Identification of the case
Fundamental rights involved
- Respect for private and family life (art. 7 CFREU)
- Protection of personal data (art. 8 CFREU)
National law sources
- Part 7 of the Criminal Justice (Terrorist Offences) Act 2005
EU law sources
- Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 (Data Retention Directive)
ECHR provisionsArticle 8 ECHR
Summary of the case
Facts of the caseOn 11 August 2006, Digital Rights Ireland Ltd, the owner of a mobile phone registered on 3 June 2006, brought an action claiming that the Irish authorities had unlawfully processed, retained and exercised control over data related to its communications. First, it challenged the legality of several national measures that empowered Irish authorities to require providers of telecommunications services to retain telecommunications data, and in particular Part 7 of the Criminal Justice (Terrorist Offences) Act 2005. Second, it questioned the validity of Directive 2006/24 in the light of the Charter and/or the European Convention for the Protection of Human Rights and Fundamental Freedoms.
Type of enforcement
- Civil judicial enforcement
Measures, actions, remedies claimed/appliedannulment of measures of national law, damages, injunctions restraining the Defendants from acting under or giving effect to the challenged instruments (including the EC Directive).
Preliminary questionsIs Directive 2006/24 compatible with the right to privacy laid down in Article 7 of the Charter of Fundamental Rights of the European Union (and Article 8 ECHR) and with the right to the protection of personal data laid down in Article 8 of the Charter?
Reasoning (legal principles applied)The Court acknowledges that the obligation imposed by the Directive 2006/24 on providers of publicly available electronic communications services or of public communications networks to retain, for a certain period, data relating to a person’s private life and to her communications for the purpose of access to them by the competent national authorities constitutes, in itself, an interference with the rights guaranteed by Article 7 and Article 8 of the Charter.
The Court notices that such an interference is subject to Article 52(1) of the Charter. This Article provides that any limitation on the exercise of the rights and freedoms laid down by the Charter must be provided for by law, respect their essence and, subject to the principle of proportionality, limitations may be made to those rights and freedoms only if they are necessary and genuinely meet objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others. The Court then examines Directive 2006/24 in the light of Article 52(1) of the Charter:
• the essence of rights and freedoms laid down by the Charter: the retention of data prescribed by the Directive is not such as to adversely affect the essence of the rights to respect for private life and to the protection of personal data;
• objectives of general interest: the purpose of allowing competent national authorities to have access to those data responds to an objective of general interest, i.e., the fight against serious crime and thus public security;
• principle of proportionality: by adopting Directive 2006/24, the EU legislature has exceeded the limits imposed by the principle of proportionality in the light of Articles 7, 8 and 52(1) of the Charter. Indeed, even though the retention of data may be considered to be appropriate for attaining the objective pursued by the Directive, the interference caused by the Directive does not seem to be limited to the strictly necessary.
In the light of these considerations, the Court concludes that by adopting Directive 2006/24, the EU legislature has exceeded the limits imposed by compliance with the principle of proportionality in the light of Articles 7, 8 and 52(1) of the Charter:
“Directive 2006/24 does not lay down clear and precise rules governing the extent of the interference with the fundamental rights enshrined in Articles 7 and 8 of the Charter. It must therefore be held that Directive 2006/24 entails a wide-ranging and particularly serious interference with those fundamental rights in the legal order of the EU, without such an interference being precisely circumscribed by provisions to ensure that it is actually limited to what is strictly necessary” (para. 65).
Implementation of preliminary rulingPrior to the judgment in Digital Rights Ireland, the Communications (Retention of Data) Act, 2011 was enacted to give effect to Directive 2006/24 and, inter alia, to repeal Part 7 of the Criminal Justice (Terrorist Offences) Act, 2005. Digital Rights Ireland’s claim was hence amended to reflect this statutory changes. After the judgement delivered by the Court of Justice in 2014 that invalidated Directive 2006/24, Digital Rights Ireland sought an order of referring to the Court of Justice of the European Union the question: “whether, in light of the Provisions of the Charter of Fundamental Rights and Freedoms and the findings of the Court of Justice (sic) in Digital Rights Ireland v. Ireland a domestic legislative measure which requires indiscriminate retention of telecommunications data for a period longer than is required for the legitimate commercial purposes of the telecommunications providers, is valid”. However, on 19 July 2017 the Irish High Court dismissed the application for a reference to the Court of Justice. Indeed, the Court deemed such a request not necessary to adjudicate upon the matter at that stage of the proceedings, when the facts of the case had not yet been clarified: “[i]t may be that the trial judge, when he or she has heard the relevant evidence in these proceedings, may decide that a reference to the CJEU is required to clarify the issue or issues in the case”.
