Access to European Union law
<a href="https://eur-lex.europa.eu/content/help/eurlex-content/experimental-features.html" target="_blank">More about the experimental features corner</a>
Choose the experimental features you want to try
EUR-Lex
Access to European Union law

This document is an excerpt from the EUR-Lex website

You are here
Use quotation marks to search for an "exact phrase". Append an asterisk (*) to a search term to find variations of it (transp*, 32019R*). Use a question mark (?) instead of a single character in your search term to find variations of it (ca?e finds case, cane, care).
Search tips
Need more search options? Use the Advanced search

Document 62025CN0427

Case C-427/25, Uffida: Request for a preliminary ruling from the Tribunale di Catania (Italy) lodged on 26 June 2025 – Criminal proceedings against unknown persons

OJ C, C/2025/4978, 22.9.2025, ELI: http://data.europa.eu/eli/C/2025/4978/oj (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

ELI: http://data.europa.eu/eli/C/2025/4978/oj

European flag

Official Journal
of the European Union

EN

C series

C/2025/4978

22.9.2025

Request for a preliminary ruling from the Tribunale di Catania (Italy) lodged on 26 June 2025 – Criminal proceedings against unknown persons

(Case C-427/25, Uffida  (1) )

(C/2025/4978)

Language of the case: Italian

Referring court

Tribunale di Catania

Complainant in criminal proceedings against unknown persons

AB

Questions referred

1.

May Article 15(1) of Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector, (2) as amended by Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009, (3) read in the light of Articles 7, 8, 11 and 52 of the Charter of Fundamental Rights of the European Union, and in the framework of the new rules on electronic evidence (Articles 3, 5 of Regulation 2023/1543), (4) be interpreted as meaning that access by public authorities to electronic data consisting of log files that record a user logging in to and out of a system or an application with the associated IP addresses and time stamps (and thus relating to a specified period), where the sole aim is to identify the perpetrator of an offence – for the purposes of the prevention, investigation, detection and prosecution of offences – constitutes interference with the fundamental rights of the data subjects, which (unlike in the case of traffic and geolocation data) is not serious enough to have to limit that access to the prevention of serious crime, and may instead extend to all criminal offences?

2.

In the alternative, where the Court considers that access to log files (consisting of records of a user logging in to and out of a system or an application with the associated IP addresses and time stamps), even where the sole aim is to identify the perpetrator of a criminal offence, could constitute serious interference with the fundamental rights of the data subjects, as enshrined in the Charter of Fundamental Rights, may Article 15 of Directive 2002/58/EU be interpreted as meaning that the need to investigate and prosecute criminal offences committed online – where the perpetrator can only be identified by accessing electronic data such as log files, and given that the internet is typically anonymous – is capable of justifying access to the personal data processed by service providers (including traffic and location data), regardless of the ‘seriousness’ of those offences, as defined by the Member States, and if so may national legislation which provides for this be considered appropriate, proportionate to the intended purpose and necessary within a democratic society, including with regard to safeguarding the right to confidentiality and the identity of the victims of such offences?

(1)  The name of the present case is a fictitious name. It does not correspond to the real name of any party to the proceedings.

(2)   OJ 2002 L 201, p. 37.

(3)  Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws (OJ 2009 L 337, p. 11).

(4)  Regulation (EU) 2023/1543 of the European Parliament and of the Council of 12 July 2023 on European Production Orders and European Preservation Orders for electronic evidence in criminal proceedings and for the execution of custodial sentences following criminal proceedings (OJ 2023 L 191, p. 118).

ELI: http://data.europa.eu/eli/C/2025/4978/oj

ISSN 1977-091X (electronic edition)

Top