The Data Retention Directive (Directive 2006/24/EC), later declared invalid by the European Court of Justice, was at first passed on 15 March 2006 and regulated data retention, where data has been generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks. It amended the Directive on Privacy and Electronic Communications. According to the Data Retention Directive, EU member states had to store information on all citizens' telecommunications data (phone and internet connections) for a minimum of six months and at most twenty-four months, to be delivered on demand to police authorities.
| European Union directive | |
 | |
| Title | Directive on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks |
|---|---|
| Made by | European Parliament and European Council |
| Made under | Article 95 TEC |
| Journal reference | L 105, pp. 54–63 |
| History | |
| Date made | 15 March 2006 |
| Came into force | 3 May 2006 |
| Other legislation | |
| Amends | Directive 2002/58/EC |
Under the directive, the police and security agencies would have been able to request access to details such as IP addresses and time of use of every email, phone call and text message sent or received. There was no provision in the directive that permission to access the data must be confirmed by a court. On 8 April 2014, the Court of Justice of the European Union declared the Directive invalid in response to a case brought by Digital Rights Ireland against the Irish authorities and others because blanket data collection violated the EU Charter of Fundamental Rights, in particular the right of privacy enshrined in Article 8(1).[1][2][3]
History
In September 2005, during the United Kingdom's presidency of the European Council, a plenary session was held concerning the retention of telecommunications data, chaired by the UK's Home Secretary.[4] This led to an agreement reached by the Council at its meeting on the 1 and 2 December that was then adopted in March 2006, under the Austrian presidency.[5]
Implementation
Romania
The EU directive has been transposed into Romanian law as well, initially as Law 298/2008.[6] However, the Constitutional Court of Romania (CCR) subsequently struck down the law in 2009 as violating constitutional rights.[7] The court held that the transposing act violated the constitutional rights of privacy, of confidentiality in communications, and of free speech.[8] The European Commission subsequently sued Romania in 2011 for non-implementation, threatening Romania with a fine of 30,000 euros per day.[9] The Romanian parliament passed a new law in 2012, which was signed by president Traian Băsescu in June.[10] The Law 82/2012 has been nicknamed "the Big Brother law" (using the untranslated English expression) by various Romanian non-governmental organisations opposing it, as well as the Romanian media.[9][11][12] On 8 July 2014 this law too was declared unconstitutional by the CCR.[13]
Criticism
The Data Retention Directive had sparked serious concerns from physicians, journalists, privacy and human rights groups, unions, IT security firms and legal experts.[14]
Annullment
On 8 April 2014, in the landmark Digital Rights Ireland and Ors case, the Court of Justice of the European Union declared the Directive 2006/24/EC invalid for violating fundamental rights. The Council's Legal Services have been reported to have stated in closed session that paragraph 59 of the European Court of Justice's ruling "suggests that general and blanket data retention is no longer possible".[15]
A legal opinion funded by the Greens–European Free Alliance in the European Parliament found that the blanket retention of data of unsuspicious persons generally violates the EU Charter of Fundamental Rights, both in regard to national telecommunications data retention laws and to similar EU data retention schemes (Passenger name records, Terrorist Finance Tracking Programme, Terrorist Finance Tracking System, law enforcement access to the Entry-Exit-System, Eurodac, Visa Information System).[16]