View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

European Court of Justice strikes down data retention law

Privacy campaigners claim victory after EU directive judged excessively invasive.

By Jimmy Nicholls

The European Court of Justice (ECJ) has declared the 2006 Data Retention Directive retroactively "invalid", citing infringement on rights to privacy and protection of personal data.

Issued in the wake of the London and Madrid bombings, the law obliged telecoms companies to retain metadata for six months to two years, and make it available to police upon request.

The supreme courts of Ireland and Austria requested that the ECJ rule on the issue after Digital Rights Ireland and the province of Carinthia brought cases against the respective countries for implementing the directive.

Thomas McIntyre, chair of Digital Rights Ireland, said: "This is the first assessment of mass surveillance by a supreme court since the Snowden revelations. The ECJ’s judgement finds that untargeted monitoring of the entire population is unacceptable in a democratic society."

Noting that metadata can include the time, place and recipient of a communication, as well as the frequency of contact between two parties, the court said that the habits of everyday life could be deduced from it.

It added that the fact the user was not informed about it could lead to a feeling that "private lives are the subject of constant surveillance", a sore issue in much of Europe after extensive American and British spying programmes were revealed last year.

Civil liberties advocate Privacy International said: "If the Data Retention Directive fails to meet the requirements of human rights law, then the mass surveillance programs operated by the US and UK governments must equally be in conflict with the right to privacy."

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

In further criticism, the court highlighted the directive’s lack of focus towards its ostensible objective of fighting crime, as well as its failure to outline what circumstances justify accessing the data and the lack of prior review by an independent judiciary.

The court was also dissatisfied with the safeguards in place to protect data being used illegally, noting there was no requirement in the directive that data remain within the EU.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.