The draft Bill on data retention shows again that the Government has a narrow regard for citizen privacy and little intention of moderating its aggressive stance on the storage of revealing phone, mobile, e-mail and internet usage records. This important Bill is intended to clarify the situations in which gardaí may access electronic data records and the procedures for doing so. It addresses the obligations of internet and phone companies and law enforcement to protect data records from misuse. Such records have provided important evidence in criminal trials and legislation is needed that properly provides for the short-term storage of such records and for law enforcement to have reasonable access to them.
Ireland’s existing – and controversial – data retention law permits unacceptably loose access to data records for even the most trivial crimes. Provisions within the new Bill unfortunately show it to be little more than window-dressing that would allow this situation to continue almost unchanged. The current legislation – passed into law as a minor amendment to a Bill before the Dáil in 2005 – is among the most extreme in Europe and has been repeatedly criticised by Data Protection Commissioner Billy Hawkes. Numerous business leaders, including the past chief executives of Oracle Ireland, Microsoft Ireland and Iona Technologies, have also expressed concern that Ireland’s data retention policies are a potential deterrent to business, especially to inward investment.
In several areas, the new Bill is worse than existing legislation. For example, one clause permits data to be used even when it is obtained outside the very provisions for legal access provided in the Bill. The clause states: “A disclosure request shall not be invalid by reason only of a failure to comply with this section.” Such a clause makes a mockery of one of the basic tenets of democracy: that evidence for police investigations must be obtained within the law.
Another clause appears to allow the Government and the Garda windows of opportunity to conduct activities relating to which data could not be accessed as evidence, even if the activity is later deemed an offence. It states that the Minister for Justice would be allowed to exclude any offence from the application of the proposed Act, subject to approval by the Oireachtas. The Oireachtas could decide to annul such a ministerial exclusion, but “without prejudice to the validity of anything previously done thereunder,” thus permitting any activity done up to that point.
The Bill’s provision for a “referee” to scrutinise how data retention is implemented is welcome. Yet this safeguard is undercut by leaving it up to an individual to determine whether their data has been accessed for an investigation. As data is held by service providers and investigations are secret, how would a citizen ever know whether records have been accessed?
This Bill continues a lamentable Government policy of treating citizens as if they are all potential suspects and creates loopholes for both the State and Garda to obtain data – or hide it – without proper public scrutiny.