- Professional News
- 10 April 2014
The EJC overturns controversial data retention rules
The EU Data Retention Directive entails a severe infringement of the fundamental right to privacy and to the protection of personal data. On these grounds, the European Court of Justice (ECJ) has overturned the directive.
The mandatory Data Retention Directive was issued by the EU in 2006 as a response to the terror attacks in Madrid and London.
The Directive requires all telecommunications providers and Internet service providers, including hotels and cafés, to keep data, such as data traffic and location data for a period of between 6 and 24 months. The providers must also keep data that may trace and identify the transmitting and receiving IP address, but not the content of the communication.
However, on 8 April 2014, the ECJ overturned the Directive on the grounds that the Directive is too far reaching and entails a severe infringement of the fundamental right to privacy and to the protection of personal data.
Expected to affect Danish data retention legislation
When implementing the EU Data Retention Directive into national law, Denmark implemented more far-reaching requirements than those laid down by the EU Directive.
Danish legislation requires, among other things, that providers retain parts of the communication (session logging) and that the data retention purpose is investigation and prosecution of punishable offences rather than serious crime.
The ECJ’s overturning of the Directive is expected to affect the Danish data retention legislation.
For example, it is doubtful whether Denmark will be able to uphold its national far-reaching rules according to which data may be retained for wider purposes, such as the investigation and prosecution of punishable offences rather than serious crime, as well as session logging.