Mr. Simon McGarr:

Subsequently, the Government of the day brought in a provision under the Criminal Justice (Terrorist Offences) Act, namely, a subsection of that Act specifically dealing with data retention.

The provision was a subsection of that Act specifically dealing with data retention. That was the basis on which Digital Rights Ireland launched its legal challenge to the data retention regime and that was commenced on 11 August 2006. It was evident to Digital Rights Ireland that the data retention regime in Ireland was not compatible with European law or the Constitution. I am somewhat constrained in respect of discussing the matter because it remains a live action to this day.

Anyway, it was interesting to hear the comments from departmental officials in respect of the position on the Tele2 judgment. The departmental position has been that the current Act is not satisfied by the Tele2 judgment. In other words, it is not in compliance. However, the Department's position in terms of its defence before the courts remains a full defence on all heads of the action. The defence continues to rely upon the now struck-down data retention directive, among other things.

It is difficult to address these two tracks plainly. I propose to simply address some of the principles that are being restated by way of the Communications (Data Retention) Bill 2017 and to demonstrate why the problems that have always been present in this legislative format continue in this latest incarnation.

Primarily, the problems lie in Ireland's duty to ensure that European law is upheld. The State has a duty to ensure that the requirements of European law are not breached. Several areas of the general scheme are specifically in breach of the provisions laid out in the Digital Rights Ireland case. That case set out the principles on which a data retention scheme could be brought in. It stated the general principle that unless a scheme met those principles, it was illegal. The reason the directive fell was that it did not meet those principles. Our original legislative provisions were based on that directive and continue to be based on that directive.

The new scheme requires that there continues to be a shortfall between the checklist in the Tele2 and Digital Rights Ireland cases and what is proposed to be brought in now. In consequence, the new legislation, like all previous legislation on this topic, will still be in breach of European law. This is bad, obviously, because Ireland is required to be in compliance with European law. Moreover, it will have specific consequences in respect of the use of the evidence gathered and the significance of how that evidence can be relied upon in court.

If it is the case, as has been decided by the Supreme Court, that data collected in good faith by the Garda by a means which is believed to be fair and reasonable but which subsequently turns out not to be, then it is possible for the courts to such data collected in that manner into account.

It is held by the State that data currently being collected and accessed is protected by that decision of the Supreme Court. However, there is no doubt – it was acknowledged at the committee today - that since the Tele2 and Digital Rights Ireland cases it is clear the State system of collecting data is not in compliance with the law, and the State knows this.

This is a crisis. In his report, Mr. Justice Murray recognises the level of crisis this represents. He makes a strong call for the current regime to be suspended. That is not simply from the position of human rights and civil rights, although these are absolutely critical. It is also because there will be instances, if this goes forward, of the occurrence of risk that prosecutions that would otherwise be successful could face challenge. This could arise on foot of evidence produced being challenged on the ground that the State knew or ought to have known that it was not properly collected.

What we have is a system of mass surveillance. It has been going on for little over a decade, longer if we take the pre-legislative position. It has been under-challenged since 2006. The European law underpinnings have been found to be incompatible with the EU Charter of Fundamental Rights and, therefore, incompatible with European law.

Contrary to the statement committee members heard earlier, European law is directly effective on Ireland. Unlike the European Court of Human Rights, judgments of the Court of Justice of the European Union are directly effective in Ireland. Decisions in respect of legality are directly effective. They can be appealed to and are superior to Irish law. What we have is a system whereby those laws have been allowed to continue. I am not going to suggest this is as a result of a state of denial, but we have seen no evidence of recognition of the urgency for this matter to be addressed. We can see now the means by which it is proposed to address this. It appears that the actual problem, which is what the State wishes, has been expressed clearly. The State wishes that the collection of data in itself was not a breach of data protection rights, but it is, and that is what the court has found. The State wishes that the relevant question was when data was accessed rather than when it was collected. The Court of Justice in Europe has found that this is not the case. The court made this finding in 2013 in the Digital Rights Ireland case. The State wishes the question was merely that it could take account of court cases without having to apply them directly. In fact, those court cases are binding on the State. The decisions of the court in Luxembourg are binding on the State. They can be appealed to directly in courts and the courts must apply them directly in Ireland. The argument that European courts do not make decisions on domestic law is a distinction without a difference. If there is a finding that a domestic law is in contravention of European law, and European law is defined by the courts, then the domestic law in question falls.

That is the scene-setting I have sought to put in place. We have a potentially critical issue involving the mass surveillance of the entire population of Ireland. It is not limited to journalists, but it should be noted that European law specifically recognises certain classes of communications that are particularly sensitive. These classes include communications between: trade unionists and union members; journalists and their sources; and lawyers and their clients. These are recognised as specific communications that are specifically sensitive. That is not to say these are the only communications that ought to be given protection, as was correctly pointed out by the departmental officials at the committee earlier. The correct role is to ensure that the floor of protection for all citizens meets the requirement of the most vulnerable and sensitive data communications.

I will hand over to Dr. McIntyre, who will take the committee through some of the details in respect of the heads of the Bill. I hope we will have time for questions. I am mindful that some of the members need to be elsewhere.