The European Court of Justice ruled the data retention directive offers too few safeguards to protect people from authorities snooping and created an impression that private lives are the subject of constant surveillance. EU governments will now scramble to draft new legislation on data scrutiny to help prevent serious crimes such as terrorism while narrowing the law's scope to conform with the judges' verdict.
Data retention for the purpose of investigating serious crimes is necessary and that remains the case, said German interior minister Thomas de Maiziere after the ruling, urging quick agreement on more narrowly defined new legislation.
Germany, the most populous of the EU's 28 nations, did not implement the directive amid court challenges and domestic political differences.
The 2006 legislation required telecommunication firms to store phone calls or online communication records for at least six months and up to two years. The data typically reveals who was involved in the communication, where it originated, when and how often, but not its content.
Still, the Luxembourg court ruled the legislation provided very precise information on private lives, including daily habits and social relationships that represented a particularly serious interference with fundamental rights. The EU court also said the legislations failure to ensure the storage of communication data in the EU alone also represented a potential breach of privacy laws.