This article is also available in:
Deutsch: Irisches Vorratsdatenspeicherungsgesetz veröffentlicht

On 6 July, the Communications (Retention of Data) Bill 2009 was presented to the Irish Parliament. The Bill is intended to implement the Data Retention Directive and if enacted will establish a two year retention period for telephone data with a one year retention period for Internet and email data.

State access to the retained information will be available in respect of serious offences (generally those punishable by five year or more imprisonment and including revenue offences), saving of human life or safeguarding the security of the State. Access will be on the basis of internal authorisation within the police, revenue and army authorities with no judicial authorisation will be equired. There is no provision for cost recovery.

Supervision for the scheme will be provided under the existing Irish surveillance regime: a Designated Judge of the High Court will keep the scheme under annual review and a Complaints Referee (a judge of the Circuit Court) will be available to investigate complaints from individuals whose data has been wrongfully accessed.

The proposals in the Bill have been criticised, especially in comparison with the implementation of the Directive in other member states. There is no criminal sanction for unauthorised access to the majority of this data, nor for failure to store the data securely. Evidence obtained in breach of the provisions of the Bill is not made inadmissible. The Bill appears to end anonymity for pay as you go mobile phones by the back door - despite similar domestic proposals having been defeated recently. In addition, the quality of the supervision regime is poor; the annual report of the Designated Judge, for example, consists every year of three uninformative paragraphs. Remarkably, the Bill provides for submission of statistics to the Commission only and does not provide for disclosure of that information to Irish citizens or members of parliament.

Business will also be concerned by the vague nature of the obligations imposed. For example, the Bill simply repeats essentially verbatim the definition of "service provider" from the Directive, and imposes a data retention obligation on any "person who is engaged in the provision of a publicly available electronic communications service or a public communications network by means of fixed line or mobile telephones or the Internet". It is not clear from this definition whether e.g. private messages sent via a social networking site would be covered. The Bill also imposes unnecessary duplication on business: where several providers are involved, all will have to retain data (where in the UK for example there is provision to exempt downstream ISPs where the upstream ISP is retaining data).

Carol Coulter, "Bill allows Garda access to internet and phone data", Irish Times (14.07.2009)
http://www.irishtimes.com/newspaper/ireland/2009/0714/1224250637782.ht...

Michael Brennan, "True extent of State's phone tapping could remain secret" , Irish Independent (14.07.2009)
http://www.independent.ie/national-news/true-extent-of-states-phone-ta...

Communications (Retention of Data) Bill 2009
http://www.oireachtas.ie/viewdoc.asp?fn=/documents/bills28/bills/2009/...

Eoin O'Dell, "Thoughts on the new Data Retention Bill" (14.07.2009)
http://www.digitalrights.ie/2009/07/13/thoughts-on-the-new-data-retent...

Daithi MacSithigh, "More Thoughts on the Data Retention Bill" (14.07.2009)
http://www.digitalrights.ie/2009/07/14/more-thoughts-on-the-data-reten...

(Contribution by TJ McIntyre, EDRi-member Digital Rights Ireland)