On April 8, 2014, the European Court of Justice ruled that the EU Data Retention Directive is invalid because it disproportionally interferes with the European citizens’ rights to private life and protection of personal data. The Court’s ruling applies retroactively to the day the Directive entered into force.
The Court criticized that the Directive:
- applies to all individuals, electronic communications and traffic data without differentiation, limitation or exception;
- does not contain objective criteria for when data access by national authorities is justified;
- does not contain objective criteria to determine how long data should be retained – the general minimum and maximum retention periods set out in the Directive do not distinguish between categories of data, persons concerned or the data’s usefulness;
- does not contain sufficient safeguards against potential abuse and does not ensure irreversible destruction of the data upon expiry of the retention period; and
- does not explicitly require that the data be retained within the EU, therefore violating the requirement in the EU Charter of Fundamental Rights that compliance control be exercised by independent authorities.
The case was referred to the European Court of Justice by senior Austrian and Irish courts for a preliminary ruling. On December 12, 2013, the Court’s Advocate General delivered his opinion that the Directive is incompatible with the European Charter of Fundamental Rights.