Lynn Ruane (Independent) | Oireachtas source

I move amendment No. 1:

In page 4, between lines 38 and 39, to insert the following:

" 'security of the State’ means the territorial integrity and independence of the State from subversive activities by hostile states and from hostile groups within the State, and the safe and ongoing functioning of sovereign authority and the constitutional system of the State, and the security of its citizens (including the rights and freedoms of citizens);".

I welcome the Minister. Amendments Nos. 1 to 3, inclusive, attempt to provide clear definitions for the phrases "security of the State" and "threat to the security of the State". These definitions are essential to provide a clear legal threshold, which can form the basis of a decision about data retention. One of the core principles we need to follow as legislators is that the provisions we put into law must be clear and unambiguous and easily understood by all. It is not clear that this legislation currently meets that standard.

The Minister is given the responsibility in this Bill to determine whether there is a threat to the security of the State and to make a proposal to an authorising judge in respect of the retention of data in response to that threat. This responsibility is burdensome and a serious one for a Minister, and yet no clear definition is provided on which the Minister can base a decision. No criteria are provided in the legislation to distinguish between ordinary crime, organised crime or potential acts of terrorism. These are essential distinctions we need to make not just because it is good legislative practice but because the Court of Justice of the European Union, CJEU, ruling requires it.

The CJEU ruling has highlighted that in order to meet the data protection principles of necessity and proportionality, this legislation needs to provide clear criteria on which a data retention decision is based. This means we need a clear definition of national security. The CJEU ruling states:

In order to satisfy the requirement of proportionality, the legislation must lay down clear and precise rules governing the scope and application of the measure ... and must indicate in what circumstances and under which conditions a measure providing for the processing of such data may be adopted, thereby ensuring that the interference is limited to what is strictly necessary.

As it is not clear in the legislation what "security of the State" actually means, we currently do not have "clear and precise rules governing the application" of this law. This emergency legislation may therefore still be in breach of EU law.

Our amendments propose a number of definitions which might help to create the necessary clarity in the Bill. Amendment No. 1 proposes that "security of the State" means safety and security from hostile actors that might threaten the independence or integrity of the State, the ongoing function of our democracy or the rights and security of our citizens. Amendment No. 2 proposes that a threat to that security would be a threat that is "greater than that posed by common criminal behaviour". This is an attempt to create a clear distinction between ordinary or organised crime and actual terrorism or threats to the State and therefore create a clear basis for a data retention decision. This clarity is essential to vindicate the data protection principles I have discussed.

Amendment No. 3 proposes alternatively that a threat to the security of the State might be defined as "one which cannot be eliminated by ordinary means". Again, this attempts to create that clear distinction between crime which can be dealt with ordinary powers of the State and those terrorist threats that may require additional powers in respect of data retention.

I hope the Minister will engage on this legislation, given it is an emergency response to a ruling that our current law is illegal. It would be very short-sighted to pass an emergency law open to legal challenge and which would also be ruled illegal if referred to the CJEU again. I am genuinely concerned this Bill would still be illegal under EU law due to its failure to establish clear criteria for data retention.