The Legality of the European Data Retention Directive in Light of the Fundamental Rights to Privacy and Data Protection

The EU Data Retention Directive (2006/24/EC) provides an obligation for providers of publicly available electronic communications services and of public communications networks to retain traffic and location data for six months up to two years for the purpose of the investigation, detection, and prosecution of serious crime. Considering potential uses and misuses of retained data such as traffic analysis, social network analysis, and data mining, this research examines the suitability, necessity, and proportionality of the interference with the fundamental rights to privacy and data protection as guaranteed by the Charter of Fundamental Rights of the European Union.

This research was co-sponsored by the Stanford-Vienna Transatlantic Technology LawForum (Stanford Law School/University of Vienna School of Law), the Stanford Center for E-Commerce, the Europe Center at the Freeman Spogli Institute for International Studies at Stanford University, as well as supported by the University of Vienna Research Grant 2010.  It was published in the European Journal of Law and Technology, Vol. 1, No. 3 (2010).