Back door policy for data retention wrong

Net Results: Remember the Department of Justice's proposed Bill on data retention? The one vehemently opposed by privacy and…

Net Results: Remember the Department of Justice's proposed Bill on data retention? The one vehemently opposed by privacy and civil rights advocates as well as a wide swathe of businesses in this State?

That would be the Bill proposing that all the traffic data about every phone, mobile and fax call, and perhaps email and Web surfing information, be held for a minimum of three years. The one already secretly semi-implemented by a Cabinet direction more than two years ago, causing data protection commissioner Joe Meade to threaten the Government with a High Court review over its constitutionality.

Well, the Bill's not going to happen. But before you go out for a celebratory pint, be aware that the proposal is still on the table. It's just that now, as with the citizenship amendment to the Constitution, the Department of Justice wants to pass the buck of responsibility, letting it appear as if some external force is asking it to do its dirty work.

The Department sent out letters (seen by The Irish Times) to the people, groups and companies involved in its consultation process on the Bill - now 26 months delayed beyond when it was promised - telling them that it would wait for a proposed directive on data retention to come from the EU, rather than introduce a Bill domestically.

READ MORE

It was, of course, this very State, during our EU presidency, that proposed just such an EU directive - one that was immediately condemned by European businesses, business organisations such as the International Chambers of Commerce based in Paris, and privacy advocates.

A cunning plan, then. The Irish Government proposes the directive for the EU, and if the EU does as it would hope and brings in a directive, the Department of Justice can then duck criticisms of its own policy in support of such legislation here - although it has failed to produce even the heads of a Bill in two years, nicely keeping its intentions out of the public and Oireachtas eye.

The problem, as Mr Meade argues in materials obtained under the Freedom of Information Act, is that, in May 2002, the Cabinet secretly brought in a direction that data traffic information for all phone, mobile and fax calls made in the Republic be retained for three years.

Such a comprehensive order affecting the personal data of the entire nation must be mandated through the Oireachtas, as the democratic representative of the people, according to the Constitution.

And one problem for the Government, if it tries to use the responsibility opt-out clause of waiting for an EU directive on data retention, is that any such directive is unlikely to emerge from Brussels for at least 12 months.

And then it must be enacted into law here, never a swift process.

But the secret Cabinet direction expires next May. Any extension is sure to require Oireachtas approval or the Government could find itself in the High Court.

Oireachtas approval seems unlikely unless a proposal to deal with this question is introduced in the autumn for broad discussion. Many in the Oireachtas may be of the data protection commissioner's mind, which is that such data need not be retained beyond six months.

If the extension is not approved, technically no telecoms provider could continue to operate as they would not be authorised to retain data even for billing purposes, and the Garda could not use any retained data for criminal investigations.

Why? Because we have data protection legislation in place which says that data can only be retained for six months for billing purposes, not three years. And the State has never clarified the protections placed upon such data for other uses such as police investigations.

A crisis over the legality of the operators retaining call data for seven years, first revealed by The Irish Times back at the end of 2001, is what highlighted the legislative limbo over call data in the first place. The then-government's way of dealing with this issue was the secret direction, which goes to the heart of questions over how the personal data of people - citizens not accused of doing anything illegal - should be protected.

Data retention is based on the notion that, while you may not have done something illegal now, you might commit a crime tomorrow. It is useful to have as much information about you as possible just in case you do something which requires investigation.

If you believe this to be a reasonable argument, then why not walk down to the local Garda station and hand over your house keys? After all, you haven't done anything mean and nasty yet but who knows what you might get up to down the line, when the gardaí might find it helpful to search your house.

You don't need to hand over your keys because personal privacy, and presumed innocence until a trial has found otherwise, are basics of democratic societies.

Therefore, data retention is an issue the Government should stop hiding from public view, and immediately place before the Houses of the Oireachtas for public discussion, rather than trying to blame its own secretive intentions on EU policy.

Karlin Lillington

Karlin Lillington

Karlin Lillington, a contributor to The Irish Times, writes about technology