Violations only made worse by new plans for data retention

The Government is planning an alarming expansion of its surveillance of citizens, writes TJ McIntyre .

SUPPOSE THAT someone was monitoring you every day, writing down your movements, making a note of everyone you talked to, copying the name and address on every letter you posted, and then storing that information for three years. Now suppose that every person in the country was under similar surveillance.

While this might seem like science fiction, since a secret ministerial order of 2002 the Government has required telephone companies to do just that. They are required to track the whereabouts of all users via their mobile phones, to log details (but not the content) of every telephone call made and every text message sent and to store that information for three years.

The Department of Justice now proposes to extend this to the internet, by requiring internet service providers to monitor the internet use of every person in Ireland, recording names, details of every e-mail or instant message sent and every time a user logs on, and to store that information for 12 months.

Moreover, they plan to do this in a way which will limit democratic scrutiny, by using a statutory instrument and not a Bill which would be examined by the Dáil and Seanad.

(Ironically, these proposals were revealed on the same day that thousands of Bank of Ireland customers learned that their confidential data had been stolen.)

This system has been given the bureaucratic and innocuous-sounding name “data retention”. A more apt term, however, is “dataveillance” – surveillance through the use of databases. Unlike traditional targeted surveillance, it involves the gathering of information on all citizens – judge, journalist and jailbird alike – creating a digital dossier of their movements and communications, without any requirement for judicial authorisation or even police suspicion.

What protections are in place to limit the use of this information? The former minister for justice, Michael McDowell, promised that access to these databases would be an extraordinary measure, used to deal with serious crime and terrorism.

However, such safeguards were never implemented. Under current law gardaí can access these databases without a warrant, in respect of any crime (or even possible future crime), however trivial, and in respect of any person (not merely suspects). The result, according to the Data Protection Commissioner, is that more than 10,000 requests are made for this information every year – more than 300 per day.

European law should have changed this, by restricting access to cases of serious crime only. Generally under Irish law a serious offence is one which carries a possible prison sentence of five years or more. However, the current Department of Justice proposals cynically negate this safeguard by redefining serious offences for the purpose of data retention to mean offences which have a possible sentence of six months’ imprisonment.

This will include such crimes as failure to move on when asked to do so by a garda.

There is also a likelihood that others will abuse or simply lose these records. In Germany it was revealed recently that Deutsche Telekom had been using telephone databases to spy on journalists who wrote unfavourably about the company. In the United Kingdom government departments have allowed confidential data on many millions of individuals to be compromised.

Here in Ireland officials in the Department of Social Welfare have been found by the Data Protection Commissioner to be engaged in the systematic leaking and selling of personal information from government databases. There is no reason to think that this information will be treated any differently.

Information gained from telephone and internet records can be valuable in the investigation and prosecution of crime – but there are other ways of ensuring that police can have access to this data without jeopardising the right to privacy.

In 2001 Ireland signed the Council of Europe Convention on Cybercrime, which achieved international agreement on a more proportionate “data preservation” system, which would enable police to mount surveillance and preserve evidence but would avoid blanket surveillance of all citizens at all times.

This system would still have provided for the use of this information in, for example, investigating the Omagh bombing.

But without any explanation, the Government has failed to implement the convention, jumping straight to the more intrusive option of data retention without first testing data preservation.

Privacy is a fundamental right, guaranteed under Irish, European and international law. Being able to go about our everyday business without systematic state scrutiny is an essential part of a democratic society. Data retention is something entirely new – it provides for pre-emptive surveillance of the entire population on the basis that some of them might at some stage commit some crime and that this information might then be of assistance.

In effect, it treats everyone as potentially guilty and as such reverses the presumption of innocence. Such ongoing monitoring of the entire population is remarkable in a democracy and is so excessive and disproportionate as to violate the right to privacy. No evidence has been put forward to show that it is necessary or that less intrusive alternatives would not suffice.

Digital Rights Ireland has brought a High Court challenge to Irish and European data retention laws, which will ultimately determine whether surveillance of all citizens can be compatible with the Constitution and the European Convention on Human Rights.

In the meantime, the Department of Justice proposals to extend data retention to the internet should at the very least be the subject of primary legislation, allowing for a full public discussion of these issues and democratic scrutiny by the Oireachtas.

