Helen McEntee (Meath East, Fine Gael) | Oireachtas source

I move: "That the Bill be now read a Second Time."

I am pleased to introduce the Communications (Retention of Data) (Amendment) Bill 2022 to the House. This Bill relates to serious matters of policy with regard to the scope of data retention and access measures that are permitted for the purposes of an effective response by State agencies to issues of national security, crime and the life and safety of persons. The Bill aims to amend the current Communications (Retention of Data) Act 2011. This provides for the general and indiscriminate retention of certain categories of communications data held by communications service providers, but not the content of such communications. Disclosure of such data is permitted for the purposes responding to serious criminal offences, safeguarding national security or the saving of human life.

Various safeguards are built into the Act, including access to a complaints mechanism if a person’s data are disclosed, a reporting requirement for State agencies on their use of the Act and an oversight role for a designated judge of the High Court. Deputies will be aware that there has been a civil law challenge to the 2011 Act, arising from a high-profile criminal case. While it would be inappropriate for me to comment on the specifics of any case that is before the courts or may be before the courts at a later date, it is necessary to refer to some aspects of that litigation.

Following a High Court decision in early 2019 which declared invalid the section of the 2011 Act permitting disclosure of retained data for law enforcement purposes, the State appealed the decision to the Supreme Court. The Supreme Court referred certain legal questions to the Court of Justice of the European Union. On 5 April this year, the Court of Justice delivered its ruling. In essence, the court confirmed that while general and indiscriminate retention of traffic and location data for national security purposes can be justified in certain circumstances, it is not permitted for the prevention, detection, investigation or prosecution of a serious criminal offence. The court added that access provisions for traffic and location data must incorporate prior judicial scrutiny other than in certain urgent circumstances and in such circumstances, there must be a post review.

The State's appeal proceedings are expected to conclude shortly.

I am advised that there is an urgent need to address the immediate impacts of the Court of Justice ruling by way of a number of targeted amendments to the 2011 Act. The current legal frailties within the 2011 Act have now been made definitive following the issue of the Court of Justice. In addition, service providers in the communications sector have expressed to me doubt as to the validity of continued general and indiscriminate retention of data currently held and the need for legal certainty as to what their data retention obligations now are.

An Garda Síochána and other relevant agencies require legal certainty as to the scope of their powers to seek disclosure of retained data for the prevention, detection, investigation, and prosecution of criminal offences, for national security and other lawful purposes. Accordingly, I am proposing a series of urgent amendments to the 2011 Act that balance a number of factors. First, I must adhere to the conditions placed on the general and indiscriminate retention of data for law enforcement and national security purposes. Within these constraints, I am seeking to ensure that An Garda Síochána and other related agencies have the most effective legal provisions that are possible to support their vital role. Second, I must have due regard to the right to privacy of individuals and to the need for strong oversight of any data retention measures that are imposed. Third, I must have regard to the needs of victims or potential victims of crime. There is a right to life and a right to personal safety of persons and these rights must also be given sufficient priority.

I will refer briefly to the main provisions of the Bill. It provides for amendments to the current rules on general and indiscriminate retention of traffic and location data, referred to as “Schedule 2” data. Such retention can only be permitted for national security purposes and where there is the approval of a High Court judge. It will no longer be permitted for law enforcement purposes. Disclosure of the retained data will only be permitted where approved by an authorised judge of the District Court. While I do not object to the concept of judicial approval of disclosure, confining general retention to national security purposes is a requirement of the Court of Justice rulings and would not be my preferred policy choice. I will, however, continue to advocate at EU level for an EU-wide legal instrument that will support strong general data retention measures that deal with both national security and law enforcement concerns.

