The Right to Access to Privacy of Correspondence and Russian Judicial Practice
Published: May 4, 2021
Latest article update: Sept. 6, 2023
Analysis of ways of limiting secrecy of correspondence in Russian judicial practice
Restriction, rights, privacy of correspondence, confidentiality, e-privacy, secrecy
In the past few years, there has been an increase in the number of cases in Russian courts dealing with access to information constituing the secrecy of correspondence. Although judicial practice is not an official source of law in Russia, it plays an important role in identifying and filling gaps in the legal regulation of the processing such information.
A significant step towards expanding the content of secrecy of correspondence was made by the Constitutional Court of Russia. In the case on checking the constitutionality of the provisions of the Federal law “On Communications”, it gave a broad interpretation of the constitutional provision on the secrecy of correspondence (part 2 of article 23 of the Constitution of the Russian Federation: Everyone shall have the right to privacy of correspondence, of telephone conversations, postal, telegraph and other messages)1, indicating, that information constituting a secret of correspondence is any information transmitted and stored by means of communication, including the messages of users and information about such messages (metadata)2. The position of the Constitutional Court was subsequently used as the basis of court decisions in many other disputes regarding the secrecy of correspondence. Russian legislation imposes the obligation to protect privacy of correspondence on providers3 — telecom operators, postal operators, organizers of instant messaging services4, that is, on persons who have gained access to information constituting a secret of communication by virtue of their professional activities. Among other measures to protect the privacy of correspondence, providers are required to ensure that access to information about messages and its metadata is restricted. The Constitution of Russia establishes the conditions for access to the secrecy of correspondence5: 1) only by court decision, 2) in cases provided for by Federal law, 3) only to the extent necessary, 4) in order to protect the foundations of the constitutional order, morality, health, rights and legitimate interests of others, ensuring the defense and state security. The legislation obliges Telecom operators6, owners of information resources on the Internet to store information about messages transmitted by then-users, as well as these messages themselves, and provide this information to law enforcement agencies, in cases established by laws7. Taking this into account, as well as the criminal procedure legislation, only law enforcement agencies shall have the right to access the secrecy of communications during investigative actions and only on basis of a court decision8.
The provisions of the legislation, including Government decrees9, on the storage of information constituting the secrecy of correspondence and on the procedure of interaction between providers and law enforcement agencies, have been relentlessly criticized, since their implementation may be associated with abuse by law enforcement agencies and lead to a violation of the secrecy of correspondence. In particular, it concerned the provisions of the Russian Government Decree No. 538 on the possibility of round-the-clock remote access of the Russian Federal Security Service to the information systems of the Telecom operators. The legality of this provision was the subject of court hearing, and the court rightly recognized the decision as legal, since it only establishes the procedure for interaction between Telecom operators and law enforcement agencies, but does not cancel the need to obtain a court decision to access information constituting a secrecy of correspondence10.
Judicial practice shows that, in addition to the criminal prosecution bodies, other state authorities also claim to gain access to the secrecy of correspondence. A number of court cases were aimed to establish legal basis for the right on such an access.
One of these bodies is the Federal Antimonopoly Service (FAS).
In the dispute between the Telecom operator and the regional FAS Department, the issue of the legality of bringing the Telecom operator to administrative responsibility for failure to comply with the requirements of the antimonopoly authority was considered, namely the refusal to provide information about incoming SMS messages to the phone number specified in the request for a specific date11. The position of the FAS was that it has the right to access secrecy of correspondence, since the legislation on advertising12 imposes on legal entities the obligation to submit to the antimonopoly authority, upon its reasoned request, the necessary information (including information constituting commercial and other secrets protected by law), and also provide authorized officials of the antimonopoly body with access to such information. The courts of first and appellate instances supported the FAS in the dispute. However, the Supreme Court overturned the decisions of the lower courts13. The Supreme Court of the Russian Federation took the side of the Telecom operator, which denied the FAS access to the secrecy of correspondence. The court’s reasoning was based on the norms of the Law “On Communications”, from which it follows that information about subscribers and the communications services provided to them can only be provided to the investigation bodies14. Since the FAS does not belong to such bodies, the Supreme Court considered the refusal of the Telecom operator to provide such information to the FAS as lawful.
The same position was expressed by the Supreme Court of Russia in a similar dispute between the territorial Office of the Federal Bailiffs Service and a telecom operator. The courts of the first, appellate and cassation instances took the side of the state body, considering that it had the right to request the necessary information to supervise the return of overdue debt. At the same time, the Supreme Court of the Russian Federation recognized the request of the territorial Office Federal Bailiffs Service to provide the telecom operator with detailed information about telephone conversations on a specific phone number illegal, using the same reasoning as in the previously described dispute between the telecom operator and the antimonopoly authority15.
Thus, the jurisprudence did not allow an extensive interpretation of the legislation in relation to the access of state bodies to the secrecy of communications.
In addition to the access of third parties to the secrecy of correspondence, the issue of access to the correspondence secrecy of the providers themselves arises in judicial practice. Russian legal doctrine and legislation classify communication secrecy as a professional secret, that is, providers are obliged to ensure the protection of information that they have in connection with the implementation of their professional activities16. In particular, the Law “On Communications” stipulates that familiarization with information transmitted over telecommunication networks is possible only by authorized employees of a telecom operator. In other words, only individual employees of a Telecom operator have access to information related to the secrecy of communication in order to fulfill the contract for the provision of communication services17.
