Minister Flanagan publishes new proposals to change Irish data laws

4 Oct 2017

Houses of the Oireachtas, Dublin. Image: EQroy/Shutterstock

The Murray report found that Irish data retention regulations amount to a “form of mass surveillance”.

Former chief justice John Murray issued his report regarding the retention of telecommunications data in Ireland yesterday (3 October), and he described the extent of the country’s current data retention system.

Murray said current Irish law “establishes a form of mass surveillance of virtually the entire population of the state, involving the retention and storage of historic data, other than actual content, pertaining to every electronic communication, in any form, made by anyone and everyone at any time.”

Surveillance of  journalists

“A vast amount of private information pertaining to the personal communications of virtually everyone in the state is now retained without the consent of those affected in databases maintained by each private service provider in fulfilment of its statutory obligations.”

Murray explained that the current Communications (Retention of Data) Act 2011 needs to be changed as it involves retention of information from communications service providers pertaining to text messages, internet use, fixed line and mobile calls, without the consent of those affected.

He added that the surveillance of information from journalists was a major concern as metadata such as location of phone calls made or taken, who people are speaking to, and duration of calls could lead to unmasking of private sources.

The report explained the types of data that could be requested as follows: “The type, source and destination of every communication made, the date, time and duration of each communication, details of the user’s communication equipment, and the location of mobile communication equipment.

“The names and addresses of subscribers and registered users may also be identified, as well as the calling telephone number, the number called and an IP address for internet services.”

Irish law out of step with EU

The European Court of Justice struck down an EU data retention directive in 2014, meaning Ireland’s laws must be altered to comply. At present, the retained records can be accessed if requested by the Irish Defence Forces, An Garda Síochána, anyone with a court order from the Data Protection Commission, and the Competition and Consumer Protection Commission. Individuals can also file a request their own information.

Minister for Justice and Equality, Charlie Flanagan, TD, released proposals for a 2017 Data Retention Bill which would mean the Gardaí and other agencies will only be able to access this information after authorisation from a judge.

Flanagan said: “In particular, I am proposing the introduction for the first time of a system of prior judicial authorisation for access to the communications data retained by service providers in respect of all users in Ireland. It is important to stress that communications data in this context essentially means billing data, not the content of any communication.

“Access to communications data is vital in combating crime and terrorism and I am committed to putting [in] place as a priority, the most effective laws possible to provide for this and also to protect fundamental rights, including privacy. All EU states will have to have regard to the evolving legislative landscape and I want Ireland to be in the vanguard.”

Draft bill omits key recommendations

The draft Retention of Data Bill 2017 does not, however, contain other key recommendations from the Murray report, like special protections for journalists and the creation of an independent monitoring body.

Murray has recommended that only a High Court judge should deal with requests involving members of the press.

Both the draft legislation and the Murray Review have been referred to the Oireachtas Justice Committee for consideration.

Houses of the Oireachtas, Dublin. Image: EQroy/Shutterstock

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects

editorial@siliconrepublic.com