Telecommunication service providers or operators store clients' personal data for the purposes of transmitting communications, invoices, and interconnection payments, marketing and certain other value-added services. Because of the widespread illicit use of the internet and the high level of crime characterized by the exploitation of communication technologies, law enforcement authorities in most EU States have reported that retained data play a central role in their criminal investigations.
In the aftermath of the terrorist attacks in Madrid in 2004 and London in 2005, the Data Retention Directive was adopted to harmonize the EU efforts in the investigation and prosecution of the most serious crimes such as, in particular, organized crime and terrorism. The Directive required operators to retain certain categories of traffic and location data (excluding the content of those communications) for a period between six months and two years and to make them available, on request, to law enforcement authorities for the purposes of investigating, detecting and prosecuting serious crime and terrorism.
The retained data provided valuable leads and evidence that have resulted in convictions for criminal offences and in acquittals of innocent suspects in relation to crimes which, without an obligation to retain these data, might never have been solved. In particular:
The Commission's evaluation report on the Data Retention Directive, presented in April 2011, concluded that the EU should continue to support and regulate the storage of, access to and use of telecommunications data. However, the report also concluded that EU rules in this area needed to be improved to prevent the different types of operators from facing unfair obstacles in the Internal Market and to ensure that high levels of respect for privacy and the protection of personal data are applied consistently.
The Commission also announced in the report on the evaluation that it would consider whether and how an EU approach to data preservation might complement data retention. An independent external study on current approaches to data preservation in EU Member States and third countries [417 KB] was carried out between December 2011 and November 2012 by the Centre for Strategy and Evaluation Studies. The researchers conducted surveys of law enforcement authorities, service providers, data protection authorities and NGOs, and held a seminar with experts in May 2012. Input was received from 15 countries – 13 EU Member States plus Croatia, Norway and the United States. The study finds that data retention and data preservation are complementary rather than alternative instruments and that data retention plays a role in ensuring that data are kept, which is sometimes a prerequisite for data preservation, as data may have already been deleted before a data preservation order is issued.
As required by the Directive, the Commission set up an experts group [84 KB] to advise on best practice in the implementation of the Data Retention Directive. Following the ruling of the Court of Justice of 8 April 2014 declaring the Directive invalid, the group no longer exists.
On 8 April 2014, the Court of Justice of the European Union declared the Data Retention Directive invalid (joined Cases C-293/12 and C-594/12). The Court took the view that the Directive does not meet the principle of proportionality and should have provided more safeguards to protect the fundamental rights to respect for private life and to the protection of personal data. The Court also considered that data retention serves, under clear and precise conditions, a legitimate and general interest, namely the fight against serious crime and the protection of public security.
In the absence of a generally accepted definition under international law, “terrorism” can be defined as ...
Personal data processed in connection with the provision of electronic communications services.
Charged by network operators on other service providers to recover the costs of the interconnection facilities ...
Data retention refers to all obligations on the part of controllers to retain personal data for certain purposes...
Characteristics or information, usually numerical, that are collected through observation.