Charles Flanagan (Laois-Offaly, Fine Gael)

I welcome this Bill before the House, Fine Gael will be supporting it. Some issues of detail will be addressed on Committee Stage and I hope the Minister will be able to allay these concerns. Data retention has become a hugely important issue over the past decade. A range of factors including the proliferation of communications technology, the re-emergence of the threat of global terrorism and the insatiable demands of the marketing fraternity have put data retention issues at the forefront of national and international agendas.

Accordingly, I am somewhat surprised that it has taken three years to draft a Bill to facilitate the transposition of the EU data retention directive into Irish law, particularly as the Bill itself is so short. I listened with interest to what the Minister said regarding the delay on the matter of the preparation of the Bill. In the context of the recent debate on the Lisbon treaty and our relationship with the European Union, it is important that scrutiny committees in this House on matters European gain more attention. Some of the House committees might be reorganised to take these matters into account.

I note that Ireland has opted for a maximal retention scheme within the margin permitted by the directive. This has caused concern among some civil liberty advocacy groups, who are concerned about protecting the privacy rights of citizens. I understand their concerns and the Bill must have strong safeguards to ensure that the new system of data retention is not vulnerable to abuse. Moreover, should abuses be detected, there must be a commitment to immediately address any shortcomings. The Government is committed to compile a statistical report for the European Commission to show how many requests have been made by each State body covered by the Bill, and that telephone and Internet monitoring will be overseen by a High Court judge.

It is important that we look at what other jurisdictions have done under the directive. The UK system requires a surveillance commissioner to produce a substantial report every year to include statistics on problems that have emerged and what is being done to address them. Perhaps the Minister envisages a similar reporting style for the designated High Court judge who will be appointed under this Bill, or perhaps this will come under the remit of the Data Protection Commissioner, whose own office is under threat following the McCarthy report and other Government proposals on quangos and agencies. It is important that these particular provisions under this Bill be subject to annual reports, but also to annual reviews. A committee of the House should have the opportunity to deal with that review and report in some detail.

Section 12 of the Bill requires the designated judge to "include, in the report to the Taoiseach ... such matters relating to this Act that the designated judge deems appropriate". Will the judge's report include a list of problems with the legislation and solutions to those problems, as per the model in the United Kingdom? Will the President of the High Court consult the Government in the selection of the designated judge? Does the Minister believe it necessary to appoint a judge who has experience ruling on matters concerning data retention and privacy issues? We often include nothing more than aspirations that judges be designated to deal with certain issues and do no more than comply with a directive or what might be regarded as a safeguard. There is very little else done to ensure a positive, active role and function for that designated officer. What resources have been identified to allow the designated judge to fulfil his role? Will the judge appointed have his own office, including personnel? How will this impact on the day to day to work of that particular High Court judge, as such judges are very busy people in their own right? The designated judge will have an important role to play, so it is essential that he or she is supported by the Government in carrying out this work. Too often in the past, the Government has appointed good people to important jobs monitoring State activity and then starved them of resources or ignored their recommendations. We can get back to this on Committee Stage, but perhaps the Minister might deal with them at the end of this debate.

In respect of the provision to introduce a referee to scrutinise how data retention is implemented following complaints by members of the public, some critics have argued that this safeguard is undercut by leaving it up to an individual to determine whether his or her data has been accessed for an investigation. The lack of transparency about this process has been highlighted. I would like the Minister to give his views on this matter.

This Bill requires Internet service providers to retain, for a period of 12 months: the telephone number, the user ID and the registered address of the user or subscriber; the same information for the destination of the communication; the date and time of log-in and log-off, together with IP addresses; and data necessary to identify the equipment of the user. In the same manner, telephone providers are obliged to retain for two years: the calling phone number, and the address of that subscriber or registered user, dialled numbers, and the address to which that number is registered; the time at the start and the end of that communication; subscriber information for mobile phone users; and geographical information as to the location from which the call is made.

As we have seen in a number of recent high profile cases, records of mobile phone signals being detected and of e-mail correspondence have contributed enormously to the assemblage of circumstantial evidence in criminal trials. I welcome that development. Building a comprehensive body of evidence is essential to reach the high standard of proof in criminal trials. The EU data retention directive takes cognisance of that fact. Naturally, such information can help to prove innocence as well as guilt. Neither the directive nor the Bill allows the State to intrude into the content of phone calls, letters or e-mails. Section 2 of the Bill is worth stating, as there have been some misleading comments on data retention. It reads, "This Act does not apply to the content of communications transmitted by means of fixed network telephony, mobile telephony, Internet access, Internet email or Internet telephony." Given the history of gross invasion of journalists' privacy carried out by a Fianna Fáil Administration in the 1980s for political gain, this is an important provision. I am pleased the Minister has made specific reference to it.

When other jurisdictions speak about data retention and terrorism, they are generally referring to international terrorism. However, in Ireland we have a dual problem. We must play our part in the fight against international terrorism while combating particular terrorism within our jurisdiction and that of our neighbour. I recently received a telephone call at my office from a concerned citizen informing me that dissident republicans are using the Internet to recruit members. I was directed to a website used by the 32 county sovereignty movement to recruit members and spread bile and hatred in this jurisdiction and beyond. This group has, reportedly, been recently engaged in vigilante activity in Cavan, Fermanagh and Cork. The use by this group and its fellow travellers of the Internet is not surprising, given that since its creation the Internet has been used on the one hand for great good and, on the other, sadly, to evil effect. It is a straightforward, if covert, way for dissident republicans and terrorists to get their message out and recruit members. Therefore, in the context of this Bill, we can see how the retention of Internet data for a period of 12 months is significant.

