The European Union’s infamous Data Retention Directive has been deemed invalid after a long time of severe criticism from a number of member states and non-governmental organizations. The directive, which was passed by the European Union in 2006 and implemented by the member states shortly thereafter, has been under severe scrutiny since first suggested in 2005. It is now clear after a lengthy investigation that the directive is incompatible with Article 7 of the Charter of Fundamental Rights, and that it is therefore deemed invalid. It is still unclear what exactly this means for all the member states who have implemented their own versions of the directive.
What Was the Data Retention Directive?
The Data Retention Directive had the purpose of unifying different member state laws when it comes to retaining data from telephone carriers and Internet providers. The directive demanded that these providers in all European member states must keep all information about their customers for a minimum of six months, allowing police and security agencies to retrieve the information after a court order. The directive was heavily criticized for its opposition to the right to free communication, and has often been referred to as a “Big Brother” law.
The case of the directive was brought to the attention of the European Court of Justice after Digital Rights Ireland, a non-governmental organization, sued the state of Ireland and others for their implementation of the directive. On the 8th of April, 2014, the Court of Justice finally decided to deem the directive invalid.
Meaning for State Implementations of the Directive
The situation is as of yet unclear when it comes to the many member states and their unique implementations. No two implementations are exactly the same, and so they are not automatically revoked, but must instead be revoked by their individual national parliaments, which will surely take quite some time. Sweden has gone before this decision, and the national Post och Telestyrelsen has informed affected parties that they are free to stop retaining data without risking any governmental cases towards them. Several Internet providers and phone carriers have already reported doing this. It is also unclear whether the EU will force these states into changing their new laws as they too go against the Charter of Fundamental Rights – and even if such is the case, it might be possible for these states to simply adapt their laws slightly to go along with fundamental rights, at least on paper.
Some countries, including Sweden, have had to pay fines to the European Union for being late in implementing the directive after it was passed in 2006. These countries have been informed that they will have their money returned. There are more money issues, however – there have already been cases of carriers considering suing states for the costs it took for them to implement the directive into their daily activities, which has now been revealed was all for nought. The case of the Data Retention Directive is obviously not over yet.