Irish Data Retention Bill published

By EDRi · July 15, 2009

This article is also available in:
Deutsch: [Irisches Vorratsdatenspeicherungsgesetz veröffentlicht|]

On 6 July, the Communications (Retention of Data) Bill 2009 was
presented to the Irish Parliament. The Bill is intended to implement the
Data Retention Directive and if enacted will establish a two year retention
period for telephone data with a one year retention period for Internet and
email data.

State access to the retained information will be available in respect of
serious offences (generally those punishable by five year or more
imprisonment and including revenue offences), saving of human life or
safeguarding the security of the State. Access will be on the basis of
internal authorisation within the police, revenue and army authorities with
no judicial authorisation will be equired. There is no provision for cost

Supervision for the scheme will be provided under the existing Irish
surveillance regime: a Designated Judge of the High Court will keep the
scheme under annual review and a Complaints Referee (a judge of the Circuit
Court) will be available to investigate complaints from individuals whose
data has been wrongfully accessed.

The proposals in the Bill have been criticised, especially in comparison
with the implementation of the Directive in other member states. There is no
criminal sanction for unauthorised access to the majority of this data, nor
for failure to store the data securely. Evidence obtained in breach of the
provisions of the Bill is not made inadmissible. The Bill appears to end
anonymity for pay as you go mobile phones by the back door – despite similar
domestic proposals having been defeated recently. In addition, the quality
of the supervision regime is poor; the annual report of the Designated
Judge, for example, consists every year of three uninformative paragraphs.
Remarkably, the Bill provides for submission of statistics to the Commission
only and does not provide for disclosure of that information to Irish
citizens or members of parliament.

Business will also be concerned by the vague nature of the obligations
imposed. For example, the Bill simply repeats essentially verbatim the
definition of “service provider” from the Directive, and imposes a data
retention obligation on any “person who is engaged in the provision of a
publicly available electronic communications service or a public
communications network by means of fixed line or mobile telephones or the
Internet”. It is not clear from this definition whether e.g. private
messages sent via a social networking site would be covered. The Bill also
imposes unnecessary duplication on business: where several providers are
involved, all will have to retain data (where in the UK for example there is
provision to exempt downstream ISPs where the upstream ISP is retaining

Carol Coulter, “Bill allows Garda access to internet and phone data”, Irish
Times (14.07.2009)

Michael Brennan, “True extent of State’s phone tapping could remain secret”
, Irish Independent (14.07.2009)

Communications (Retention of Data) Bill 2009

Eoin O’Dell, “Thoughts on the new Data Retention Bill” (14.07.2009)

Daithi MacSithigh, “More Thoughts on the Data Retention Bill” (14.07.2009)

(Contribution by TJ McIntyre, EDRi-member Digital Rights Ireland)