Ms Helen Dixon:

The Deputy is correct that there will always be tension between security and liberty, and the need for surveillance, interception, and intelligence versus protection of fundamental rights. The case law from the European Court of Justice has been very instructive in this area. The Deputy will be familiar with the fact that it struck down Europe's data retention laws in 2014 and it outlined, in striking down the data retention laws in Europe, a test for necessity and proportionality. In particular, it pointed out that there cannot be mass and bulk scale collection. It requires to be targeted and there needs to be evidence as to the necessity and proportionality. That gives us clues as to how the Court of Justice interprets data protection laws vis-à-visthis issue. First, evidence, necessity, and proportionality need to be demonstrated. There needs to be protection of rights of individuals to be notified when they are the subject of surveillance or interception.

We are aware that the Department of Justice and Equality is looking at modernising the surveillance and interception laws in Ireland. We are strongly of the view that it needs to look at strengthening the oversight mechanisms that are in place. As the Deputy knows, under current interception legislation, the Minister for Justice and Equality can sign off on an interception request. There is currently no judicial oversight of that process. There is a definite need to look at modernising those laws with regard to reacting to the threats that countries are now exposed to, but there is also a need at the same time to look at what the oversight in that area is. When Mr. Edward Snowden made his disclosures in 2013, he kicked off a very important debate on this whole area with regard to how certain intelligence agencies in the US were operating. It is an extremely important area in which we have to actively participate, and we are doing so.

On the question the Deputy asked about whether each of us is entitled to know what data is encoded on any identity card to which we are subject, we are entirely entitled to know. We have a clear right under current data protection legislation and under future data protection legislation to know precisely what fields of data about each of us are recorded on that card. It should not need to be something that one would need to submit a specific access request to obtain. What is encoded on that card should be readily known to a person at this point. That really points to an issue with transparency with regard to implementation of what is being rolled out.