TRACY has received funding from the European Health and Digital Executive Agency (HADEA) under the Commission Digital Europe Programme (DIGITAL) with Grant Agreement No 101102641
DISCLAIMER: Funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or European Health and Digital Executive Agency. Neither the European Union nor the granting authority can be held responsible for them
© 2025 Tracy Project. Created for free using WordPress and
Colibri
Towards a Harmonized EU Framework for Data Retention and Access
(Βy TIMELEX – Seliha Buelens)
TRACY uses a stream of (near) real-time non-content data (such as device movement patterns) to track devices present at crime scenes and follow their trajectories after the facts. It supports suspect identification when combined with other evidence and can also be used post-incident to reconstruct events, trace movements, identify possible hideouts, and determine interactions relevant to the investigation. Hence, we have been looking into the legal framework regarding the use of non-content data of electronic communications, in particular the retention of metadata, and the access thereto.
Effective law enforcement relies on access to retained metadata, particularly in the prevention, detection, investigation, and prosecution of serious crime. However, the European Union currently lacks a harmonized legal framework for data retention and access, following the invalidation of the Data Retention Directive by the Court of Justice of the European Union in its 2014 Digital Rights Ireland ruling. Consequently, national rules across Member States show significant disparities. This fragmentation undermines cross-border cooperation, creates legal uncertainty for both law enforcement authorities (LEAs) and electronic service providers (ESPs), and weakens the effectiveness of criminal investigations. As concluded by the High-Level Group on access to data for effective law enforcement (HLG) and Eurojust, there is a pressing need for a common EU approach. A new framework should not only comprise clear, proportionate, and legally sound rules for both data retention and access, but also include defined obligations for ESPs and, where relevant, for LEAs. Only then can data retention and access, as well as cooperation between ESPs and LEAs become more efficient, reliable, and respectful of fundamental rights.
Considering the above, TRACY is excited for the future developments in this topic, and looks forward to the results of the intentions and initiatives by the European Commission to provide a new EU data retention framework and thereby providing “law enforcement with adequate and up-to-date tools for lawful access to digital information, while safeguarding fundamental rights”.
The TRACY project welcomes these changes in line with the HLG recommendations, unifying the framework in Europe and in particular also addressing standardization questions and supporting initiatives to optimize cooperation between LEAs and ESPs.