The Sky elliptic-curve cryptography (Sky ECC) operation is a prime example of a data-driven investigation. The collection of approximately 1 billion messages from 70,000 phones paved the way for hundreds of criminal investigations, resulting in numerous convictions in the Netherlands and Belgium alone. This article addresses how the Sky ECC operation interferes with the right to privacy and the right to a fair trial. We examine whether or not, and on what terms, there is a future for data-driven criminal investigations. Our main research question is therefore how data-driven criminal investigations can be (better) regulated in order to be in line with case law of the European Court of Human Rights. To answer the research question, the main characteristics and legal criteria for data-driven investigation are identified. These criteria derived from the right to privacy and the right to a fair trial. Finally, we examine the impact of a violation of these criteria for the use of evidence in criminal proceedings. The research uncovers a disconnection between data protection regulations and criminal procedural law. It highlights that practitioners concentrate primarily on the collection phase, governed by criminal procedural law, whereas the most urgent questions relate to the respect of data protection law and the right to a fair trial. This finding suggests an ongoing discourse relating to the transparency of data-driven criminal operations like Sky ECC and the need to address concerns regarding the reliability of evidence.