:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/PV2SHIDJINGSVMGZX5G65IRWHA.jpg)
:quality(70)/s3.amazonaws.com/arc-authors/irishtimes/2a429887-bb72-4814-bd40-0cbf79fe8d51.png)
For more than 20 years, I’ve written about the inane, disconnected, legally presumptuous approach by successive Irish governments to data retention — the gathering and storing of everyone’s communications data for possible law enforcement use down the line.
But the Department of Justice’s unseemly rush in recent weeks to shove through a questionable piece of “emergency” data retention legislation really takes the Irish Data Retention Facepalm Index to new heights of “Wait, what?”
The legislation is intended to fill a gap created by the Court of Justice of the European Union’s decision in April on an appeal taken by the legal team of convicted murderer Graham Dwyer, arguing that communications data evidence used to convict him was obtained illegally by gardaí.
Illegally, because the State has failed to implement the court’s landmark decision in the 2014 Digital Rights Ireland (DRI) case, in which DRI argued that Ireland’s data retention scheme, based on the 2006 EU Data Retention Directive, was legally wanting.
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/3DN35QFLGVCBVFJU6GLV3HCBFI.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/3HZMXHOHZRB2RNX6AOKKJ2QHLY.jpg)
In a far-reaching decision that has provided a foundation for EU data protection and privacy-related cases since (such as the Schrems cases), the European court declared the entire directive invalid. Alas, successive Irish governments have chosen to ignore this most inconvenient legal fact.
“To this day, the Irish government continues to base their legal defence of the Irish Data Retention regime on the Data Retention Directive the [court] nullified eight years ago,” writes Simon McGarr of McGarr Solicitors, which represented DRI before the court. His comments are part of a very useful overview, National Surveillance: The Rush Job, which he has written this week in his newsletter, The Gist, to explain what’s behind this latest legislative proposal for a stopgap measure to enable data to be gathered before more considered permanent legislation is drafted.
But it’s a big conceptual struggle to try to understand why the Department of Justice has taken the steps it has. If you were trying to come up with a legislative figleaf to cover Ireland’s already overly exposed data retention embarrassing bits, unveiled twice now by the European court, no one in their right mind would have started with the legislative (mis)moves of recent weeks.
“After all these years of inaction, the Department of Justice suddenly produced an emergency piece of legislation last week,” writes McGarr. “It was such an emergency that they hadn’t even published the Bill while the Oireachtas Committee was doing a truncated prelegislative scrutiny. As Thomas Pringle TD pointed out, the proposed timelines were so absurd that they had, quite literally, two minutes remaining to introduce amendments to a Bill they hadn’t seen, while they were still in committee meeting.” The Data Protection Commissioner’s Office also had no chance to look at it.
Democratic deficit
So, on legislation that effectively bestows a degree of state public surveillance, the Department of Justice’s original intent was to dispense with the normal hearings in which informed parties could offer perspective. You know, the “democracy” part of lawmaking that helps the Oireachtas to look more closely at legislation that affects every single citizen in the State.
You couldn’t make it up. Except, of course, some conclave of civil servants and politicians actually did. It’s a mockery of some of the key points on which the European court found the 2006 directive and Ireland most lacking in its previous decisions.
These included “interference” with “fundamental rights” to data protection and privacy that the court found “particularly serious”, particularly “the fact that data are retained and subsequently used without the subscriber or registered user being informed [which] is likely to generate in the minds of the persons concerned the feeling that their private lives are the subject of constant surveillance”.
The 2014 decision and the Dwyer case outlined how the 2006 directive and then Irish law failed to provide adequate scrutiny, oversight, redress and proportionality.
In 2014, the European court concluded the former directive, and thus Ireland’s implementation of it, “entails a wide-ranging and particularly serious interference with … fundamental rights in the legal order of the EU, without such an interference being precisely circumscribed by provisions to ensure that it is actually limited to what is strictly necessary”.
And yet none of this was worrisome enough to drive any response for eight years, until the current, open-ended, hyperspeed legislation that the department initially decided no one, including the Oireachtas Justice Committee, should have adequate time to read or respond to, with no outside views necessary.
When the Department of Justice ultimately agreed to a day of hearings, DRI chairman TJ McIntyre told the committee that the legislation was being “rushed out with manufactured urgency in an attempt to sandbag any proper democratic scrutiny”. McGarr exposes many additional, outstanding problems in his Gist article.
Astonishing as it is, yet again, the Irish authorities seem to believe they can whisk into oblivion the facts they dislike, if they only ignore them hard enough. The department’s ongoing moves around data retention seem a self-destructive attempt to provoke — oh please no — a third case referral to the European court.
But, yet again, here we are.
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/sandbox.irishtimes/GW3FWAURWFGM7FF4RMYJLBG7ZI.png)