Data retention and unfounded mass surveillance were challenges that led to the creation of the AKVorrat. After years of confrontation, the breakthrough was made: the cancellation of EU Directive 2006/24 / EC by the European Court of Justice in April 2014 was an overwhelming victory for civil rights in Austria and Europe.

Data retention means the unfounded and general collection and storage of personal data. Without specific suspicion of punishable acts, connection data obtained in telecommunication processes is stored as a precautionary measure. This data contains exact information on when, where, for how long, and with whom communication took place. Movement and personality profiles created on this basis often have more significance for people's lives than the actual content of their communication.


The massive violations of fundamental rights associated with general data retention pose a threat to individual freedom. These violations are shaking the foundations of Western-style democracies, which are at risk of drifting away from the rule of law and towards becoming preventive and eventually totalitarian surveillance states. 

Terror as justification for mass surveillance

In the days following the terrorist attacks in New York on September 11, 2001, European foreign ministers proclaimed the full solidarity of the European Union with the United States. The European Council of Justice and Home Affairs called on the EU Commission to put forward proposals to monitor electronic communications, saying that law enforcement agencies should have access to data from telephone, mobile, e-mail, and other telecommunications connections. The first draft, the Data Retention Act of April 2004, submitted by France, Ireland, Sweden, and the United Kingdom, was rejected by the European Parliament in late May 2005, partly because Article 8 of the European Convention on Human Rights was threatened. However, the terrorist attacks in Madrid (March 11th 2004) and London (July 7th 2005) intensified political pressure. Excessive safety thinking spread as fear and terrorism were exploited to justify the unfounded public mass surveillance of everyone living in the EU. 

Fastest legislative procedure in EU history

On September 21st, 2005, the European Commission made a proposal for data retention. It is based on the harmonization of the legislation of each member state in the form of a directive. Under pressure from the UK Home Secretary and after informal collusion between the Council of Ministers, Christian Democrats (EPP) and Social Democrats (PSE), it was reluctantly accepted the proposal in plenary on December 14th 2005 in the European Parliament. 


The approach to this decision was worrying: despite its appalling impact on civil rights, the Directive was completed in just three months, the shortest legislative procedure to date since the EU's birth. 

The EU Data Retention Directive (2006/24 / EC)

On March 15, 2006, the EU Data Retention Directive (2006/24 / EC) came into effect. It required EU member states to incorporate the storage of traffic and location data, as well as data to establish the identity of the respective participants, into national law. Additionally, providers were required to retain the connection details of almost all communications for a minimum of six months and a maximum of two years for the purpose of investigating, detecting, and prosecuting serious crime.

The directive overruled the hitherto valid, fundamental prohibition on the storage of traffic and location data by persons other than the user himself or without his consent. 

The major points of criticism

Threatened fundamental rights: The EU directive undermined the fundamental right to live a private life, free from interference by state control. Freedom of expression and information, as well as editorial secrecy were also weakened, and the fundamental right to data protection was massively curtailed. A paradigm shift is taking place: away from the presumption of innocence, towards premature suspicion. As such, professional secrets are undermined and, consequently, there is a loss of trust as contact with doctors, lawyers, psychologists, and journalists remains traceable.


Alleged prevention: The preventive use of data for law enforcement is clearly refuted in scientific studies (Max Planck Institute, Freiburg, TU Darmstadt). To date, officials have not been able to prove that such a general suspicion actually increases security. 


Creeping misappropriation of laws: Soon after the introduction of data retention in Austria, the content industry - above all the music and film industry - declared their desires: Without any connection to the originally intended fight against terrorism and organized crime, they demanded the use of data for the prosecution of copyright infringement. Needless to say, the domestic military intelligence services did not want to be offside and demanded access. 


Technical evasion: Terrorists and organized criminals can evade the surveillance network through expertise - an effort that the unsuspecting, carefree citizen usually does not undertake.


Data protection: One hopes in vain for data security measures on the part of the state. During the years when data retention was in force in Austria (from 1 April 2012 to 27 June 2014), the competent data protection authority did not once examine the security of the sensitive data stored by the providers.


Costs: The preparation and execution of the general data retention incurs substantial costs. Every year, citizens pay millions in taxes and tariffs for their own surveillance.

Data retention in Austria and the protest against it

Austria also had to transpose the EU Directive into national laws and regulations, but it was hesitant at the beginning.


In the course of the public discourse, a massive civil resistance formed. In December 2009, "Arbeitskreis Vorratsdaten Österreich" was founded in the Vienna Audimax - occupied as a result of the "university burned" student protests. As the name AKVorrat suggests, our goal was to educate about and abolish data retention in Austria and other EU countries.


In the spring of the same year, the Ludwig Boltzmann Institute for Human Rights (BIM) was commissioned by the Federal Ministry of Transport, Innovation and Technology (BMVIT) to draft a fundamental amendment to the Telecommunications Act 2003, the Security Police Act and the Code of Criminal Procedure. The accompanying scientific analysis submitted by BIM in September 2009 showed that it is basically not possible to implement the EU Directive in compliance with fundamental rights. To resolve this you have to abolish them completely, hence the recommendation.


Christof Tschohl, founding member of the AKVorrat, had worked on this draft in the BIM. It was he who, together with Ewald Scheucher, later formulated the constitutional complaint against data retention, which four and a half years later would lead to the fall of the entire European data retention Directive before the ECJ. Soon after, its implementation in Austria was annulled.


