Mobile phone service providers say the huge costs of complying with the legislation will be passed on to customers, writes Karlin Lillington
CUSTOMERS ARE likely to foot the bill as the State looks to force telecoms operators to retain more data than was originally specified in European Union-mandated data retention legislation.
The EU directive requires operators and internet service providers to retain data in case they are needed by gardaí for criminal investigations. But operators and service providers say the huge costs of complying with the legislation will affect their industry and be passed on to customers.
Vodafone Ireland estimates it will cost €5 million in the first year to set up and run a system to store and manage customer data.
Costs ultimately will depend on what companies are asked to retain under the legislation, which is now long overdue. The measure was to have been brought in months ago using a statutory instrument.
Irish service providers are alarmed by the potential costs of complying with the directive, particularly for holding on to internet data which is currently not retained for billing.
"We understand we are likely to be asked to retain unanswered calls, e-mail addresses, sender and recipient, time, date and size, location of sender, information that describes user equipment and the websites visited as well as this data for all roamers into Ireland," a Vodafone spokeswoman said.
Operators are also frustrated that the Government has refused to contribute towards those costs for investigations instigated by the State. Among EU member states, only the Irish and Maltese governments have refused to help fund the cost burden of bringing in the legislation.
Gary Davis of the Office of the Data Protection Commissioner says the directive only allows for the retention of data that operators and internet service providers currently retain for business and billing purposes. This would not include data on unanswered calls.
It is understood that service providers were also asked to retain call data for the full duration of a call rather than the start and termination points of a call - another area for which data is not currently retained by telecoms groups. This would include data about all the mast locations that a walking or driving handset user passed during the course of a call.
It is understood that the Data Protection Commissioner's Office raised objections to the latter proposal directly with the Department of Justice, pointing out that retaining such data would fall outside the remit of the EU directive.
The proposed statutory instrument is required because the Government failed to enact legislation within EU deadlines.
In the draft instrument released last spring, Ireland proposed to hold data for the maximum periods possible - two years for call data and a year for internet data. While the two-year call retention period is a reduction from the three years currently in place in Ireland under controversial legislation brought in by former minister for justice Michael McDowell, few other EU states have opted for the full retention period. In consultations with the telecommunications sector, it emerged that gardaí rarely request call data older than a year.
Irish privacy advocates and legislators have voiced concerns about the draft legislation for this and other reasons. A particular concern raised last spring is that the draft statutory instrument contains a provision that would redefine "serious offences" as "any offence for which a person . . . could receive a maximum custodial sentence of six months".
This is a broader definition than that in Section 1 of the Bail Act, 1997, which defines a "serious offence" as an arrestable offence with a minimum prison sentence of five years.
Offences that could now be deemed "serious" under the draft statutory instrument would include public order offences, such as refusing to move on when asked to do so by a garda, or minor assault.
The redefinition is being added in order to continue to allow gardaí access to data for a broad range of investigations. As it happens, the current legislation, which has been repeatedly criticised by the Data Protection Commissioner, provides no restrictions on the type of investigations for which call data may be obtained, including misdemeanours.
The former minister for justice Michael McDowell vowed that retained data would be used only in the prosecution of serious criminal and terrorism cases.
Some legislators are concerned that the proposed statutory instrument has constitutional implications and is of such a serious nature that it requires Dáil discussion and primary legislation. A statutory instrument requires no debate or Dáil oversight and is brought in at the discretion of a minister.
"I would be concerned that any re-categorisation of criminal offences should be carried out by way of primary legislation and not merely through ministerial order," Independent senator Ivana Bacik,professor of criminal law at Trinity College, said. "This is a serious matter and has constitutional implications, as Article 38.1 of the Constitution refers specifically to categorising offences between minor and non-minor."
The Government is now understood to accept that the issue will have to be readdressed through primary legislation.
Prof Bacik expressed worries that the changes in terminology, while they purportedly only affected the paperwork designation of a crime in this instance, could be used to redefine other crimes. It is understood that concern about these issues within the Department of Communications, and worries about the effect they may have on businesses at a time of a major economic downturn, has stalled the implementation of the proposed statutory instrument.
