Retaining the current regime of access to phone and internet records by State agencies is “not an option”, the Data Protection Commissioner has said.
Publishing her annual report for 2017, Helen Dixon called on the Government to "immediately prioritise" the re-working of the existing framework for access to people's retained phone and internet data.
Former chief justice John Murray issued his review on the law on retention of and access to communications data in October last year.
He found that current data-retention legislation of 2011 amounted to mass surveillance of the entire population of the State and that it was in breach of European law.
The commissioner said this report provided the government with “a clear roadmap to address a range of issues with existing data retention legislation”.
“Indeed, the Government has since published a Bill that was subject to pre-legislative scrutiny at the end of 2017 which is aimed at addressing many of the issues highlighted by Justice Murray, including the requirement for judicial pre-authorisation for access to data and proactive notification to users after the fact,” the commissioner said.
“Oversight remains an issue that merits further scrutiny, however, as do the broader sets of issues that need to be considered around interception.”
The commissioner said the pieces of “this particular jigsaw” would inevitably have to fall into place on a phased basis.
“There is much to address in legislative terms. Issues of institutional capacity will also have to be considered given the range and depth of the changes that need to be implemented within a short space of time.
"However despite the legacy and legislative challenges that lie ahead, it is the view of DPC Ireland that the Government should immediately prioritise the re-working of the existing legal framework for access to retained data," the commissioner said.
“This will ensure that Ireland is compliant with the clear standards necessary for a modern system of access, built on a sound legal foundation that provides legitimacy by respecting the rights of citizens and features (amongst other things) stringent and specific judicial oversight, as well as effective avenues for redress for individuals whose rights or interests have been found to have been prejudiced.”
Taken together, the requirements identified in the Tele2 case ruling by the Court of Justice of the European Union, and the failings identified in the Murray report, meant that "retaining the status quo as it presently applies in this jurisdiction is simply not an option".
The commissioner last year carried out audits of the communications service providers Three, Virgin Media and BT Ireland for compliance with the provisions of the Communications (Retention of Data) Act 2011.
Under that Act, disclosure requests are made to communication service providers (CSPs) by An Garda Síochána, the Defence Forces, the Revenue Commissioners, the Garda Síochána Ombudsman Commission and the Competition and Consumer Protection Commission.
The commissioner issued a number of recommendations following the audits, including on the technical and security measures the service providers should have in place to protect personal data.
The 2011 legislation is currently being challenged by Graham Dwyer, whose phone records were used to convict him of the murder of Elaine O’Hara. The State has argued in the case, however, that the used to obtain evidence against Dwyer, are vital for the detection, investigation, prosecution and prevention of serious crimes and should not be struck down.
Minister for Justice Charlie Flanagan will on Wednesday address the Institute of International and European Affairs in Dublin on "the tension between the public's legitimate desire for privacy and the need to provide adequate levels of protection for their security needs".