The Legality of the Data Retention Directive in Light of the Fundamental Rights to Privacy and Data Protection


  • Lukas Feiler Stanford University/University of Vienna Transatlantic Technology Law Forum (TTLF)


The EU Data Retention Directive (2006/24/EC) provides an obligation for providers of publicly available electronic communications services and of public communications networks to retain traffic and location data for six months up to two years for the purpose of the investigation, detection, and prosecution of serious crime. Considering potential uses and misuses of retained data such as traffic analysis, social network analysis, and data mining, this paper examines the suitability, necessity, and proportionality of the interference with the fundamental rights to privacy and data protection as guaranteed by the Charter of Fundamental Rights of the European Union.

Author Biography

Lukas Feiler, Stanford University/University of Vienna Transatlantic Technology Law Forum (TTLF)

I am a Fellow at the Stanford-Vienna Transatlantic Technology Law Forum (TTLF) and a Research Fellow at the Forum on Contemporary Europe (FCE). I am also Vice Director at the European Center for E‑Commerce and Internet Law, Vienna. I studied law at the University of Vienna School of Law and the Santa Clara Law School and hold a Systems Security Certified Practitioner (SSCP®) certification from (ISC)². Previously, I worked as a software developer and system administrator in Vienna, Leeds, and New York, held a teaching position for TCP/IP networking and web application development at the SAE Institute Vienna, and interned with the European Commission, DG Information Society & Media, Unit A.3 ‘Internet; Network and Information Security’ in Brussels.






Refereed Articles