In the past decade, European courts have struggled with the challenge of reconciling fundamental rights and security in the digital era. Nowhere has this challenge come to the fore more acutely than in the case of data retention. In its landmark judgment of April 2014 in Digital Rights Ireland, the Court of Justice of the European Union struck down the ill-fated Data Retention Directive. In its subsequent judgment in Tele2 Sverige/Watson, the Court appears to have sounded the death knell for data retention generally. Yet the afterlife of data retention continues to challenge both the courts and legislatures at national and EU levels. This paper argues that, while there is much to admire in the Court of Justice’s robust protection of fundamental rights in its jurisprudence in this field, the case-law also raises unsettling issues about the proper role of the courts and the political organs in this field.