The judgement is a sequel to an objection by Ireland and Slovakia that the grounds on which the directive was based did not concern the workings of the internal market, but were more properly related to the investigation, detection and prosecution of crime.
Privacy advocates and many internet service providers were hoping the court would annul the directive, which the European Council passed on 21 February 2006.
The court said early on that the Irish action related solely to the choice of legal basis and not to privacy issues.
The court noted that even before the directive, several EU members has passed laws to get communications service providers to keep data. These differed substantially, particularly regarding the type of data retained and the retention periods, the court said.
The court held that having to keep the data had "significant economic implications" for service providers as they faced extra capital operating costs to comply.
"It was entirely foreseeable that member states which did not yet have such rules would introduce rules which were likely to accentuate even further the differences between the various existing national measures," the court said.
These differences would have had a direct impact on the functioning of the internal market, and that therefore the council was justified in safeguarding the proper functioning of the internal market by harmonising the rules.
The court also found that the directive was essentially limited to the activities of service providers and did not govern access to data or its use by the police or judicial authorities.
"The measures provided for do not, in themselves, involve intervention by the police or law enforcement authorities of the member states," it said. "Those issues, which fall in principle within the domain covered by police and judicial cooperation in criminal matters, have been excluded from the provisions of the directive. The court therefore concludes that the directive relates predominately to the functioning of the internal market."