On October 17, 2011 the AKVorrat started its citizen initiative "Stop the Data Retention!"

The two demands of our citizens' initiative were:

  1. Abolition of data retention: The Austrian government should actively support the abolition of EU Directive 2006/24 / EC at EU level (in the Council of Ministers).
  2. Evaluation of anti-terrorism laws: all surveillance laws should be reviewed.

The to this date largest citizen's initiative in Austria was created: By April 2012, 106,067 Austrians had spoken their concerns in writing or online via the platform 

In spite of this enormous reaction by civil society, in the spring of 2011 the National Council, under pressure from a threat of punishment from the European Commission to initiate infringement proceedings, decided to implement the EU Directive (2006/24 / EC) into national law. On 1 April 2012, the Austrian Data Retention Act finally came into force.


As the term "serious crime" had not been defined in the EU directive, it could be interpreted arbitrarily by the individual member states. In Austria, for example, all offenses punishable by over one year of criminal punishment were classified as "serious offenses". With this understanding, access to data was detached from the actual purpose: the fight against terrorism and international, serious crime. In the following year, domestic investigators made use of the retained data almost daily, but mainly in connection with minor offenses such as theft and stalking.


The Austrian implementation was rather cautious in comparison to other European nations. However, this could not compensate for the fundamental rights violations, nor refute criticisms of the AKVorrat. In order to bring down the Austrian implementation of the EU directive, we had to go to the highest courts. This was the last chance to uphold fundamental rights. It was only with the entry into force of data retention that it became legally possible to file a constitutional complaint against it. The day before the VDS came into force in Austria, there were nationwide protests under the motto "farewell privacy", in which demonstrators with coffins symbolically buried their privacy.


On this occasion, the AKVorrat collected the first signed forms for the constitutional complaint against the data retention. The campaign was carried out in collaboration with Albert Steinhauser, justice spokesman of the Green Party and member of the Austrian parliament.  

It received widespread publicity in the civil society. For example, it was possible to register as a co-plaintiff on the internet at Finally, 11,139 individual complaints came together. Many folders filled with complaints were pushed in a wheelbarrow to the Austrian Constitutional Court (VfGH) and filed there on June 15, 2012.

The Historical Judgment and the case of the EU Directive

In mid-December 2012, the President of the Constitutional Court Gerhart Holzinger said: "We have doubts that the EU Data Retention Directive is really compatible with the rights guaranteed by the European Charta of Fundamental Rights". Thus, the Austrian Supreme Court decided to refer those questions to the European Court of Justice in Luxembourg in the context of a reference for a preliminary ruling.


On April 8, 2014, the ECJ invalidated the Data Retention Directive in its current form. It ruled that data retention infringes fundamental rights and, in particular, violates respect for private and family life and the protection of personal data. In this historic judgment, for the first time, an EU Directive was repealed in its entirety and not only in selected parts. It was a sensational victory for civil rights and civil society!

In the following public hearing at the Constitutional Court on June 12, 2014, the Austrian Federal Government was unable to provide any new information about significant added value of data retention for prosecution or crime prevention. On June 27, 2014, the Constitutional Court finally suspended the general data retention in Austria. With that, the first EU member state abolished the national implementation of the Directive in response to the ECJ ruling.


The second request of the citizens' initiative - the evaluation of the existing surveillance laws - has not been fulfilled by the Austrian government. But the AKVorrat has not given up. They launched the project HEAT, the catalogue of actions for the evaluation of anti-terror laws. The manual was introduced to the public in version 1.1 on September 11, 2016, exactly 15 years after the terrorist attacks in New York.


In these 15 years, we have witnessed a gradual expansion of surveillance measures affecting every aspect of our daily lives, undermining and threatening our fundamental and civil rights. HEAT is understood as a handbook to the legislator and as a toolkit, which should help to establish a fact-based security policy and dismantle the existing monitoring measures, or to examine newly proposed measures for their compatibility with fundamental rights.


These are the oral statements provided by Policy Advisor Tanja Fachathaler on behalf of Eticas Foundation in the plenary (and in informal groups) of the UN during the 4th session of the Ad Hoc Committee on the new Cybercrime Convention.


11.01.2023: Plenary statement on the procedural and law…

Offener Brief anlässlich der Frühjahrskonferenz der Innenminister und -senatoren.


Forderungspaket zum Thema Schutz der Demokratie und der Grundrechte, gemeinsam mit Meine Abgeordnete, Momentum Institut und verfasst und als offenen Brief an die Regierung gesendet. Diese Forderungen werden ebenfalls unterstütz von: Amnesty International Österreich, Attac Österreich,…

Farblich markierte netzpolitische Analyse des Regierungsprogramms 2020-2024


All stories on this topic

This was 2023 from a digital rights perspective: We look back on an eventful year.

The rapid speed at which digital technologies are becoming increasingly connected and penetrate all areas of life also requires constant adaptation of legal regulations. This development also extends to the fighting of crime. Despite existing regulations at the regional level (for example, the…

Even though its effects are very visible, the ePrivacy Directive is hardly known to the wider public. Cookie consent dialogues, familiar to every web user, are often associated with GDPR and widely complained about since 2018. However, they are really a consequence of the ePrivacy Directive's…

The Austrian constitutional court decided on 11.12.2019 that the surveillance law that permits the use of spying software to read encrypted messages violates the fundamental right to respect for private life (article 8 ECHR), the fundamental right to data protection (§ 1 Austrian data protection…