The score on data retention

NET RESULTS: Ireland has been given a privacy red card for "systemic failure to uphold safeguards", according to a survey by Privacy International.

The London-based watchdog has for a decade produced an annual privacy league table of nations by examining reports and speaking to experts in privacy, including officials in charge of protecting privacy, academics, activists, journalists and researchers.

On a scale of one to five, Ireland scored 2.5, due almost entirely to its poor record on data retention (retaining and storing personal data relating to phone calls, and soon to be expanded to e-mail and web usage) and flimsy Government leadership.

This is the second year in a row Ireland has retained such a dismal score, only half a mark above being classified as an "extensive surveillance society".

Irish privacy experts believe the grade should have been lower, as Ireland wasn't evaluated on the key point of the use of CCTV surveillance.

Not enough data seems to have been available to the researchers, but privacy advocates such as Dr TJ McIntyre, law lecturer at UCD and chairman of Digital Rights Ireland, note that we should have received a thumbs down in this area.

Ireland has no legislation regarding the use of such cameras and the data they produce, who can access footage and for what purpose.

In addition, the Department of Justice has waged a low-key campaign to install the cameras in neighbourhoods.

We do not have anywhere near the amount of CCTV monitors as the UK, which is officially the most monitored nation in the world and has the ignominy of coming in as the worst nation for privacy in Europe.

Internationally, it scrapes in just above China, Russia and Malaysia.

We do not have the aversion that Americans have to such cameras, and the indications are that we are slowly working towards sticking these 24-hour monitors into private neighbourhoods as well as public places, as in the UK.

However, Ireland's shame is that, while we score relatively well in some areas - for having a comprehensive privacy law, having protections against exposing suspected internet file-sharers and having a constitutional right to privacy - we are appalling on data retention.

We have one of the longest retention regimes, with no restrictions on how and when such data can be accessed and used.

With more than 10,000 requests already made for call data by gardaí in less than 18 months, one wonders what this Michael McDowell-era legislation is actually being used for. It is hard to imagine that access is restricted to cases involving the most serious crimes and terrorism - as promised by the former minister for justice (who nonetheless introduced data retention without any restrictions). Hence we score one out of five in this key area.

The other aspect in which the report highlights our shortcomings is in leadership on privacy. Again, we receive one out of five, right down there with China and Russia (Malaysia actually gets two).

This rating will have come from two actions in particular.

One is the continuous, surreptitious and successful attempt by the Government, under McDowell's direction, to bring in one of the most odious data retention policies in the world. A government cannot be more secretive than to do as it did: impose data retention while hiding that action for months from its citizens by sneaking it in through a secret Cabinet decision.

As privacy organisations worldwide said when it was revealed, this underhanded move remains unrivalled in any other democracy.

Yet the Government, after promising data retention would be introduced as a separate Oireachtas Bill following threats from the Office of the Data Protection Commissioner, instead pushed it through as a last-minute amendment to another Bill in a mostly empty Dáil, with no restrictions on how data can be used.

But it wasn't enough that the Government inflict this upon its own citizens.

The other failure of leadership that brings us such a miserable score in the report is the fact that the Republic then joined with the UK, France and Sweden and try to push through data retention on an EU-wide basis. Hence we now have an EU directive mandating that the State also retain e-mail and web usage information alongside call data.

Other pressures on privacy highlighted in the report are the State's plans to introduce automatic number-plate recognition and a public services card that will link to reams of personal data for every citizen.

In other words, it doesn't look like our score on privacy is going to improve in next year's report. Indeed, if more accurate information on CCTV schemes is included next year, we will slide further down the scale even if everything else remains the same.

A summary of the report is available at http://tinyurl.com/3bt4a4. For the full report on Ireland go to http://tinyurl.com/yuc4zs.

weblog: www.techno-culture.com