Today the European Commission adopted an evaluation report of the Data Retention Directive outlining the lessons learned since its adoption in 2006. The Directive established data retention as a response to urgent security challenges, following major terrorist attacks in Madrid in 2004 and in London in 2005. The report concludes that retained telecommunications data play an important role in the protection of the public against the harm caused by serious crime. They provide vital evidence in solving crimes and ensuring justice is served. However, transposition of the Directive has been uneven and the remaining differences between the legislations of Member States create difficulties for telecommunication service providers. The Directive also does not in itself guarantee that data are stored, retrieved and used in full compliance with the right to privacy and protection of personal data, and this has led courts to annul the legislation transposing the Directive in some Member States. The Commission will now review the current data retention rules, in consultation with the police and the judiciary, industry, data protection authorities, and civil society with a view to proposing an improved legal framework.