From the press release: "In its judgment in Digital Rights Ireland of 2014, the Court of Justice invalidated the Data Retention Directive2 on the grounds, first, that the general obligation to retain certain data imposed by that directive constituted serious interference with the fundamental rights to respect for private life and to the protection of personal data and, second, that the rules accordingly established were not limited to what was strictly necessary for the purpose of the fight against serious crime.
Following that judgment, two cases were referred to the Court on the general obligation imposed, in Sweden and in the UK, on telecommunication service providers to retain data relating to electronic communications. The Court accordingly had the opportunity to specify the interpretation to be given in a national context to the judgment in Digital Rights Ireland.
[...]
In references for a preliminary ruling made by the Kammarrätten i Stockholm (Administrative Court of Appeal, Stockholm, Sweden) and the Court of Appeal (England and Wales) (Civil Division) (UK), the Court is requested to indicate whether a general obligation to retain data is compatible with EU law (in particular the Directive on privacy and electronic communications and certain provisions of the EU Charter of Fundamental Rights).
[...]
The Advocate General is of the opinion that a general obligation to retain data may be compatible with EU law. The action by Member States against the possibility of imposing such an obligation is, however, subject to satisfying strict requirements. It is for the national courts to determine, in the light of all the relevant characteristics of the national regimes, whether those requirements are satisfied.
First, the general obligation to retain data and the accompanying guarantees must be laid down by legislative or regulatory measures possessing the characteristics of accessibility, foreseeability and adequate protection against arbitrary interference.
Secondly, the obligation must respect the essence of the right to respect for private life and the right to the protection of personal data laid down by the Charter.
Thirdly, the Advocate General notes that EU law requires that any interference with the fundamental rights should be in the pursuit of an objective in the general interest. He considers that solely the fight against serious crime is an objective in the general interest that is capable of justifying a general obligation to retain data, whereas combating ordinary offences and the smooth conduct of proceedings other than criminal proceedings are not.
Fourthly, the general obligation to retain data must be strictly necessary to the fight against serious crime, which means that no other measure or combination of measures could be as effective while at the same time interfering to a lesser extent with fundamental rights. Furthermore, the Advocate General points out that that obligation must respect the conditions set out in the judgment in Digital Rights Ireland 5 as regards access to the data, the period of retention and the protection and security of the data, in order to limit the interference with the fundamental rights to what is strictly necessary.
Finally, the general obligation to retain data must be proportionate, within a democratic society, to the objective of the fight against serious crime, which means that the serious risks engendered by that obligation within a democratic society must not be disproportionate to the advantages it offers in the fight against serious crime."
Read the press release here.
