EUR-Lex Access to European Union law
This document is an excerpt from the EUR-Lex website
Balancing public security with data protection
SUMMARY OF:
WHAT IS THE EFFECT OF THIS JUDGMENT?
In its judgment, the Court of Justice of the European Union declared as invalid Directive 2006/24/EC on the retention of data generated or processed in connection with the supply of publicly available electronic communications services or networks.
KEY POINTS
- The Court notes that the directive permits the retention of data that may provide very precise information on the private lives of the persons whose data are retained (e.g. on their daily routine, permanent or temporary places of residence, movements, activities, relationships and the social environments frequented).
- The Court takes the view that, by requiring the retention of those data and by allowing the competent national authorities to access them, the directive interferes in a particularly serious manner with the fundamental rights to respect private life and to protect personal data.
- While not disputing the aim of the directive, the Court recalls that it must be taken into account that measures must be proportionate with what is strictly necessary to protect the general interest from serious threats (such as the fight against terrorism or organised crime).
-
In particular, the Court criticises the fact that the directive:
- covers, in a generalised manner, all individuals, all means of electronic communication and all traffic data without any differentiation, limitation or exception being made in the light of the objective of fighting against serious crime;
- imposes a period of at least 6 months, without making any distinction between the categories of data based on the persons concerned or their possible usefulness in relation to the objective pursued;
- does not provide for sufficient safeguards to ensure effective protection of the data against the risk of abuse and against any unlawful access or use;
- does not require that the data be retained within the EU and does not fully ensure the control of compliance on the basis of EU law.
BACKGROUND
The High Court (Ireland) and the Verfassungsgerichtshof (Constitutional Court, Austria) asked the Court of Justice to examine the validity of the Data Retention Directive, in particular in the light of 2 fundamental rights under the Charter of Fundamental Rights of the EU: to respect private life and to protect personal data.
MAIN DOCUMENT
Joined Cases C-293/12 and C-594/12: Judgment of the Court (Grand Chamber) of 8 April 2014 (requests for a preliminary ruling from the High Court of Ireland (Ireland) and the Verfassungsgerichtshof (Austria)) — Digital Rights Ireland Ltd (C-293/12) v Minister for Communications, Marine and Natural Resources, Minister for Justice, Equality and Law Reform, The Commissioner of the Garda Síochána, Ireland and the Attorney General, and Kärntner Landesregierung, Michael Seitlinger, Christof Tschohl and Others (C-594/12) (Electronic communications — Directive 2006/24/EC — Publicly available electronic communications services or public communications networks services — Retention of data generated or processed in connection with the provision of such services — Validity — Articles 7, 8 and 11 of the Charter of Fundamental Rights of the European Union) (OJ C 175, 10.6.2014, pp. 6-7)
RELATED ACTS
Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC (OJ L 105, 13.4.2006, pp. 54-63)
Charter of Fundamental Rights of the European Union (OJ C 326, 26.10.2012, pp. 391-407)
last update 08.08.2016