After the Council launched a reflection process on the retention of telecommunications data, and after an exchange of views on the state of play and the way forward at the JHA Council meeting of 6-7 December 2018 (see eucrim 4/2018, 201), work continued on the technical and working levels. Under Europol’s coordination, experts agreed on a number of aspects to be considered in a possible future, new EU data retention law. These aspects include a matrix of limited data categories, the length of the retention period, rules on erasure, data security, etc.

In April 2019, the Council Working Party DAPIX discussed Council conclusions that called on the Commission to start a series of consultations with relevant stakeholders and to prepare a “comprehensive study” on possible solutions for the retention of telecommunications data for law enforcement purposes. The study should also include concepts that meet the requirements of the CJEU’s case law on the various interference levels of the data retention regime. In 2014, the CJEU had declared the 2006 EU data retention directive void (see eucrim 1/2014, 12). Subsequently, in 2016, the CJEU prohibited Member States from maintaining national data retention regimes if they entail a general and indiscriminate retention of data (see eucrim 4/2016, 164).

Recently, several requests for preliminary rulings were submitted to the CJEU by Member States’ supreme or constitutional courts (by Belgium, France, and Estonia). They seek clarification on the limits of retention of e-communication data in view of Art. 15 of the EU’s e-privacy Directive 2002/58/EC (cf. case C-520/18; case C-511/18; and case C-746/18). The CJEU will therefore have new opportunities to shape its case law in the field of data retention.