It is regrettable that there has been an upsurge in dissident republican violence this year. In Northern Ireland a large number of bombs have been planted, members of the police attacked and in some tragic cases lives have been lost. There seems to be a determination on the part of some murderers to attack innocent people going about their jobs protecting both communities in Northern Ireland. It has been acknowledged by the Garda Commissioner that while these groups are a greater threat to life in the North than in the South, nevertheless they are active in the South and their movements are being monitored by the Garda Síochána. I welcome this and urge the Minister to keep in close contact with the Garda authorities on the matter.

I hope data retention measures will help to combat the scourge of renewed paramilitary activity by facilitating intelligence and evidence gathering and bringing these criminals to justice before they inflict further carnage on this island. The lines are often blurred between dissidents republicans and gangland criminals. While many dissident republicans have made a fortune from drug smuggling, using routes formerly exploited for the importation of arms, drug gangs without paramilitary links have recruited terrorists from time to time as mercenaries to carry out attacks on rivals. Last year, there was a fourfold increase in the number of grenade and pipe-bomb attacks in Dublin. Gardaí believe these devices to have been the work of dissident mercenaries helping drug gangs. The INLA, in particular, is thought to be playing a key role in this development.

Figures show that in 2008 there were more than 100 separate bomb attacks involving crime gangs and dissident republicans in the Dublin region, compared to 24 the previous year. This extraordinary and disturbing increase requires attention. We are fighting terrorism on three fronts currently, dissidents involved in gangland crime, dissidents involved in terrorism in the Border area and international terrorism. Therefore, the ability of the Garda to access certain types of communication data will undoubtedly assist in the struggle to keep communities safe from gangland criminals.

At a more local level, the Bill will be of assistance to agencies such as the Criminal Assets Bureau, which comprises both gardaí and Revenue officials as well as representatives of the Department of Social and Family Affairs. Computer analysis is already an important tool used by the CAB in building a case against alleged criminals. This Bill will assist in that regard when enacted.

A number of concerns have been expressed by advocacy groups and business interests. I understand the Irish Human Rights Commission has expressed concern about the broad provisions of the Bill and is currently joined, as an amicus curiae, to a High Court action being taken by Digital Rights Ireland against the State on grounds relating to data retention. I am not aware whether the Minister consulted with the Human Rights Commission when considering appropriate safeguards in the Bill, but I believe consultation with civil liberty and human rights groups is important. It is essential we strike a balance between introducing measures to protect people's safety and security and the infringement of citizens' right to privacy. We do not want this legislation to be incompatible with or to adversely affect the European Convention on Human Rights.

The Telecommunications and Internet Federation, TIF, expressed concern some time ago about the costs this Bill will place on operators. As well as the TIF, numerous business leaders, including the past chief executives of Oracle Ireland, Microsoft Ireland and lona Technologies, have expressed concern that Ireland's data retention policies are a potential deterrent to business, especially to inward investment. Will the Minister clarify whether he or his officials have met with the TIF and other concerned parties and will he outline what measures, if any, he has taken to meet their concerns?

Fine Gael members have been concerned about the matter of data retention for some time. We are aware there is concern in the public domain about privacy matters, a concern that has grown due to the careless loss of personal data by a range of institutions, companies and State departments in recent years. Last October, my colleague, Deputy Simon Coveney, introduced a Private Members' Bill proposing a new disclosure law which would create a legal obligation on organisations to disclose within a certain period of time any breaches of data security. Deputy Coveney argued that such an obligation would create a strong incentive for all organisations to ensure that their data protection procedures were adequate, in order to avoid the potential negative publicity that would come with having to disclose a breach of customers' sensitive personal data.

Fine Gael takes the view that people have a right to know if their personal data is used. They must also have a right to know when organisations mishandle their personal information. We should look at the possibility of ensuring that no financial or sensitive data will be held on laptops. I recognise this might cause difficulty, but it would be a way of dealing with a huge problem, one that is treated with carelessness, particularly on the part of banks and financial institutions. The State has also been culpable in the manner in which laptops containing sensitive information have been left in places where they should not have been. To compound matters by failure to disclose is unacceptable. Disclosure laws are essential to alert people to the fact they may be potential victims of identity fraud or theft. People must take the precautions necessary to minimise the risk of such fraud occurring.

Disclosure laws are essential to alert people to the fact that they may be potential victims of identity fraud. People will have to take the precautions necessary to minimise the risk of such fraud taking place. Furthermore, the existence of a disclosure law would guarantee the presence of a catalogue of information regarding identity theft which helps law enforcement organisations. This would help research organisations, too, and inform us as policy makers and legislators.

It was a pity that the Government failed to engage on these proposals earlier this year. We can come back to that, perhaps, on Committee Stage and see whether we can incorporate the type of safeguards that were envisaged by Deputy Coveney in his legislation. Looking at the Fine Gael Bill on disclosure and the current Bill we can see that the Government's viewpoint is from the perspective of the State institutions and how to increase their rights. The rights of the Revenue Commissioners and the powers of the Garda Síochána and the Defence Forces are being enhanced and further developed in this legislation. The Government is granting power to State institutions whereas what we were doing in the matter of disclosure was to look at it from the viewpoint of the citizen, advancing or indeed protecting people's rights. It is important, therefore, that we should have a balance. It is a pity that there was not appropriate engagement on the part of Government earlier in the year because I believe that any debate on the retention of data such as we are having would be far more balanced if the State took the rights of the citizen into account alongside the need of certain State institutions to combat serious crime and fraud.

I support the Bill. There are some concerns which can be addressed on Committee Stage. More than anything else, when considering this legislation we must bear in mind the need to strike a balance between fighting crime on the one hand, and protecting privacy and citizen rights on the other. The introduction of robust safeguards to ensure that we can strike such a balance is important.

See this speech in context