Data Retention Directive is incompatible with EU citizens’ Right to Privacy says Advocate General

December 19, 2013

EU Advocate Generals give advice on specific areas of law to the European Court of Justice, who are due to rule in Feburary on two cases brought before the ECJ, on whether or not the current Data Retention Directive is compatible with the Charter of Fundamental Rights. These cases were joined together to deal with issues raised by Digital Rights Ireland and the Austrian Constitutional Court.

According to Advocate Genearl Cruz Villalón, who gave his advice on December 12th[1], the current Directive needs to have supporting legislation to ensure that the information collected and requested by member state government agencies with respect to various customer location and communication data from ISPs and telcos is properly overseen and safeguarded and not open to abuse or overly-invasive requests from law enforcement or revenue collecting agencies.

The Data Retention Directive 2006[2] empowers Member States to compel ISPs and Telcos to ensure that customer data must  be kept on file for a period of not less that 6 months and not more than two years to enable requests from authorised member state agencies as required. The Advocate General’s advice outlines the need for more transparency around this process to ensure that requests are properly made and that the purpose is for that which is intended by the Directive.

Proper monitoring of this process should also happen according to the opinion, which if followed by the ECJ, would not strike down the existing Directive, but would most likely lead to it being overhauled with extra leglislation, added to ensure greater protection for the Fundamental Right to Privacy of EU citizens.

AG Cruz Villalón has found that the current Directive does not set out adequate safeguards to ensure that this customer data, which he finds is specific enough to warrant it to be considered as private information, is not compatible with a citizen’s Right to Privacy which is enshrined in the Charter of Fundamental Rights of the EU.

One of the related issues the AG also had to examine was one of the porportionality of the minimum and maxium terms which ISPs and Telcos had to retain data. Here, it was the opinion of AG Cruz Villalón that the upper limit was not necessary to be more than 1 year for the purposes of ensuring that certain data are available for the purposes of investigation, detection and prosecution of serious crime and/or (b) ensuring the proper functioning of the internal market of the European Union.


The ECJ is not bound to follow this opinion of Advocate General Cruz Villalón, but ISPAI trust that the court will take a similar line to achieve an effective rectification of the Data Rentention Directive. While ISPAI continues to have reservations about the Directive, which we have voiced from the outset, we feel vindicated by the opinion of AG Cruz Villalón which broadly reflects our long standing concerns.

We hope that any future legislative remedies will ensure a better balance between citizens’ rights and security concerns. Particularly, that this can result in greater public confidence in the Internet services they use by giving transparency to the data retention obligations imposed on ISPs and the safeguards that must be applied to State authorities requesting provision of that data.