The Meijers Committee’s comment and recommendations on the EU Data Retention Roadmap
This commentary outlines the Meijers Committee’s concerns and recommendations regarding the Commission’s Roadmap on lawful and effective access to data in anticipation of its proposal on data retention in the first quarter of 2026.
Directive 2006/24/EC on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks (“Data Retention Directive”) was declared invalid due to its infringement of Art. 7, 8, 11 and 52 of the Charter of Fundamental Rights of the European Union (“CFREU”) by the Court of Justice of the European Union (“CJEU”) in the landmark judgement Digital Rights Ireland.
The invalidity of the Data Retention Directive has left the regulation of data retention fragmented across the European Union, with divergent data retention regimes across the Member States. Member States enacted national data retention regimes based on Art. 15 (1) of the ePrivacy Directive, which allows for the restriction of the rights provided for by the Directive with the objective of the prevention, investigation, detection and prosecution of criminal offences. The parameters of data retention for the objective of the prevention, investigation and prosecution of crime have been largely defined by the CJEU, which has produced a considerable volume of judgments on the issue.
Should the Commission decide to propose legislation, in addition to the established parameters of the CJEU, the Meijers Committee wishes to emphasise the attention warranted by the privacy and data protection rights of individuals, their cybersecurity and the rights of defence within any future frameworks. After careful consideration of the Commission’s Roadmap for lawful and effective access to data for law enforcement and the conclusions and recommendations of the Higher Level Working Group (“HLG”), the Meijers Committee shall present its preliminary points of concern and corresponding recommendations below:
The Meijers Committee strongly opposes the circumvention of targeted retention through reliance on targeted access and emphasises the necessity of an “end-to end” system of safeguards.
The Meijers Committee raises concerns relating to the “objective” and non-discriminatory nature of targeted retention regimes. It recommends the introduction of review and monitoring processes which focus on issues of discrimination and profiling.
The Meijers Committee welcomes the introduction of objective factors in the determination of minimum periods of retention. However, it stresses that these considerations must be equally extended to maximum periods of retention and accompanied by accurate and robust technical and organisational measures.
In light of the grave danger decryption poses to the right to private life, data protection and freedom of expression, and in compliance with the jurisprudence of the ECtHR, the Meijers Committee completely opposes the introduction of a regime mandating or permitting on a voluntary basis the decryption of communications or alternative processes with similar effects.
The rights of defence should be central to and robustly safeguarded within proposed data retention frameworks. In the view of the Meijers Committee, the ability to comment effectively as part of the adversarial principle should include at a minimum: meaningful information on the method of intercepting the data, the involvement of the defence in the filtering of the intercepted data, data provided in a readable format and the possibility of analysis and observations by a digital forensic expert.
The Meijers Committee recommends that the use of Artificial Intelligence in filtering and correlating evidence from datasets should be critically examined due to its potential non-compliance with the AI Act, Art 6 ECHR, Art 48 Charter and Art 21 Charter and CJEU case law.
The Meijers Committee recommends that any automated processing by way of AI must be subject to oversight and verification by non-automated means.
The Meijers Committee requests that the Commission explain its proposal to use AI to “get access to encrypted data” and to demonstrate its compliance with EU law and the jurisprudence of the CJEU/ECtHR.
The Meijers Committee’s comment and recommendations on the EU Data Retention Roadmap
This commentary outlines the Meijers Committee’s concerns and recommendations regarding the Commission’s Roadmap on lawful and effective access to data in anticipation of its proposal on data retention in the first quarter of 2026.
Directive 2006/24/EC on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks (“Data Retention Directive”) was declared invalid due to its infringement of Art. 7, 8, 11 and 52 of the Charter of Fundamental Rights of the European Union (“CFREU”) by the Court of Justice of the European Union (“CJEU”) in the landmark judgement Digital Rights Ireland.
The invalidity of the Data Retention Directive has left the regulation of data retention fragmented across the European Union, with divergent data retention regimes across the Member States. Member States enacted national data retention regimes based on Art. 15 (1) of the ePrivacy Directive, which allows for the restriction of the rights provided for by the Directive with the objective of the prevention, investigation, detection and prosecution of criminal offences. The parameters of data retention for the objective of the prevention, investigation and prosecution of crime have been largely defined by the CJEU, which has produced a considerable volume of judgments on the issue.
Should the Commission decide to propose legislation, in addition to the established parameters of the CJEU, the Meijers Committee wishes to emphasise the attention warranted by the privacy and data protection rights of individuals, their cybersecurity and the rights of defence within any future frameworks. After careful consideration of the Commission’s Roadmap for lawful and effective access to data for law enforcement and the conclusions and recommendations of the Higher Level Working Group (“HLG”), the Meijers Committee shall present its preliminary points of concern and corresponding recommendations below:
- The Meijers Committee strongly opposes the circumvention of targeted retention through reliance on targeted access and emphasises the necessity of an “end-to end” system of safeguards.
- The Meijers Committee raises concerns relating to the “objective” and non-discriminatory nature of targeted retention regimes. It recommends the introduction of review and monitoring processes which focus on issues of discrimination and profiling.
- The Meijers Committee welcomes the introduction of objective factors in the determination of minimum periods of retention. However, it stresses that these considerations must be equally extended to maximum periods of retention and accompanied by accurate and robust technical and organisational measures.
- In light of the grave danger decryption poses to the right to private life, data protection and freedom of expression, and in compliance with the jurisprudence of the ECtHR, the Meijers Committee completely opposes the introduction of a regime mandating or permitting on a voluntary basis the decryption of communications or alternative processes with similar effects.
- The rights of defence should be central to and robustly safeguarded within proposed data retention frameworks. In the view of the Meijers Committee, the ability to comment effectively as part of the adversarial principle should include at a minimum: meaningful information on the method of intercepting the data, the involvement of the defence in the filtering of the intercepted data, data provided in a readable format and the possibility of analysis and observations by a digital forensic expert.
- The Meijers Committee recommends that the use of Artificial Intelligence in filtering and correlating evidence from datasets should be critically examined due to its potential non-compliance with the AI Act, Art 6 ECHR, Art 48 Charter and Art 21 Charter and CJEU case law.
- The Meijers Committee recommends that any automated processing by way of AI must be subject to oversight and verification by non-automated means.
- The Meijers Committee requests that the Commission explain its proposal to use AI to “get access to encrypted data” and to demonstrate its compliance with EU law and the jurisprudence of the CJEU/ECtHR.
Download commentPublished on
15 January 2026