Data retention: what next?

Data retention: what next?

Last week, we reported in Comet that the Data Retention Directive had been declared invalid by the European Court of Justice.

The purpose of the—now defunct—Directive was to harmonise Member States’ provisions on the retention of certain personal data, by telecoms companies in particular. The court decided that the way in which such data was collected had been seriously interfering with EU citizens' fundamental rights to respect for their private life and to the protection of their personal data.

Furthermore, the Court also decided that there were insufficient safeguards against the risk of abuse and against any unlawful access and use of data, including from outside of the EU. The retention of data ought to be for genuine reasons such as the fight against serious crime and terrorism. A sweeping, unconsidered trawl of data, of whatever kind, was a big no-no.

In other words, the EU had failed to find the proper balance between safeguarding security (ie fighting serious crime and terrorism) and protecting the private lives of its citizens. The court was demonstrably displeased. It showed its annoyance by invalidating the Directive from the date it came into force.

In effect, the Directive has never been. To quote George Orwell in 1984—a book that is so often referred to when opining on matters of privacy—it has been 'vaporised'.

So what next? Should the telecoms companies start taking hammers to all of their data storage kit?

Probably not.

As it happens, whilst the Directive has been 'vaporised', the regulations that implement it into UK law (the Data Retention (EC Directive) Regulations 2009) have seemingly avoided a similar fate—for now. The Regulations would still appear to be law but they rest on very shaky foundations indeed. Their days are numbered.

Perhaps a good place to understand where we may be is the interesting analysis set out in the LSE Media Policy Project blog: Messy Consequences for National Legislation following Annulment of EU Data Retention Directive

Subscription Form

Already a subscriber? Login
RELX (UK) Limited, trading as LexisNexis, and our LexisNexis Legal & Professional group companies will contact you to confirm your email address. You can manage your communication preferences via our Preference Centre. You can learn more about how we handle your personal data and your rights by reviewing our  Privacy Policy.

Latest Articles:

Access this article and thousands of others like it free by subscribing to our blog.

Read full article

Already a subscriber? Login