The European Court of Justice has yesterday somehow expectedly, particularly after the opinion delivered by Advocate General Cruz Villalon in December 2013, decided in the cases C‑293/12 and C‑594/12 that EU Data Retention Directive is invalid. More specifically, it held that :
Directive 2006/24 does not lay down clear and precise rules governing the extent of the interference with the fundamental rights enshrined in Articles 7 and 8 of the Charter. It must therefore be held that Directive 2006/24 entails a wide-ranging and particularly serious interference with those fundamental rights in the legal order of the EU, without such an interference being precisely circumscribed by provisions to ensure that it is actually limited to what is strictly necessary (para. 65).
It is now necessary that the EU Commission prepares a new draft Directive in line with the EU Fundamental Rights Charter and the European Convention on Human Rights and opens an EU wide consultations involving all stake-holders from all Member States.
The European Union Fundamental Rights Agency has recently published report on “Access to data protection remedies in the EU Member States”. The report highlights the “victims’ lack of understanding and awareness about data protection and the authorities that serve to help them”.
Advocate General Cruz Villalon has on 12 December 2013 delivered his opinion in a higly controversial case C‑293/12 and C‑594/12 on the Directive 2006/24/EC of the European Parliament and that of Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC. He concluded that said Directive;
is as a whole incompatible with Article 52(1) of the Charter of Fundamental Rights of the European Union, since the limitations on the exercise of fundamental rights which that directive contains because of the obligation to retain data which it imposes are not accompanied by the necessary principles for governing the guarantees needed to regulate access to the data and their use (para. 159)
and added :
Article 6 of Directive 2006/24 is incompatible with Articles 7 and 52(1) of the Charter of Fundamental Rights of the European Union in that it requires Member States to ensure that the data specified in Article 5 of that directive are retained for a period whose upper limit is set at two years (para. 159).
The dilemma between protecting national security and the protection of fundamental rights of individuals to privacy does not fall between genuines dilemmas. It is actually not a dilemma. States can only protect national security in a manner that does not interfere unlawfully in the fundamental rights of individuals. Arbitrary interference of state and non-state bodies in the privacy of the individuals are illegal and in breach of the European Convention and the EU Charter.