One of the most commonly applied measures to combat terrorism is a mechanism of telecommunications data retention. Serious doubts regarding its intrusive nature were raised. State authorities being in possession of traffic and location metadata may monitor social behavior of individuals, detect sources (journalism) or political opponents. Our paper explores constitutional limits for legislative interference in privacy and freedom of communication in EU Member States. Data retention law was introduced in the EU by the directive 2006/24/EC. In 2014 the directive was declared invalid by the ECJ. Between 2009 and 2016 data retention laws of 11 EU Member States were declared unconstitutional. We will analyze this case law and assess whether a common European standard for privacy protection in the digital age has been developed. We will also explore whether in times of a constant threat of terrorism and widespread surveillance, privacy is still protectable or whether it still exists at all.