On November 18, 2021, the Advocate General of the Court of Justice of the European Union (“CJEU”) issued an opinion on several data retention cases before by the Court, following a long line of CJEU jurisprudence on this topic.
To give context to the issues considered in these cases, Europe’s experience of totalitarian regimes in the last century has shaped its approach to privacy rights. This is evident in the GDPR and in the decisions of the CJEU to date. But there remain tensions that are complex and difficult to deal with in this area — notably, the tension between individual rights to privacy and data protection on one hand, and the duty of the State to protect its population against security threats and crime on the other. These tensions do not marry easily, as surveillance of personal electronic communications is increasingly demanded to detect and deal with crime and terrorism.