The EU Data Retention Directive (DRD), adopted by the European Union in 2006, is the most prominent example of a mandatory data retention framework. The highly controversial Directive compelled all ISPs and telecommunications service providers operating in Europe to collect and retain a subscriber's incoming and outgoing phone numbers, IP addresses, location data, and other key telecom and Internet traffic data for a period of six months to two years. Since its passage, the EU Data Retention Directive has faced intense criticism. The Directive lacked safeguards that limit government collection and access to individuals' data. It also omitted controls over what the data can be used for.

Government-mandated data retention impacts millions of ordinary users by compromising online anonymity which is crucial for whistleblowers, investigators, journalists, and those engaging in political speech. Data retention laws are invasive, costly, and damage the right to privacy and free expression. Privacy risks increase as these databases become vulnerable to theft and accidental disclosure. Service providers must absorb the expense of storing and maintaining these large databases and often pass these costs on to consumers.

Ireland has been one of the earliest and most determined proponents of data retention in Europe. In 2001, it was revealed by Karlin Lillington of the Irish Times that Irish telephone companies retained data for up to six years. When this practice was challenged by Ireland’s Data Protection Commissioner, the government stepped in and gave a secret directive to telecommunications operators to retain all traffic data (including mobile phone location data) for three years. The subsequent scandal led to the then Minister of Justice introducing stand-alone legislation. Criticisms that the Irish data retention regime violated existing EU regulations on telecommunications privacy led to Ireland proposing the EU-wide initiative that eventually became the Data Retention Directive. Ireland itself passed its implementation of the EU directive in 2011. Digital Rights Ireland was formed in the middle of this national and EU battle, and from its inception, made one of its primary goals fighting data retention. As part of this mission, DRI began an EU legal challenge to Ireland’s data retention implementation law in 2006.

It should be noted that there is a political as well as a legal dimension in these cases. Even if a law is declared invalid, there may be pressure to adopt a similar law in the future. It is important to prepare the ground to make sure that the effect of a legal victory isn't undone by later legislation which may be just as bad.