There is concern that the “rushed” nature of the Government’s proposed emergency law to deal with the fallout from convicted murderer Graham Dwyer’s successful European appeal on access to mobile phone data will leave the legislation vulnerable to legal challenges.
The potential for this to have “serious consequences for future cases” is one of a series of concerns raised by the Oireachtas Committee on Justice as it completed an expedited pre-legislative scrutiny report on the Communications (Retention of Data) (Amendment) Bill 2022.
Minister for Justice Helen McEntee had asked the committee to waive this stage in the legislative process as part of efforts to have the Bill passed by the Oireachtas before the impending summer recess. The committee refused, with chairman James Lawless later saying “for us to merely rubber-stamp something as complex as this would be a dereliction of duty”.
A pre-legislative scrutiny meeting was held on Thursday morning and the committee’s expedited report was finalised later in the evening.
Dwyer was convicted in 2015 of murdering Elaine O’Hara. His conviction relied heavily on mobile phone data but the Court of Justice of the European Union ruled in April that Irish rules on the retention and access by gardaí to mobile data were in breach of European law. An appeal by Dwyer against his conviction is likely to be heard in the autumn.
The emergency legislation provides for Garda access to mobile data where it is required for certain kinds of investigations. However, it will present difficulties for murder cases and other serious crimes that do not involve a national security element.
Garda Assistant Commissioner Justin Kelly told the Justice Committee meeting there are expected to be “significant difficulties” with regard to investigating serious crime under the terms of the Bill. He did welcome aspects of the legislation allowing gardaí to seek data in cases of national security, tiger kidnappings, child abductions and in child pornography investigations.
During the meeting Dublin South Central TD Patrick Costello expressed concern that if the legislation is not compliant with a requirement for consultation with the Data Protection Commission, convictions or investigations could be put at risk.
Law lecturer Dr TJ McIntyre of Digital Rights Ireland said he believes the legislation is being “rushed out with manufactured urgency in an attempt to sandbag any proper democratic scrutiny”.
A representative of the Data Protection Commission, Dale Sutherland, said his office had been given the general scheme of the Bill just eight days ago, and he raised a number of concerns with it. He said the department should conduct a data protection impact assessment (DPIA). The committee recommended in its report that this assessment be carried out before the Bill is published.
However, a Department of Justice spokesman said the Minister will not be the data controller under the Bill and the relevant controllers, including the Garda, would carry out the necessary DPIAs. He said the department consulted with the Data Protection Commission in compliance with its obligations, and that this process was ongoing.
Labour TD Brendan Howlin suggested there should be a sunset clause in the emergency law to kick in when the promised, more comprehensive overarching legislation was enacted, and this is another recommendation in the committee’s report.