Dan Boyle (Green Party)

I welcome my colleague, the Minister of State, who has responsibility for data protection, which is an important element of this wider debate. In regard to the framing of a Bill of this type, which tries to balance the need for the State to have access to information for security purposes and the rights of the person, we badly need to get it right. Much protracted discussion took place between the Departments of Justice, Equality and Law Reform and the Department of Communications, Energy and Natural Resources on this issue. It is right it is given that consideration because we need to bear in mind what is being compromised in passing legislation of this nature.

The legislation must be put on the Statute Book to conform with an EU directive. However, that is under question following the decision of the German Constitutional Court. While we need legislation on the retention of data, the extent to which the provisions of this Bill cover our obligations under the EU directive is a subject worthy of discussion. The reason the German Constitutional Court decided to strike down the German legislation was because of what it termed the exceptional intensity of interference with human rights. The German Government was subsequently obliged to put clear and transparent measures in place to ensure data safety and adequate legal remedies for citizens in regard to the misuse of personal data. That is what a Bill of this type should try to do.

In looking at the German legislation and at this Bill as it progresses through Committee and Report Stages, I hope we will come up with the most effective legislation in this area. The difficulty in dealing with a Bill which refers to data retention is that we must also refer to data protection. I was subject to hacking in recent months. Given how loose the Internet can be and how easily information can be got from third party sources and subsequently used, we need greater legal protection, so I welcome the fact we are debating this Bill.

As several speakers said, we received representations from the Internet Service Providers Association of Ireland which made useful points. I am not sure whether all of them can be acceded to or even agreed with, but what it said about the timescale for the retention of data bears consideration given that countries such as Germany, the Netherlands and Slovakia apply a six-month retention period whereas this Bill refers to a 12-month retention period.

There are issues in regard to who bears the cost of data retention and how it should be shared between the various people involved in the process. Again, EU member states have applied different criteria. France, Germany and the Netherlands cover certain operational costs while Britain, Finland and the Czech Republic reimburse capital expenditure involved in the retention of data. As a vested interest, the Internet Service Providers Association of Ireland is right to ask these questions and to ensure the legislation is strengthened accordingly.

The area of unfair liability is a bit more nebulous and how it is defined will probably exercise greater legal minds than mine. The presence of Senators Regan and Bacik might help to clear up some of those inconsistencies as the legislation progresses.

One of our responsibilities as legislators is to look at the issue for which legislation is required and identify those affected by the introduction of the legislation. It is proper for the Internet Service Providers Association of Ireland to ask questions and to ask us, as legislator, to respond accordingly. On those grounds, I look forward to the further progress of this Bill. I hope lessons can be learned from what occurred in Germany and that we retain the minimum amount of information for the shortest period, that we limit the use of and access to this information and protect the principle of individual freedom.