ECJ decision in “Digital Rights Ireland” strikes down “data retention directive”

The European Court of Justice, in its Judgment in Joined Cases C-293/12 and C-94/12 “Digital Rights Ireland and Seitlinger and Others”, has declared data retention directive invalid.

The directive (Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC), according to the judgement (yet unpublished, here you find the press release anticipated by Wired) infringes article 52 of the EU Rights Charter and cannot therefore be upheld. This decision is welcome from a citizen rights’ perspective, but it raises some doubts in terms of security, if we consider that justice-controlled data retention is (was?) one of the major tools given to communications police authority to track down not only intellectual property infringements, but much more hideous crimes such as pedo-pornography. Again, we face an issue: chasing the thieves or locking the house. This round was against chasing the thieves. Let’s hope the answer is not locking the house, so that fewer people can go outside in the brave outer world.