The European Court of Justice held that the EU Data Retention Directive (2006/24/EC) is invalid. The ECJ found that even though the Directive’s requirement that communications providers retain non-content communication data for 6 to 24 months serves legitimate public safety interests, the interference with privacy rights is not proportional to the interests served. The court noted in particular that the retention requirement extends to the communications of people not suspected of any serious crime, sets no limits on the access to or use of the data by national authorities, does not provide for sufficient safeguards to protect retained data against unlawful access and use, and does not require that the data be retained within the EU. One can only imagine what the ECJ would say about the telephony metadata program in the United States. Indeed, the opinion almost seems to have been written to draw a stark contrast with the U.S. approach to lawful access to communications data. In that, the ECJ surely succeeded. But given the problems the court had with the Directive, it is difficult to imagine what new legislation the EU could adopt that would come close to serving law enforcement’s need to access communication metadata.