14/04/14

EUROPEAN COURT OF JUSTICE DECLARES DATA RETENTION DIRECTIVE TO BE INVALID

  • Privacy Law / Charter of fundamental rights
  • Data Retention Directive (2006/24/EC) declared to be retroactively invalid
  • Consequences for electronic communications (telephone, internet) service providers

On 8 April 2014, the Grand Chamber of the Court of Justice of the European Union (CJEU) issued its long-awaited preliminary ruling on the validity of EU Directive 2006/24/EC (known as the “Data Retention Directive”).
 

The main objective of the Data Retention Directive was to harmonise Member States’ laws concerning the retention of certain data generated or processed by providers of publicly available electronic communications services or public communications networks.
 

The directive provides that such providers must retain traffic and location data as well as related data necessary to identify the subscriber or user, for a minimum of six months, for the purposes of prevention, investigation, detection and prosecution of serious crime.
 

The validity of these provisions has not only been challenged by several EU Member States (who refused to implement the Directive), but also by the Irish organisation ‘Digital Rights Ireland’. In addition, a group of about 11.000 Austrians brought an action for annulment of their national implementation law, which ultimately led to a prejudicial question being put to the CJEU.
 

In its judgment of 8 April 2014, the CJEU confirmed that the Data Retention Directive entails a wide-ranging and particularly serious interference with the fundamental rights to privacy and to the protection of personal data (articles 7 and 8 of the EU Charter of Fundamental Rights), beyond what is strictly necessary in order to reach its legitimate goal (the prevention and prosecution of crime). The Data Retention Directive was, therefore, declared to be invalid. This declaration of invalidity takes effect retroactively, i.e. from the date on which the directive entered into force.
 

This decision will also have an impact on national data retention legislation enacted by EU Member States by way of implementation of the Data Retention Directive (such as article 126 of the Belgian Telecommunications Act of 13 June 2005, which provides for a retention period of twelve months). Even though this judgment does not directly affect the validity of these national laws, they must nevertheless comply with the same general principles contained in the Charter and in the European Convention of Human Rights. These national laws may, therefore, no longer be enforceable against electronic communications (telephone, internet) service providers and data subjects could well request their providers to cease retention of their data. It is anticipated that the European Commission will, taking into account this judgment, now reflect on the need for a new Data Retention Directive.
 

The full text of the judgment can be accessed through the following link: http://curia.europa.eu/juris/documents.jsf?num=C-293/12.

dotted_texture