State agencies target Irish phone and internet records
Up to 10,000 requests for information made annually in Ireland – compared with just 326 for Austria
For example, Ireland stated that of 14,928 data requests granted in 2010, 10,962 related to data under three months old and a further 1,612 requests related to data less than six months old.
In that report, member states varied widely in the number of data requests made.
Eastern and Baltic European countries generally made the largest number of requests, including 130,000 for Hungary, 38,861 for Bulgaria, 289,169 for the Czech Republic, 105,108 for Lithuania, and 34,467 for Latvia.
At the hearing, the Irish State argued that Irish data retention laws were proportionate and that opposition to them is centred on fears of abuse and data breaches.
However the laws had been important in the prosecution of serious crime, the Irish representative said, and struck the right balance between security needs and human rights.
The Irish Human Rights Commission told judges that it felt the ECJ was unusually and exceptionally reliant on local courts to determine whether countries, in their enactment of data-retention legislation, were in compliance with the charter.
It also argued that there must be serious doubt as to whether the directive made a significant difference in the prosecution of serious crime.
Breach of rights
Digital Rights Ireland contended that the directive was in breach of human rights guaranteed in the charter and was disproportionate in its implementation in Ireland. It also argued there was no clear evidence that the directive had improved crime detention and prosecution rates.
Judges at the hearing asked parties about the status of data outsourced to third parties, particularly countries (such as the United States and Canada) that had signed up to Safe Harbor agreements to handle European data with regard to greater EU protections.
According to a summary of the hearing from the European Digital Rights Institute (EDRi): “Thirty-six per cent of the retained data is subject to outsourcing and the third largest provider is based in a third country operating on the basis of the Safe Harbor agreement.”
Whether European citizen data held outside of Europe could come under surveillance under the US’s own laws has been a subject of contention between the EU and US following the revelations about the Prism surveillance programme by whistleblower Edward Snowden.
The representative for the EU Commission was unable to provide an answer to this issue to judges at the hearing.
The Irish State representative noted that all the Irish phone operators stored data within the EU and one within the UK, subject to Safe Harbor.
An opinion on the case will be provided by the European Union’s advocate general on November 7th. Regardless of the outcome, the original case will return to the High Court in Ireland to determine if Ireland’s implementation is constitutional.