EU Court repeals law mandating indiscriminate surveillance

Today, the Court of Justice of the EU released a long awaited decision on the controversial Data Retention Directive, invalidating it and declaring the law a violation of fundamental rights.

Adopted by the European Union in 2006, the Data Retention Directive mandates that all telecommunications data – including mobile and landline phones, fax, and email – are to be indiscriminately collected and retained by providers for a minimum of six months and up to two years.

Access welcomes today’s ruling, which confirms what many civil society groups have long argued – the blanket surveillance mandated by the Data Retention Directive is neither necessary nor proportionate.

What this mean for the EU


The Court’s ruling means the Data Retention Directive is no longer applicable, meaning that EU Member States will no longer have to enforce it.

In Romania, Sweden, the Czech Republic, and Germany, the laws implementing this Directive were challenged on the grounds of constitutionality. Regrettably, despite well-grounded criticism from almost all sides, the European Commission compelled Member States to apply this Directive, even launching infringement proceedings for those who resisted implementation, violating the rights of EU citizens for almost a decade.

Since the Directive’s passage in 2006, the European Commission has been unable to credibly demonstrate the necessity and proportionality of data retention. Today’s decisive ruling explains why. Now it is up to the Member States of the EU to repeal the national implementation laws as the Directive is in violation of the Charter of Fundamental Rights.

Next Steps


Contrary to the opinion presented by the Court’s Advocate General, today’s ruling does not call on EU Institutions to remedy the breach of fundamental rights. Nor does it call for new rules to fulfil the original intent of the Data Retention Directive – which was ostensibly to harmonise providers’ data retention obligations for the purpose of the investigation, detection, and prosecution of serious crimes, as defined by each Member State.

Today’s ruling looks beyond the validity of just the Directive, and puts into question the necessity and proportionality of data retention as a whole. This means that any future proposals may take a completely different and more targeted approach to combat terrorism and serious crime. Taking into account the Court’s decision today, the Commission should carefully reflect upon whether there is actually a need for a new Directive at all.

As policymakers  consider more broadly how to reform communications surveillance laws in the wake of this ruling, we urge them to turn to the International Principles on the Application of Human Rights to Communications Surveillance. The Principles provide a framework for assessing how human rights obligations apply in the context of communications surveillance. The Principles have been endorsed by more than 400 civil society organizations and over 50 legal experts and academics from around the world.

Access is encouraged by the Court’s decisive ruling, and would like to congratulate all those who have fought against the Data Retention Directive since its passage in 2006.

More analysis on the full ruling will be published on our blog later this week.