Are we turning a blind eye to the data retention issue?

5 Apr 2011

As some 20 internet companies, including Google, eBay and Facebook, file a complaint with the highest judicial body in France against a decree obliging them to keep users’ personal data for a year, why hasn’t there been a similar hue and cry in Ireland, where such data has to be retained for up to two years?

French Association of Internet Community Services (ASIC) is bringing the case before the State Council of France.

The companies are protesting a decree that obliges e-commerce firms, video music sites and online email services to retain users’ full names, postal addresses, pseudonyms, associated email addresses, phone numbers, password and other data.

The companies must retain the data for a year and must yield the information during an enquiry by the police, fraud office, customs, tax or social security authorities.

Ireland’s interpretation of an unpopular EU directive

However, in Ireland it seems we have decided to go with an even more thorough interpretation that requires ISPs and telcos, in particular, to retain user data for two years.

The Communications (Retention of Data) Act 2011 was signed into law in January. The Act requires telephone service providers to retain telephone data for two years, and internet data to be retained by internet service providers for 12 months. 

The Act, which transposes into law the controversial EU Data Retention Directive passed in the European Parliament in 2006, will enable a member of An Garda Síochána not below the rank of chief superintendent to instruct an ISP to hand over data as part of a criminal investigation.

The bill was tabled in 2009 by the then-Justice Minister Dermot Ahern TD, who said the purpose of requesting such information could be to prevent serious crimes, safeguard the security of the State and save human lives.

It will also allow an officer of the Permanent Defence Forces not below the rank of colonel to request data, such as email, IP addresses, text messages, etc, in the interest of national security.

Revenue tax officers not below the rank of principal officer may also request such data while investigating and prosecuting specified revenue offences.

For a country with such an astonishing array of internet companies of the calibre of Google, Facebook and eBay based in Ireland, it’s therefore surprising that a similar stance hasn’t been taken in Ireland as has been taken in France?

The wisdom of the passing of such laws – whether enlightened or draconian – will be telling in the months and years ahead, as evidence gathered as a result of the Act will play a role in cases.

Freedom of speech advocates and defenders of civil liberties – not to mention the telcos and ISPs who have to retain such data – may consider it draconian.

However, time will tell whether our interpretation of the controversial EU directive has been over-zealous or whether lives will be saved or justice served as a result. Let’s hope the system is not open to abuse or invasion of privacy.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years