skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum view


On February 18, 2015 a group of privacy advocates started legal action against the Dutch data retention law. Similar initiatives have taken place elsewhere in Europe and are likely to succeed following the demise of the EC’s Data Retention Directive in 2014. Devising rules that make data retention possible without hampering citizens’ privacy rights will be a challenge for European legislators, who should also be careful not to place an undue burden on telcos.

The demise of the Data Retention Directive creates a de facto regulatory vacuum

The legal action taken by a group of Dutch journalists, lawyers, and privacy advocates on February 18, 2015 aims to strike down the national data retention act. This move demonstrates the challenges that EU countries’ governments face in keeping data retention legislation in place.

In 2014 the European Courts of Justice struck down the EC’s Data Retention Directive of 2006, stating that it was disproportionate and failed to comply with the privacy principles set out in EU legislation. This decision did not repeal the national acts that transpose the directive, but it did clear the way for legal challenges, which are now likely to succeed in any EU country.

In order to tackle crime, governments need to have some data retention rules in place. However, they must also comply with the EC’s regulatory framework. They must ensure that any legislation they pass does not breach the E-Privacy Directive of 2002, which is currently in force, and which places specific data protection obligations on telcos.

The challenge now is to create a framework in which data retention is possible, but under which data protection safeguards are still in place. The EC should set out its new rules as soon as possible, and those rules should clearly say what public bodies can do (and, crucially, what they can ask telcos to do) – with clear and precise limits. This would also help to ensure that no unnecessary burden is placed on telecoms operators, which face a cost in retaining such data and making it available to public authorities.


Further reading

Data Protection Tracker: 1Q15, TE0007-000867 (January 2015)

Current Status and Future Developments in Data Protection, TE0007-000812 (August 2014)

“The demise of the Data Retention Directive provides an opportunity for legislators,” TE009-001076 (April 2014)


Luca Schiavoni, Analyst, Regulation

Recommended Articles


Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700

Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

+44 (0) 207 551 9047 - Operational from 09.00 - 17.00 UK time

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 7770704398 or email us at

Contact marketing -

Already an Ovum client? Login to the Knowledge Center now