Skip to main content

State’s approach to data privacy is a national scandal

By: 
TJ McIntyre - Irish Times

So deep are the problems that actions for damages may be brought and convictions quashed

It’s not every day that a Minister for Justice issues a report describing their department as operating a universal, indiscriminate and illegal system of mass surveillance. Yet that is precisely what happened last Tuesday with the publication of a damning report by retired chief justice John Murray, which found that Irish surveillance practices fail to comply with European law.

The background dates from January 2016, when it emerged that Gsoc had been accessing journalists’ phone records (without a clear legal basis) in order to identify their sources within An Garda Síochána. In response, then Minister for Justice Frances Fitzgerald appointed the former chief justice to examine the legal framework around State access to journalists’ communications data - a remit he interpreted widely to include the underlying “data retention” law.

That law – the Communications (Retention of Data) Act 2011 – forces telephone companies and ISPs to log details of everyone’s communications and movements and to store that information for up to two years. In Murray’s words it constitutes “a form of mass surveillance of virtually the entire population of the State, involving the retention and storage of historic data, other than actual content, pertaining to every electronic communication, in any form, made by anyone and everyone at any time … In essence this means the retention of all communication data not going explicitly to content: in other words, data pertaining to such matters such as the date, time and location of a telephone call.”

Vast store of personal info

The impact on the privacy of individuals is clear. As the report puts it, “a vast amount of private information pertaining to the personal communications of virtually everyone in the State is now retained without the consent of those affected … Although routinely referred to in anodyne terms as ‘data’ or ‘retained data’, this vast store of private information touches every aspect of an individual’s private and professional communications profile over a lengthy period.”

 

By providing for universal rather than targeted surveillance the system falls at the first hurdle

Despite the intrusiveness of this system, Murray found that in almost every regard it fails to meet standards articulated in a number of recent judgments by the European Court of Human Rights and the European Court of Justice.

Some of the main problems can be summarised. By providing for universal rather than targeted surveillance the system falls at the first hurdle: the report noted that European case law “effectively sweeps the ground from under wholly indiscriminate mass surveillance schemes of the kind established by the 2011 Act”.

In the same way, the report found that Irish law fails to meet European standards by allowing for communications data to be accessed based purely on internal procedures within An Garda Síochána, without any court approval and without any protections for journalists’ sources. Even the basic matter of keeping this sensitive data secure was flunked: according to the report “the approach to data security [under the 2011 Act] can, at best, be described as nonchalant”.

Indeed, in a remarkable postscript, Murray said that because “many of the features of the [2011 Act] are precluded by EU law”, State agencies should consider whether they should continue to access data “pending the final resolution of issues pertaining to the status of the Act and/or any amending legislation conforming with EU law and obligations under the ECHR”. Translated from the polite language of the judiciary, this is a strong warning that Irish law is so deficient that it is dangerous to rely on it any further.

Scandalous lag

The report was delivered to the Department of Justice in April this year and its tone and implications clearly spurred urgent action in the following months. Alongside the report, the Minister has published a general scheme of a Bill to replace the 2011 Act, which addresses most (though not all) of the criticisms made by the former chief justice.

While the Minister must be commended for producing a draft Bill that genuinely engages with privacy issues, it is scandalous that it has taken this long to do so. The department has sought to spin its actions as a response to “recent evolving case law” coming from Europe. It is true that the European courts have become stronger on privacy issues in recent years, particularly after the Snowden revelations, but the reality is that the fundamental rights problems with data retention schemes have been clear for over a decade.

Irish journalists and citizens have been exposed to illegal surveillance, and prosecutions brought on the basis of illegally obtained evidence

In 2005 the civil rights group Digital Rights Ireland started High Court proceedings challenging Irish and European data retention laws; in 2010 the High Court agreed that the case “raised important constitutional issues”; in 2014 Digital Rights Ireland succeeded in part of that case before the European Court of Justice; and the case has since returned to the High Court for a full hearing. Each of these developments should have prompted reform; instead, successive ministers – including Dermot Ahern, Alan Shatter and Frances Fitzgerald – adopted the ostrich position.

The result of this delay is that Irish journalists and citizens have been exposed to illegal surveillance, and prosecutions brought on the basis of illegally obtained evidence. Unfortunately it is possible that claims for damages may be brought against the State and convictions may be overturned as a result. If so, the blame for this will lie squarely with the Department of Justice and successive ministers.

  • Dr TJ McIntyre is a lecturer in the UCD Sutherland School of Law, solicitor with FP Logue Solicitors and chair of Digital Rights Ireland
Posted Date: 
8 October 2017