ECJ adviser’s opinion on Dwyer data could have huge implications

Retention of phone location data only permitted for serious national security threats

The ECJ adviser said general and indiscriminate retention of electronic communications traffic and location data is permitted only where there is ‘a serious threat to national security’. Photograph: iStock
The ECJ adviser said general and indiscriminate retention of electronic communications traffic and location data is permitted only where there is ‘a serious threat to national security’. Photograph: iStock

The Supreme Court will be left with little room to manoeuvre if the European Court of Justice (ECJ) endorses its legal adviser's opinion on the far-reaching challenge by convicted murderer Graham Dwyer over Ireland's mobile phone data retention regime.

That’s the view of data protection experts after an opinion from an advocate general, a senior judicial adviser to the ECJ, firmly confirmed the court’s case law that general and indiscriminate retention of electronic communications traffic and location data is permitted only where there is “a serious threat to national security”. That “does not include the prosecution of offences, including serious offences”, the opinion says.

Because Irish law permits general retention for two years, it does not comply with EU law, the opinion states. It also says access by the competent national authorities here to retained data does not appear to be subject to prior review by a court or independent authority, as required under EU law, but rather to the discretion of a Garda of certain rank.

The Supreme Court will have to decide whether that meets the requirement of prior review and independent authority, the opinion states.

READ MORE

In a further blow for the State, the opinion reiterates that a national court cannot limit in time the effects of a declaration of illegality of domestic legislation incompatible with EU law.

The time issue is crucial because the State has relied on a 2011 law, based on a 2006 European directive struck down in 2014 by the ECJ, in accessing and retaining data for many prosecutions.

The opinion has potentially huge implications for the battle against serious crime in Ireland and all EU member states.

While the opinion is not binding on the ECJ, it appears unlikely, given its case law since 2014, the ECJ’s final judgment will not be in line with the opinion.

However, legal sources caution that the ultimate ECJ and Supreme Court decisions on Dwyer’s data appeal may not be determinative of his separate appeal against his murder conviction.

“The Court of Appeal will decide on the admissibility of the phone evidence, there is other evidence beyond phone evidence and the ultimate decision on whether or not the conviction is safe will be for the appeal court,” one source stressed.

Mobile phone data played an important role in securing Dwyer’s 2015 conviction for the murder of childcare worker Elaine O’Hara in August 2012.

In 2018, the High Court upheld Dwyer's claim that the 2011 Irish law under which the metadata was held breached EU law. The Irish law was based on a 2006 EU directive on data retention struck down by the ECJ in 2014, in a case by Digital Rights Ireland, on grounds the universal and indiscriminate retention of mobile phone and internet data breached privacy and data protection rights.

The High Court held the 2011 law was contrary to EU privacy law because it allowed for indiscriminate data retention without adequate safeguards, including a prior independent overview of data access requests.

The State appealed to the Supreme Court which referred issues of EU law to the ECJ.

The ECJ’s judgment on those and similar issues in cases referred by the German and French courts is expected within months.

Last October, in its judgment on two separate cases, the ECJ confirmed that EU law precludes national law requiring an electronic communications services provider to carry out indiscriminate transmission or retention of traffic and location data for combating crime in general or safeguarding national security.

It provided for derogations allowing member states, where there is a “genuine” national security threat, to allow for time-limited indiscriminate retention of data and for targeted and expedited data retention for combating serious crime and preventing serious threats to public security.

Such interference with fundamental rights must be subject to effective safeguards and be reviewed by a court or independent authority, the ECJ said.

Following the October judgment, the ECJ asked the Supreme Court whether it still wanted an answer to the questions referred in the Dwyer case. The Supreme Court said it did.

The advocate general’s opinion trenchantly confirms the ECJ position as outlined in the October judgments and earlier case law and effectively amounts to: “We told you so.”

The effect is that the Supreme Court has been left with little room to manoeuvre when finally determining Dwyer’s appeal, a data expert believes.

“The Attorney General has asked the Supreme Court to interpret European law on this matter when what the Supreme Court must do is apply that law.”