The “Great Difficulty” of Mass Data Retention | Privacy International

In 2006, the EU institutions passed the Data Retention Directive, a measure sponsored by the UK that called for states to retain all communications data in their countries (for between six months and two years) and for public authorities to have access to that data on request.

Communications data—variously termed ‘traffic data’ or metadata—is everything but the content of communications. It includes the senders and recipients of emails and calls the timing, duration and methods of communications, and device location data.

The 2006 Directive was challenged by the NGO Digital Rights Ireland, and was ultimately invalidated by the CJEU as a disproportionate interference with the rights to privacy and protection of personal data under the EU Charter of Fundamental Rights (Arts 7 and 8 respectively). In response to the Directive being struck down—and the resultant invalidity of the UK regulations implementing it—the UK Parliament quickly passed DRIPA to preserve its power to order communications service providers to retain data. Both DRIPA and a Swedish law being challenged alongside it impose a duty of general data retention; in other words, blanket storage of all communications data passing through the networks of communications providers