Nederlands
English
French
Deutsch
Espaniol
Portugese
EU Court Delivers Major Privacy Victory
The European Court of Justice has issued a landmark ruling restricting mass data retention practices across the EU. In a decision published today, judges declared that blanket data collection violates fundamental privacy rights under the EU Charter. The court emphasized that while law enforcement needs access to data for serious crime investigations, indiscriminate retention of citizens' communication metadata crosses legal boundaries.
Security Needs vs. Privacy Rights
The ruling addresses the tension between national security demands and individual privacy protections. "General and indiscriminate retention of traffic and location data can only be justified by a serious threat to national security," the court stated. "Such measures must be strictly necessary and proportionate."
This decision follows years of legal challenges from digital rights groups including the Electronic Frontier Foundation (EFF). The court referenced four previous rulings dating back to 2014 that consistently struck down bulk data collection schemes.
What the Ruling Changes
- Requires case-specific data retention requests
- Mandates judicial approval for access
- Limits retention periods to what's absolutely necessary
- Prohibits retention of content data
The judgment responds to recent efforts by the European Commission's "Going Dark" working group, which had proposed expanded surveillance powers. Privacy advocates celebrated the decision as a crucial safeguard. "The court has drawn a clear line against mass surveillance," said EFF legal director Svea Windwehr.
Impact on Member States
Several EU countries including France and Germany now face major legal overhauls. National laws permitting bulk data collection must be revised within six months. Law enforcement agencies expressed concern, arguing the ruling hampers anti-terrorism efforts. However, the court maintained that targeted investigations remain possible under the new framework.
This decision comes amid ongoing debates about the EU's Digital Services Act and follows the Commission's May 2025 proposal to reduce record-keeping obligations for smaller businesses under GDPR rules.
