Data Retention Directive Declared Invalid by the European Court of Justice

In a decision that may have a wide reaching impact on the telecommunications sector, the European Court of Justice has ruled that the Data Retention Directive (which requires certain companies to log and retain details about customers such as locations, e-mails, text messages, internet use, etc.) is “invalid”. The Court based the decision on the fact that the Directive represented a particularly serious and disproportionate interference with the fundamental privacy rights and the protection of personal data which are guaranteed under EU law.

The judgment by the Court covered a number of separate applications. These included one from Digital Rights Ireland, which had initiated proceedings in Ireland against the State in respect of the legality of Irish legislation requiring phone companies and internet service providers to store certain data relating to customers for up to two years.

In its most significant ruling following the Edward Snowden revelations, the Court found that the controversial directive was incompatible with the European Charter of Fundamental Rights and that while the purpose of this type of legislation (e.g. the fight against organised crime and terrorism) is of the utmost importance, this did not justify such a disproportionate approach to the monitoring of EU citizens.

The decision represents a victory for the protection of personal data and privacy and sets a benchmark for what will be deemed appropriate monitoring of personal communications in the future. The decision will also be of significant interest to companies operating in the telecommunications sector as it is likely that EU legislators will now fast track revised legislation to fill the void left by this decision.