The article discusses the CJEU’s most important case law, including interpretations pre- sented in recent cases relating to data retention for both national security purposes (Privacy International, La Quadrature du Net) and the fight against serious crime (H.K). The analysis is a starting point for discussing the draft e-Privacy Regulation, in particular a controver- sial proposal introduced by the EU Council that may limit the Court’s jurisdiction in cases involving data retention rules that cover state security. Negotiated over the past five years, the draft e-Privacy Regulation fleshes out EU data pro- tection rules governing electronic communication services. As a result, the way in which obligations under the Regulation are defined is critical in setting a standard for retention rules consistent with CJEU case law for decades to come. At the same time, succumbing to pressure from Member States may have the opposite result – the emergence of new ambiguities concerning not only the admissibility of data retention but also the competence of EU institutions to regulate this area of the telecommunications sector.
Marcin Rojszczak ∗
Faculty of Administration and Social Sciences, Warsaw University of Technology, Warsaw, Poland