There has been a critical evaluation of the effectiveness of the Data Retention Directive. In the wake of major terrorist attacks telecoms companies were require to keep personal data for a period, determined by national governments, of between six months and two years. Member states had interpreted the Directive differently, making some national laws inconsistent with others. Telecoms providers were reimbursed differently across Europe for the cost of retrieving data. The Directive does not guarantee that data is stored, retrieved and used in full compliance with the right to privacy and protection of personal data. This has led courts to annul the legislation in some member states. The Commission will review the current data retention rules in consultation with the judicial, law enforcement and data protection.