The legislation does not contain any provisions on providers’ access to information constituting a secret of correspondence for purposes other than those mentioned above. The lack of certainty on this issue has led to a number of legal disputes. An example is a dispute between Google LLC and an email user18. The e-mail user filed a lawsuit against Google LLC because he found that the advertisements embedded in the text of the letters matched the content of his e-mail. After hearing the dispute, the panel of judges concluded that Google LLC monitored the user’s email correspondence for marketing purposes and thereby violated the secrecy of his correspondence. This dispute was the first where the court indicated the inadmissibility of the provider’s arbitrary use of the communication secret for their own purposes.
Further jurisprudence gave a broad interpretation of the provisions of the legislation on the access of providers to information constituting the secret of communication. As a result of this interpretation, one more reason can be distinguished, for the achievement of which providers have the right to independently process information related to the secrecy of correspondence. Such a reason is to provide state bodies, upon their legitimate motivated requests, with information that is not related to the secret of correspondence, but for the establishment of which it is necessary to process the information constituting the secret of correspondence by the provider.
FAS brought the Telecom operator to administrative responsibility for refusing to provide information about a subscriber who, according to FAS, visited a certain web site at a specific time from a specific IP address. The Telecom operator motivated his refusal by the need to interfere with the secrecy of the subscriber’s communications to provide the requested information, which is contrary to Art. 23 of the Constitution of Russia limiting the secrecy of communication only on the basis of a court decision. The Supreme Court of Russia sided with the state body and ordered the telecom operator to provide the requested information19.
The position of the court was based on the arguments that information about the user of communication services refers to personal data20. Also, information about the user of communication services does not belong to the secrecy of correspondence protected by law, since this data was not established in the process of providing communication services. Accordingly, information about a user who accessed the Internet at a specific time with a specific IP address can be provided to government agencies. The processing by the telecom operator of information constituting a secret of correspondence (time of the Internet connection, site address, IP address, etc.) to establish information about the user in this case will not constitute a violation of the secrecy of crrespondence.
Other courts in subsequent disputes followed the position of the Supreme Court expressed in the indicated decision21.
Thus, the analysis of the above judicial practice shows that the operator’s actions to process the subscriber’s communications in order to fulfill the contract for the provision of communication services, as well as actions to fulfill the obligation to provide state bodies with information that does not in itself relate to the secrecy of correspondence, are considered lawful and do not violate the privacy of subscribers’ correspondence.
This conclusion is at odds with the European approach aimed at more serious protection of information constituting a secret of communication, including from the provider itself. European Court of Human Rights (ECHR) in Benedik v. Slovenia22 assessed the actions of the Internet provider in a similar dispute. The complaint was based on the fact that the Internet provider, in response to a police request, provided information about a user who visited a specific site using a specific dynamic IP address. The ECHR drew attention to the fact that in order to respond to the police request, the Internet provider had to evaluate the stored data related to telecommunications processes. The use of this data is in itself a violation of privacy and requires a court order. Therefore, the ECHR found the actions of the Internet provider in violation of Art. 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms23.
It should be noted that the examples given in Russian judicial practice relate to disputes when the issue concerns solely the provision of information about subscribers to state bodies. If the request contains a requirement to provide information about the subscriber and information about the connections, the courts divide the requirements specified in the request of the state body and recognize the requirements to provide information about the connections (metadata) as illegal24.
Not so long ago, the courts issued a number of decisions in cases of challenging the actions of state bodies to hold Telecom operators accountable for refusing to provide details of connections made using a specific phone number. Thus, the court of first instance in its decision declared illegal the refusal of the operator to provide the tax authority with information about connections made from a specific phone number25. The court concluded that under the secret of telephone conversations is meant any information available to the Telecom operator and concerning a specific subscriber, allowing him to be identified, as well as to establish the content of his communications. In the court’s opinion, the fact that the tax authority does not have information about the user of the number in respect of whom information about the connections was requested let us suggest that such information is impersonal and cannot be classified as a secret of communication. This position was supported by higher courts, including the Supreme Court of the Russian Federation26.
The conclusions of the courts on this dispute raise a number of questions. A request from the tax authority was sent to obtain information about the connections of a specific telephone number. At the same time, as rightly noted in the legal literature [Savelyev A.I., 2017: 320], a person can be identified by means of various identifiers, including a telephone number. Of course, the state is interested in processing the information accumulated by operators to ensure the implementation of its public functions. However, the use of this kind of information is permissible only under the condition of irreversible loss of connection with a specific person, which in turn needs regulatory legal support [Dvinskikh D.Yu., Talapina I.V., 2019: 17]. Since the tax authority knows the telephone number of the user of communication services, there is no need to talk about the impossibility of identifying the user with communication services. If we recall the position of the courts in the case discussed above with the participation of the FAS, then it will not be difficult for a state body to contact a telecom operator with a request to provide information about the subscriber who made a specific connection, and thereby obtain complete information about the connections of a particular person.
The given example does not allow us to speak about the proper provision of confidentiality of information constituting the secrecy of corre-