Although analyses of CJEI decisions by the legal service of the Council of the European Union are ordinarily confidential, the analysis of the April 8 decision invalidating the Data Retention Directive was leaked. Of particular relevance to the issue of NSA surveillance, the legal service emphasized that the CJEU faulted the Directive for failing to ensure “a particularly high level of protection and security for the data retained” as well as for allowing disproportionate retention and access to data. Para. 17. The analysis then stated that, “The requirement of a high level of protection applies with particular strength in cases where EU legislation foresees mass data collection, storage of the data of a very large number of unsuspected persons and access to and use of such data by law enforcement authorities,” and listed the draft PNR (“Passenger Name Record”) Directive as one such case. Para. 20 & n.3.