips, Section Registrar,<\/p>\n
\nRegistrar\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 President<\/p>\n