Data Retention Directive Declared Invalid By EU Court Of Justice

Author:Mr Rob Corbet, Olivia Mullooly and Emma Dunne
Profession:Arthur Cox

On 8 April 2014, the Court of Justice of the European Union ("CJEU") declared Directive 2006/24/EC (the "Data Retention Directive") invalid.

The judgement was issued in response to a preliminary ruling request from the Irish High Court and the Austrian Constitutional Court, who queried the Directive's validity in light of the fundamental rights to privacy, data protection and freedom of expression guaranteed by the Charter of Fundamental Rights of the EU (the "Charter"). After an examination of the terms of the Directive, the Charter and relevant case law, the CJEU found that the Directive, although pursing a legitimate aim, constituted a wholly disproportionate restriction on these rights and therefore declared it invalid with immediate effect.

The implications of this action will be of immediate concern for electronic communications providers in Ireland and across the European Union. Although the precise repercussions of the ruling are as yet unclear, this briefing note outlines the key features of the judgement, its immediate effect in Ireland, and the likely future consequences of this ruling for Irish telecommunications providers.

The Judgement

The Court began its assessment by examining the provisions of the Directive. The Court noted that the Directive imposes an obligation on Member States to provide for the retention of an extremely wide range of customer data by telecommunications companies. All traffic data transmitted by any registered user or subscriber via any means of electronic communication is covered. Such data must be retained for a period six months to two years and must be made available to 'competent national authorities' upon request.

The court assessed the validity of these provisions in light of the rights to privacy, protection of personal data and freedom of expression contained, respectively, in Articles 7, 8 and 11 of the Charter. After finding that the measures contained in the Directive did constitute an interference with the rights to privacy and data protection (Articles 7 and 8), the Court examined their validity in light of Article 52(1) of the Charter, which provides that any limitation on the exercise of the rights and freedoms laid down by the Charter must be provided for by law, respect their essence and adhere to the principle of proportionality.

While the CJEU did acknowledge that the Directive's provisions respected the essence of the rights in question, and confirmed that the stated aim of...

To continue reading