By Maria-Martina Yalamova & Mark Young
On 12 December 2013, the Advocate General (“AG”) to the Court of Justice of the European Union (the “CJEU”), Mr Cruz Villalón, gave an opinion that the EU’s Data Retention Directive 2006/24/EC (the “Directive”) violates the fundamental right to privacy in the EU. His reason, in short, is that the Directive mandates the blanket retention of citizens’ traffic and location data by telecom companies, but fails to establish rules on minimum guarantees regarding access to and use of such data.
This is not the first time the lawfulness of the Directive has been challenged. Originally introduced to help fight serious crime and terrorism, the Directive quickly became one of the most controversial pieces of European legislation. In 2011, the European Commission identified in its evaluation report several flaws, such as a lack of clear guidance on what constitutes “serious crime” and on the purposes for which data can be retained and accessed. The European Data Protection Supervisor (EDPS) (see 2011 opinion here), the Article 29 Working Party (see 2010 report here and 2006 Opinion here), and civil rights groups have also publically expressed doubts about the lawfulness of the data retention measures. In addition, the constitutional courts of Germany, the Czech Republic and Romania have ruled that national laws implementing the Directive are unconstitutional as they violate the right to privacy.
Continue Reading Advocate General finds the EU’s Data Retention Directive Incompatible with the Fundamental Right to Privacy