On December 21, 2016, the Court of Justice of the European Union ruled in joined cases Tele2 Sverige AB v. Post-och telestyrelsen and Secretary of State for the Home Department v. Watson and Others that EU member states may not impose general and indiscriminate obligations on electronic communications services providers to retain data. According to the press release, the Court found that legislation requiring the general and indiscriminate retention of data does not include a requirement that the data be linked to a threat to public security, and therefore, this type of legislation “exceeds the limits of what is strictly necessary and cannot be considered to be justified within a democratic society, as required by the directive [on the retention of data], read in the light of the Charter [of Fundamental Rights of the European Union].” Nevertheless, the Court clarifies that “the directive does not preclude national legislation from imposing a targeted retention of data for the purpose of fighting serious crime, provided that such retention of data is, with respect to the categories of data to be retained, the means of communication affected, the persons concerned and the retention period adopted, limited to what is strictly necessary.” The Court states that any such requirements for data retention “must be clear and precise and must provide for sufficient guarantees of the protection of data against risks of misuse.” The legislation must also define the circumstances that would allow national authorities to access the data and that access to such data should “be subject to prior review carried out by either a court or an independent body,” except in emergencies. Lastly, “the national legislation must make provision for that data to be retained within the EU and for the irreversible destruction of the data at the end of the retention period.”