This paper examines a recent twist in EU data protection law. In the 1990s, the European Union was still primarily a market-creating organization and data protection in the European Union was aimed at rights abuses by market actors. Since the terrorist attacks of New York, Madrid, and London, however, cooperation on fighting crime has accelerated. Now, the challenge for the European Union is to protect privacy in its emerging system of criminal justice. This paper analyzes the first EU law to address data privacy in crime-fighting -- the Data Retention Directive. Based on a detailed examination of the Directive's legislative history, the paper finds that privacy--as guaranteed under Article 8 of the European Convention on Human Rights and the Council of Europe's Convention on Data Protection--was adequately protected in the Directive. This positive experience can serve as guidance for guaranteeing other fundamental rights in the rapidly expanding area of EU cooperation on criminal matters.
Francesca E. Bignami, Privacy and Law Enforcement in the European Union: the Data Retention Directive, 8 Chicago Journal of International Law 233-255 (2007)