Ch 3.9 - Data Retention Directive

Data Retention Directive

Directive 2006/24/EC (the Data Retention Directive) aligned national rules on retaining traffic and location data for serious crime and anti-terrorism. In 2014 the CJEU ruled it invalid as disproportionate and incompatible with privacy and data protection under the EU Charter. It is no longer EU law, though states may keep national retention laws under Article 15(1) of the ePrivacy Directive.

The Data Retention Directive (2006/24/EC) aligned member-state rules on retaining traffic and location data for serious crime and anti-terrorism, amid heightened security concerns. It drew heavy criticism, and several national constitutional courts struck down their implementing laws.

Struck down

In 2014, in Digital Rights Ireland, the CJEU declared the Directive invalid - disproportionate in scope and incompatible with privacy and data protection under the EU Charter. It is no longer part of EU law, but states retain competence to make national retention laws under Article 15(1) of the ePrivacy Directive, provided they comply with fundamental rights and the CJEU ruling.

Key terms - quick answers

What is “Data Retention Directive”?

Directive 2006/24/EC requiring retention of traffic/location data; struck down by the CJEU in 2014.

What is “CJEU”?

Court of Justice of the European Union, which invalidated the Data Retention Directive.

What is “EU Charter”?

Charter of Fundamental Rights of the EU, including rights to privacy and data protection.

← Proposed EU Artificial Intelligence Regulation Impact on member states - implementation, enforcement, direct effect →