A senior judge has warned of the need for urgent action to revise a 2011 law that allows State agencies to access people’s phone and internet records, more than a year after a former chief justice found it amounted to mass surveillance of the entire population.
Appeal Court judge Marie Baker published her annual report on compliance with the provisions of a 1993 law on the interception of phone calls, and with the 2011 legislation that allows An Garda Síochána, the Revenue Commissioners and the Defence Forces to access phone and internet records.
The circumstances where records may be accessed under the Communications (Retention of Data) Act 2011 include for the investigation of serious offences and tax offences, for safeguarding the security of the State and to save human life.
The Court of Justice of the European Union (CJEU) found in a case taken by the privacy lobby group Digital Rights Ireland in 2014 that the EU's data retention directive, given effect in the 2011 national law, was illegal.
Series of changes
In October last year, former chief justice John Murray published a review of the operation of the 2011 Act and confirmed it was in breach of European law. He recommended a series of changes to the current legal framework, which he said was "universal and indiscriminate in application and scope".
It is clear that the law as it stands is in breach of European fundamental rights law
In her report, Ms Justice Baker said she was satisfied there had been "no unexplained increase in the number of warrants or an overzealous use of the powers in the Acts".
But she said that while the “procedural and substantive” guarantees provided for in the law were “properly observed”, there was “urgency in respect of the revision of the substantive provisions of the 2011 Act, as already suggested in the Murray report”.
The judge noted the CJEU's finding in the Digital Rights Ireland case that the EU's 2006 data retention directive was invalid. In the subsequent Tele2 case, the court had given "some more insights in relation to the compliance with privacy and data protection rights of national data retention legislation".
Ms Justice Baker said that she, as the designated judge, was now in “a somewhat difficult position in regard to the 2011 Act as a result of these determinations regarding the substantive foundation of the legislation”.
The chair of Digital Rights Ireland, Dr TJ McIntyre, said he welcomed that Ms Justice Baker had taken “a more critical and less formulaic approach to her role in supervising the legislation than her predecessors”.
“She has also given in a prior report in 2017 significantly more transparency regarding the operation of the law.
“Nevertheless, it is clear that the law as it stands is in breach of European fundamental rights law and without legislative reform, adequate resources and technical expertise the role of the designated judge is insufficient to ensure effective protection,” Dr McIntyre said.
He said it was “scandalous” that the State continued to ignore the clear conclusions of the former chief justice that Irish surveillance practices constituted an illegal form of mass surveillance.