CJEU Holds the Data Retention Directive Invalid

Menelaos Markakis - 14th April 2014

In joined cases C-293/12 and C-594/12, the Court of Justice of the European Union ruled that Directive 2006/24/EC on the retention of data by service providers for the purposes of investigating, detecting and prosecuting serious crime was invalid.

There was a disproportionate interference with the right to respect for private life and with the right to the protection of personal data, enshrined in Articles 7 and 8 of the Charter of Fundamental Rights of the European Union respectively.

Based on Article 114 TFEU, Directive 2006/24 lays down an obligation on providers of publicly available electronic communications services or of public communications networks to retain certain data generated or processed by them, to make it available for the investigation, detection and prosecution of serious crime, as defined by each Member State in its national law. This Directive applies to all traffic and location data, and to related data necessary to identify the subscriber or registered user. Member states had to ensure that service providers retained data concerning fixed network telephones, mobile telephones, internet access, internet e-mail and internet telephones, which are necessary to identify the source, destination, date, time, duration and type of communication, as well as the users’ communication equipment and its location, for up to two years. This data could only be provided to the competent national authorities in accordance with the procedures and conditions laid down by national law.

Having established that there was an interference with Articles 7 and 8 of the Charter (paras. 32-37), and that that interference satisfied an objective of general interest insofar as it ‘contribute[s] to the fight against serious crime’ (paras. 41-44), the Court turned its attention to the thorny issue of whether the interference was proportionate. In view of the nature of the rights at issue and the extent and seriousness of the interference with those rights, the Court held that ‘the EU legislature’s discretion is reduced, with the result that review of that discretion should be strict’ (paras. 47-48).

The Court noted, first, that the Directive covered all traffic data concerning all means of electronic communication, and all subscribers and registered users, thereby entailing ‘an interference with the fundamental rights of practically the entire European population’ (para. 56). In this connection, it further noted that the Directive did not require any relationship between the data retained and a threat to public security (paras. 58-59). Secondly, it pointed out that the Directive did not contain any substantive or procedural conditions for access to the data retained by competent national authorities, nor to their subsequent use (paras. 60-62). Thirdly, the Court noted that no distinction was made on the basis of the potential usefulness of the data retained for attaining the objective pursued or according to the persons concerned (paras. 63-64). In view of all the above, the Court held that ‘Directive 2006/24 does not lay down clear and precise rules governing the extent of the interference with the fundamental rights enshrined in Articles 7 and 8 of the Charter’, thereby entailing ‘a wide-ranging and particularly serious interference with those fundamental rights’ (para. 65). The Court further held that ‘Directive 2006/24 does not provide for sufficient safeguards, as required by Article 8 of the Charter, to ensure effective protection of the data retained against the risk of abuse and against any unlawful access and use of that data’ (paras. 66-68).

In view of all these considerations, the Court concluded that the EU legislature had breached the principle of proportionality (para. 69), and ruled the Directive invalid. 

From the standpoint of fundamental rights, an academic lawyer would readily notice and welcome the high intensity of review applied and the detailed reasoning provided by the Court in this case. Judicial review could have hardly been more searching. Furthermore, from the standpoint of the EU’s competence, respect for fundamental rights, as interpreted by the Court, might sometimes require the Union legislator to harmonise rules in a more detailed manner to limit interference with Charter rights to what is strictly necessary for the attainment of the objective pursued. This presents an interesting juxtaposition between prescribed competence limits and the need to adequately protect fundamental rights when the existence of Union competence is established.

 

Author profile

Menelaos Markakis is reading for a DPhil at the University of Oxford and is an Academy of Athens scholar.

Citations

Menelaos Markakis ‘CJEU Holds the Data Retention Directive Invalid’ (OxHRH Blog, 14 April 2014) http://humanrights.dev3.oneltd.eu/?p=5248, accessed <date>.

Leave a Reply

Your email address will not be published. Required fields are marked *