On 30 September 2022, the Court of Justice of the European Union (CJEU) handed down two judgments in which it ruled, respectively, that Germany’s and France’s data retention laws are incompatible with EU law.
In Joined Cases C‑793/19 and C‑794/19 SpaceNet AG and Telekom Deutschland GmbH (EU:C:2022:702), the CJEU ruled that EU law precludes the general and indiscriminate retention of traffic and location data, except in the case of a serious threat to national security. It also confirmed, however, that to combat serious crime, Member States may, in strict compliance with the principle of proportionality, provide for the targeted or expedited retention of such data and the general and indiscriminate retention of IP addresses.Continue Reading EU Data Retention: When Member States Get It Wrong