In its ruling of today (08.04.2014 – file ref.: C-293/12 and C-594/12) the European Court of Justice found that the Data Retention Directive is not consistent with EU law.

The European Court of Justice ruled in favour of a lawsuit of an Irish civil rights defence organization and of various Austrian citizens as well as of the Carinthia government. They had pleaded that storing data would be unreasonable in this case. Such an extensive storage of data constitutes a breach of the charter of fundamental rights, in particular the right to private life and the right to protection of personal data and the right of freedom of expression and is thus not consistent with the fundamental rights of the European Union.

The Data Retention Directive in particular contains three elements which constitute a strong breach of the fundamental rights, in particular the right to private life and right to protection of personal data. The data retained show 1. with whom a participant did communicate in which way, 2. how long and from where and 3. how often participants did communicate with each other within a certain period. From the overall available data retained information can be gathered in respect of the private life of individual persons, habits of everyday life, whereabouts and daily rhythm, activities, social relationships and social environment.

According to the judgement of the court, the situation is aggravated by the fact that the storage of data as well as the use of same would take place without the persons being informed whatseover, giving them the feeling that their private life is constantly monitored.

During the further review of the Data Retention Directive in respect of the justification of intervening into the fundamental rights the Court comes to the conclusion that the Directive does not infringe the essence of fundamental rights. However, it transgresses the boundaries set by the principle of proportionality.

The fundamental rights in respect of the protection of personal data and the right to private life have to be assigned particular significance. The dimensions and the impact of the interference with these fundamental rights of the Directive considerably restrict the room to manoeuvre of the Union legislative body and must be strictly controlled.

According to the Court, the Directive is appropriate to combat serious crime and to thus guarantee the protection of public safety, however the Directive constitutes an intrusion and a serious violation of fundamental rights. The Directive does not contain any regulations that could ensure that the interference with fundamental rights is restricted to what is absolutely necessary.

In general, this directive applies to all persons, electronic communication facilities and traffic data, without particular differentiation, restriction or exception, in view of the suppression of serious crimes.

Secondly, the Directive does not contain any limitation to the effect that the access of the data by the national authorities is retained and that the use of same is limited to a reasonable extent. To the contrary, the Directive refers to „serious crimes“ specified in the national legislation of each member state and thus leaves it to the member states to regulate the access of data.

Thirdly, the Directive does not contain any particular differentiation as to how long the data are to be retained, category of data or possible use of data stored in relation to the aim of combating serious crime. The period of data retention mentioned in the Directive of minimum 6 months and maximum 24 months, with no nearer description of the objective criteria to limit this period of data retention to the absolutely necessary, cannot justify the purpose of that Directive.

Finally, the Court criticizes that pursuant to the Directive the storage of data has not to be made in the European Union’s territory. Thus it can no longer be guaranteed that the requirements of data protection and data security can be monitored by an independent authority, although this is expressly required by the Charta.

Due to the significant interference in the charter of the fundamental rights of the European Union the Directive on the retention of data is therefore declared invalid.

After the Federal Constitutional Court toppled the rules implementing the Directive on the retention of data in the year 2010, the then acting government (the liberal-conservative government) could not come to an agreement on an amended version. For this reason there is currently no legal national regulation on the data retention in Germany. The coalition of social-democrats and conservartives wanted to reintroduce the retention of data, but waiting for a decision of the European Court of Justice. It now remains to be seen as to how the EU legislator reacts to the judgement and whether there will be an amended Directive in respect of the retention of data.

Author: Felix Seehausen, LL.M.