Member States may not impose a general obligation to retain data on providers of electronic communications services
The CJEU has ruled that the EU Members States may not impose a general obligation to retain data on providers of electronic communications services.
In line with the Digital Rights Ireland decision taken in April 2014, by which the Court annulled directive 2006/24/EC on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks, the Court ruled that national regulations which provide a general and indiscriminate storage of data are in breach of article 8 of the European Convention on Human Rights (ECHR) which safeguards the Right to respect for private and family life.
In the aftermath of the Digital Rights case two references were made to the Court (Case C-203/15 and Case C-698/15, in Sweden and the UK respectively in December 2016) where the CJEU was requested to state whether national rules imposing general obligations on providers to retain data and which make provisions for access to such data by national authorities where such access is not restricted solely to fighting serious crime and where such access is not subject to prior review by a court or independent administrative authority, are compatible with EU law.
In its decision, the Court affirmed that EU law precludes national legislation that prescribes general and indiscriminate retention of data. The Court went on to state that derogations from the fundamental right to respect for private life should apply only in so far as is strictly necessary and that access to retained data should, except in cases of urgency, be subject to prior review, be it by a court or an independent body.
The Court contended that the directive does not preclude national legislation from imposing a targeted retention of data for the purpose of fighting serious crime, provided that the retention of such data is limited to what is strictly necessary and legislation to that effect must by clear and precise with objective criteria laid out defining the circumstances and conditions under which the competent national authorities are to be granted access to the data.