The Invalidation of the Data Redention Directive: A balance of interest between security and fundamental rights

In the wake of terror attacks in Madrid (2004) and London (2005) the European Parliament issued Directive 2006/24/CE, which regulated the question of data retention, specifying particular procedures for Internet Service Providers to store traffic data and the requirements for courts to access these data. Eight years later, on 8 April 2014, this law was declared invalid by the Court of Justice of the European Union (CJEU) because of its breach of the right to have one’s private and family life respected and of the right to the protection of personal data as recognized both by the European Convention on Human Rights and the Charter of Fundamental Rights of the European Union. This article first highlights the key points of the CJEU’s decision and then briefly discusses the technological limits for data retention, before considering the immediate impact of this ruling and its possible impact on freedom of expression.