Provision is made for new access provisions including two new types of orders which will strengthen the capacity of An Garda Síochána to secure and access specified categories of Schedule 2 data for the purpose of specific criminal investigations or proceedings or for national security. Preservation orders will require the preservation of specified Schedule 2 data in connection with specific persons, locations or other indicators, for example mobile phone numbers. A preservation order will not in itself require the granting of access to data. Production orders will require the submission of specified data to An Garda Síochána, and may include data that may already be the subject of a preservation order. The possibility of deploying such measures is to ensure the expedited retention of specific data in individual cases and has been acknowledged by the Court of Justice in its rulings. Provision is also made for the approval, in urgent cases, of temporary orders by an appropriate senior official in each organisation. These must be notified to an authorised judge for affirmation within 72 hours.

I am also providing, as required by the Court of Justice rulings, for separate rules and procedures for retention and disclosure of user data, which refers to issues such as the mobile number used, the equipment identifier number for any specific device, the Internet protocol, IP, number of a communication, and the date and time of initial activation of a communications service of a user. This more general type of information does not specify details relating to the number, traffic or location details of users of communications services. Court of Justice rulings do not require a change to the existing rules linked to the retention of user data, which is deemed to have less of an impact on privacy rights. The retention of and disclosure of such data can be permitted for both national security and general criminal offences in general.

As it is permitted by the Court of Justice, I am also making provision for the retention and disclosure, subject to judicial approval, of Internet source data. This refers to the data necessary to trace and identify the source of a communication by Internet access, Internet email or Internet telephony. This will typically be the IP address that will have accessed Internet content. The 2011 Act already provides for the retention of similar categories of data. Such data is deemed to be particularly important in the detection of offences committed online, such as child sexual abuse offences. Provision is also made in urgent cases of the disclosure of this data by an appropriate senior official in each organisation, which must be notified to an authorised judge for affirmation within 72 hours.

The Bill also makes provision for a transitional provision that allows for a time-limited period where there can be disclosure, on national security grounds only, of Schedule 2 data already retained under the existing 2011 Act until the earlier of the following events: expiry of a period of six months; or the making of a first order by the High Court permitting the future retention of Schedule 2 data. This provision will run for a period depending on when the relevant data was first processed but it will naturally expire and such disclosure will only, in line with the Court of Justice rulings, be for national security purposes.

The Bill makes provision for the authority of An Garda Síochána to seek urgent access to cell site location data that indicate the last location of a person’s communications, where necessary for the saving of a life or dealing with missing persons. The Bill also makes provision for notification, in certain circumstances, of the data subject where Schedule 2 data has been disclosed for law enforcement purposes.

There are a number of important differences between the data retention and disclosure regime in this Bill and the 2011 Act. General retention of Schedule 2 data is only permitted for national security purposes and only where approved on necessity and proportionality grounds by a designated High Court judge. In the 2011 Act, it is for both national security and law enforcement. There is no prior judicial approval. A single 12-month period of retention is provided for all forms of Schedule 2 data. It is currently 24 months for telephony data and 12 months for Internet data in the 2011 Act. Disclosure of Schedule 2 data is subject to approval by an authorised District Court judge and only where necessity or proportionality can be shown. There is no prior judicial approval process for disclosure in the 2011 Act. The preservation order regime is less intrusive on privacy rights as it does not require immediate production of data. This is not in the 2011 Act. The provision on notification of a data subject in certain circumstances is also not in the 2011 Act.

I am conscious that I am asking the House to approve these amendments on an urgent basis. I believe, however, that recent litigation and the urgent need to provide for clarity for service providers, An Garda Síochána and other State agencies justify making immediate legal changes now pending further reforms later this year. An Garda Síochána and other agencies cannot, in my view, have one hand tied behind their back in seeking to safeguard national security, prosecute offences and ensure the personal safety of individuals. I am also happy to confirm that later in 2022 I intend to bring forward a set of wider reforms to clarify and consolidate the law on data retention. I intend to publish an updated general scheme of a Bill, which will build on a previous general scheme that was published in 2017 and completed scrutiny in early 2018. This general scheme will also have regard to the evolving case law of the Court of Justice in the intervening period and will be proposed for discussion and further consultation, as required, before the Joint Committee on Justice. I am pleased to commend the Bill to the House.

See this speech in context