Abstract
The Court of Justice of the European Union (ECJ) in 2014 ruled in Digital Rights Ireland that the Data Retention Directive was invalid for exceeding the limits of proportionality in light of Articles 7, 8 and 52(1) of the EU Charter of Fundamental Rights (Charter). Subsequently, preliminary references from the England and Wales Court of Appeal and the Swedish Administrative Court of Appeal sought clarification from the ECJ as to whether EU law permitted a general obligation to retain traffic data covering all persons, all means of electronic communication and all traffic data without any distinctions, limitations or exceptions for the purpose of combating crime. The ECJ in Tele2 and Watson ruled that in light of Articles 7, 8, 11 and 52(1) of the Charter, EU Member States were precluded from adopting national measures which provided general and indiscriminate retention of traffic and location data of all subscribers and registered users relating to all means of electronic communication. The ECJ also ruled that Member States were only permitted to adopt data retention measures for the purpose of fighting serious crime, and only when access to retained data was subject to prior review by a court or an independent administrative body.
In 2018, the issue of the UK's data retention regime envisaged in Part 4 of the Investigatory Powers Act 2016 came before the England and Wales High Court. The High Court ruled that Part 4 was incompatible with EU law because access to retained communications data was not limited to the purpose of fighting serious crime, and it was not subject to prior review by a court or an independent administrative body. This judgment was regarded by the claimants, Liberty, as a ‘landmark victory for privacy rights’. However, this paper questions whether certain aspects of the High Court ruling are indeed a victory, by assessing its compatibility with EU law and the European Convention on Human Rights (ECHR).