Privacy International and Quadrature du Net: One Step Forward Two Steps Back in the Data Retention Saga?
Fforthcoming, February 2022) European Public Law
24 Pages Posted: 10 Jan 2022
Date Written: July 11, 2021
Abstract
This article critically reflects on the future direction of data retention at the EU and the national levels by discussing the lessons arising from two seminal Court of Justice of the EU (CJEU) decisions: Privacy International and Quadrature du Net. The paper addresses four main themes: i) the broad reach of EU data privacy law, ii) the detailed typology of permissible data retention models and the conditions applicable to these, iii) the evolving interaction between the CJEU and the European Court of Human Rights (ECtHR) in cases of bulk surveillance, and iv) the relevant legislative developments regarding data retention enshrined in the proposed ePrivacy Regulation. It advances four main lines of criticism. The first concerns the Court’s reasoning regarding the expansive scope of application of EU data protection law that -while anticipated- appears unconvincing. The second regards the shortcomings and weaknesses in the CJEU’s analysis laying down a taxonomy of permissible data retention systems. The third line of criticism is broader and concerns the progressive re-legitimisation of bulk as well as other surveillance models that seems to be the path undertaken by both the CJEU and ECtHR. Finally, we criticise the ways the EU legislature is trying to ‘circumvent’ the CJEU’s data retention rulings.
Keywords: data retention, EU fundamental rights, Privacy International, Quadrature du Net, bulk data retention, EU data protection law, European Court of Human Rights Big Brother Watch, GDPR, ePrivacy, UK adequacy decisions after Brexit
Suggested Citation: Suggested Citation