In a major privacy decision, the Court of Justice of the European Union has
ruled that data retention schemes enacted by member states violate EU law. The case involved challenges to data retention laws in Sweden and
Britain. The Court of Justice found that subscriber data, which "contain information on the private life of natural persons," "may only be stored to the extent that is necessary for the provision of the service for the purpose of billing and for interconnection payments, and for a limited time." The court further explained that fighting terrorism or crime is not, by itself, justification for indiscriminate, blanket data retention. In 2014, the Court
struck down the EU Data Retention Directive, which had required telephone and Internet companies to keep traffic and location data as well as user identifying information for use in subsequent investigations of serious crimes. EPIC has
advocated against mandatory data retention and currently has a
petition pending before the FCC to overturn the
regulation requiring the retention of phone records of US telephone customers.