Chicago Journal of International Law


This Article examines a recent twist in European Union ("EU") data protection law. In the 1990s, the European Union was a market-creating organization and the law of data protection was designed to prevent rights abuses by market actors. Since the terrorist attacks in New York, Madrid, and London, however, cooperation in law enforcement has accelerated. Now the challenge for the European Union is to protect privacy in its emerging system of criminal justice. This Article analyzes the first EU law to address data privacy in law enforcement-the Data Retention Directive (or "Directive"). Based on a detailed examination of the Directive's legislative history, this Article finds that privacy-as guaranteed under Article 8 of the European Convention on Human Rights and the Council of Europe's Convention on Data Protection-is adequately protected in the Directive. This positive experience can serve as guidance for guaranteeing other fundamental rights in the rapidly expanding area of EU cooperation on criminal matters.