Role of the Charter and role of the general principles on enforcement
Relation to scope of the CharterArticles 7, 8 and 52(1) of the Charter were directly applied in the case: the Court declared that Directive 2006/24/EC is invalid because it infringed upon Article 7 and 8 CFREU without complying with Article 52(1) CFREU.
Safeguards for access to justice
- Explicit reference to Art. 41 CFREU (right to good administration)
Relevance of CFREU and ECHR articles or related rightsThe Court builds its reasoning on Articles 7, 8 and 52(1) CFREU. Article 8 ECHR was also applied by the Court since, in providing for the right to respect for private and family life, it is considered the equivalent of Article 7 CFREU.
Relevant principles applied
Principle of effectivenessIn examining the compliance of Directive 2006/24 with the principle of proportionality, the Court concludes that “Directive 2006/24 does not provide for sufficient safeguards, as required by Article 8 of the Charter, to ensure effective protection of the data retained against the risk of abuse and against any unlawful access and use of that data” (para. 66).
Principle of proportionalityThe principle of proportionality, applied to EU legislative action, inspires the conclusion of the Court. Indeed, in the view of the Court, Directive 2006/24 entails a serious interference of the fundamental rights enshrined in Articles 7 and 8 of the Charter without limiting such interference to what is strictly necessary: first, the Directive targets all individuals without any differentiation or exception; second, no objective criterion is provided to limit the access of the competent national authorities to data and their subsequent use; third, the Directive imposes a data retention period of at least six months, without making any distinction between the categories of data involved on the basis of the persons concerned or the possible usefulness of the data in relation to the objective pursued.
Elements of judicial dialogue
Judicial dialogue patterns
Vertical dialogue type
- Direct dialogue between CJEU and National court (preliminary reference)
Purposes of using judicial dialogueTo verify the validity of Directive 2006/24 in the light of the rights enshrined in Article 7 and 8 of the Charter.
Additional notes on the decision
Impact on legislation/policyAfter the invalidation of the Data Retention Directive by the Court of Justice, the EU did not present a new legislative initiative on data retention.
Impact on national case lawAs a result of Digital Rights Ireland, several national data retention laws have been invalidated by national courts. By way of example, on 11 March 2015, the District Court of The Hague suspended the 2009 Telecommunications Data Retention Act (TDRA), that was drafted on the basis of EU Data Retention Directive. By the same token, Digital Rights Ireland largely inspired the decision of the Belgian Constitutional Court to annul, on 11 June 2015, the Belgian data retention law. The Constitutional Courts of Slovakia, Slovenia, Romania and Bulgaria also annulled their respective national data retention provisions.
Other notesFollowing the judgment in Digital Rights Ireland, two references were made to the CJEU by the Kammarrätten i Stockholm (Administrative Court of Appeal, Stockholm, Sweden) and the Court of Appeal (England and Wales) (Civil Division) (UK) in relation to the general obligation imposed on providers of electronic communications services by the Swedish and the UK legislation respectively to retain the data related to those communications. Precisely, the Court of Justice was requested to judge upon the compatibility with EU law of national rules that impose on providers a general obligation to retain data for the purpose of access to them by the competent national authorities where such access is not subject to specific substantive and procedural conditions.
In the judgment delivered in joined Cases C-203/15 Tele2 Sverige AB v Post-och telestyrelsen and C-698/15 Secretary of State for the Home Department v Tom Watson and Others of 21 December 2016, the Court of Justice concludes that EU law precludes a general and indiscriminate retention of traffic data and location data, but it is open to Members States to allow for targeted retention of data, provided that such retention is limited to what is strictly necessary and that access of the national authorities to the retained data is subject to specific conditions.