Applicability of ePrivacy Directive to national data retention measures following invalidation of the Data Retention Directive

The paper analyses rules pertinent for examination of national data retention measures regulating data processing activities of providers of electronic communication services following invalidation of the Data Retention Directive in 2014, on which subject the CJEU issued a total of five judgments up until June 2021. Focus of this analysis is the issue of applicability of EU law as interpreted in the CJEU case law, most specifically Article 15, paragraph 1 of the ePrivacy Directive containing legal safeguards for the restrictions of rights and obligations in that directive on the confidentiality of communications as well as the processing of traffic and location data. Such restrictions are as a rule manifested in different national data retention measures, which may pursue law enforcement and public security, as well as national security objectives. This examination is supported also by analysis of rules on the scope of ePrivacy Directive and its relationship with the general personal data protection framework. Overall findings in the paper provide a frame for further detailed research on the topic of future regulation of retention measures at national/EU level (Proposal for ePrivacy Regulation, possible new EU data retention legislation) and a comparative assessment of relevant CJEU jurisprudence with that of the European Court of Human Rights in respect of compatibility of retention measures with the guarantees of fundamental rights and freedoms and allowed restrictions thereof in the European legal system.