On July 19, 2016, Advocate General Saugmandsgaard Oe (“Advocate General”), published his Opinion on two joined cases relating to data retention requirements in the EU, C-203/15 and C-698/15. These cases were brought following the Court of Justice for the European Union’s (“CJEU’s”) decision in the Digital Rights Ireland case, which invalidated Directive 2006/24/EC on data retention. The two cases, referred from courts in Sweden and the UK respectively, sought to establish whether a general obligation to retain data is compatible with the fundamental rights to privacy and data protection under EU law.
In his Opinion, the Advocate General stresses the need to find a balance between a nation’s need to effectively fight serious crime, such as terrorism, against individuals’ fundamental rights. The Advocate General found that a general obligation to retain data may be compatible with EU law, although any action from an EU Member State against the possibility of imposing such an obligation is subject to strict requirements. The national courts are responsible for determining whether or not such requirements are satisfied. The Advocate General set out the following interpretations of the requirements:
- the general obligation to retain data and the accompanying guarantees must be laid down by legislation or regulatory measures;
- the obligation must respect the essence of the right to respect for private life and the right to the protection of personal data laid down by the European Charter for Human Rights;
- any interference with the fundamental rights should be in pursuit of an objective in the general interest (which the Advocate General opined could be satisfied only by the fight against serious crime);
- the general obligation to retain data must be strictly necessary to the fight against serious crime; and
- the general obligation must be proportionate.
While the Advocate General’s Opinion is not binding on the CJEU, the court’s judgments have historically tended to follow the Advocate General’s stated views.