Journalists, this GSOC story isn’t all about you, you know

The media didn’t bother to scrutinise what was happening when it was about everyone else – this story is still about everyone else

All the hand-wringing from journalists, unions and media companies – even politicians and ministers – over the GSOC’s accessing of journalist’s call records? Oh, please. What wilful ignorance, mixed with blatant hypocrisy.

Where have you all been for the past decade and a half, as successive Irish governments and ministers for justice supported and then rammed through legislation for mandatory call data retention for one of the longest periods in the world, with some of the weakest legal constraints and oversight?

And this, only after it turned out the State had expected telecommunications companies to hold such data for seven years, with no oversight whatsoever, outside any legislative framework?

Only because successive data protection commissioners threatened to stop any call data at all from being retained, did the government shamefully sneak through legislation in the form of an amendment to unrelated legislation, before a near-empty Dáil chamber a decade ago.


This however failed to raise the interest of journalists, media companies or unions, even when it was pointed out by privacy advocates here and internationally, that journalists themselves should be deeply concerned. Call data are highly revealing and could expose sources and whistleblowers.

But you either didn't notice or care that call data retention for long periods of time, with farcical levels of oversight (in its entirety, a one-page annual document, signed by a judge), effectively constitutes mass surveillance on the entire population of Ireland, children included.

And now you’re alarmed, but only because your own records are involved, and your own industry. Even now, the GSOC story continues to be played out primarily as a media issue. Colleagues: this story is only about you because you didn’t care. You didn’t bother to scrutinise what was happening when it was about everyone else. This story is still about everyone else. And that is where your primary focus should be.

Thankfully, even though nearly all failed to consider this a story to cover, or a concern to raise,the tiny privacy organisation Digital Rights Ireland recognised the grotesque level of privacy violation – an entire national population under surveillance on the basis that all were potentially guilty until proven innocent.

It took a constitutional case on behalf of the Irish people. That case was referred on the European Court of Justice (ECJ), which in 2014, threw out the entire EU data-retention directive, the basis for current Irish law, despite pleadings by the Irish Government.

The justices stated the directive was a gross violation of citizen rights under the EU Charter of Fundamental Rights. They condemned the blanket mass gathering of people’s data; the holding of it without clear regard for security and privacy; the inadequate judicial oversight; the weak constraints of access; the failure to inform individuals when their data was accessed. In short, pretty much everything you seemingly have only just discovered about Irish data retention, your call records and the GSOC’s ability to access them.

And, while banging on about your own records, you’ve failed to notice the much bigger questions raised by your case. Questions which confirm this issue is – please! – not all about you, but about the country and its people.

First, you need to understand there are two issues here: data retention first, then access. Retention continues here under legislation that was deemed invalid two years ago. Since the ECJ decision, this Government has failed to introduce new legislation to meet the court’s concerns.

So on what grounds does the Government continue to retain data? Did you hold it to account? No. On what grounds does it still provide access – which the ECJ has stated is unlawfully lax – to the Garda, Revenue, the Defence Forces and, apparently, the GSOC?

Second: under the former directive and current Irish law, the maximum period for retaining data is two years. The cases under investigation, such as the death of Katy French, extend back much further than that. On what grounds has data been retained for years longer than is lawful? If a collective oversight by Irish telecommunications companies, this is an egregious breach of Irish and EU data protection law.

Third: why is the Minister of Justice bothering to have retired Chief Justice John Murray investigate the narrow matter of journalists’ call records, when the problem – as pointed out to the Government by the ECJ in 2014 – is the still-in-place Irish data retention and access regime and its unlawful overreach on the entire Irish population?

The Digital Rights Ireland case against the Government – which continues because the Government has done nothing to respond to the ECJ ruling – returns to the High Court on February 15th.

Meanwhile, the only reason we are where we are now – why the GSOC could access retained call data of journalists in the first place – is because for more than a decade, the vast majority of the media, of politicians, of unions, of organisations that should have cared and acted, decided this appalling level of surveillance and access wasn’t important. At least, not when it related to everyone else.