TJ McIntyre is a solicitor, lecturer in law in UCD and chairman of Digital Rights Ireland

European Data Protection Day takes place on Sunday 28th January. Irish civil
rights group Digital Rights Ireland (DRI) has put together a list of things
you can do to protect your privacy. DRI Chairman TJ McIntyre said:

“European research shows that people are concerned about their privacy but
generally feel they know little about what they can do to protect
themselves. Digital Rights Ireland has put up on its website a list of
practical things you can do to protect your privacy, online and off. If you
are interested in stopping spam text messages, cutting down on junkmail,
stopping telephone calls trying to sell you something, or finding out what
information a company or body holds about you then visit
www.digitalrights.ie for more information.”

Background for Editors:

European Data Protection Day is organised by the Council of Europe.

Digital Rights Ireland is a non-profit group devoted to protecting civil and
human rights in a digital age.

Our view is Data privacy is something for every individual to look after. Private companies, government, hospitals, all store information on you.

You are entitled to view that information if you want to.

You are entitled by law to have incorrect information about you removed or amended.

Digital Rights Ireland suggests 5 ways to protect your data and personal information.

1. Stop SMS Spam

Did you enter into a competition, put your mobile phone number on a form, or give your number to a company for any reason?

Are you now getting SMS messages about “winning a competition-with no prize”, new services or other information you don’t want to know about?

If so your mobile number has been provided to someone sending SMS spam.

Unsolicited SMS text messages are against the law in Ireland.
Ireland’s Data Protection Commissioner explains simply what the law is regarding unwanted SMS messages.

What can you do?
First, do not delete the message.

You can make a complaint to the Data Protection Commissioner, by e-mailing them.

Click here to send then a complaint, with the number the SMS came from, your telephone number, the date and time of the message and the text of the message.

For full details please read the information on making a complaint, or read our guideto dealing with SMS spam.

2. E-Mail the Minister for Justice and request him to stop spying on all Irish individuals.

The Minister for Justice has been responsible for laws requiring telephone companies to track the movements of everyone with a mobile phone and monitor every email you send. Digital Rights Ireland have brought la egal action to stop this.

You can e-mail the Minister for Justice, and ask him to stop.

3. Stop getting junkmail and junk telephone calls

Are you continously receiving unsolicited telephone calls from companies, receiving unsolicited mail from direct marketing companies?

If so, you have the right to have your details removed from that database. You can exercise this right simply by writing to the organisation concerned. The organisation must write back to you within 40 days confirming that they have dealt with your request.

You can also make a complaint to the Data Protection Commissioner. Click here to make a complaint via their website

You can read the full “Consumer Guide to Dealing with Unsolicited Direct Marketing” as published by the Data Protection Commissioner here.

4. Make a personal information request.

If a company, mobile phone company, telephone company, insurance company, local authority or any other body has information stored about you, you have the right to obtain a copy, clearly explained, of any information relating to you.

All you need to do is write to the organisation or individual concerned and ask for it. By email is fine.

Your request could read as follows:

Dear …

I wish to make an access request under the Data Protection Acts 1988 and 2003 for a copy of any information you keep about me, on computer or in manual form. I am making this request under section 4 of the Data Protection Acts.

You can read the full guidelines on the Data Protection Commissioners website.

You should note that you may be asked to pay a fee, but this cannot exceed €6.35.

Once you have made your request, and paid any appropriate fee, you must be given the information within 40 days, although most organisations manage to reply much sooner.

5. Donate to Digital Rights Ireland.

Digits Rights Ireland is a not-for-profit organisation dedicated to defending Civil, Human and Legal rights in a Digital age Your support is greatly needed to help us continue our work.

There are a number of ways you can support us:

1. make an on-going donation.
2. make a once off donation.
3. or buy one of our t-shirts. We have a number to choose from.

And until Sunday 28th January we are dropping the price of the t-shirts to cost price, so make sure you get one now!

Please help us make European Data Protection Day a success. Please tell your friends and family about our work.

Professor William Binchy, T.C.D. (Chair Panel I)
Gavin Millar Q.C., Doughty Street Chambers, London (Gavin Millar Q.C. will present a paper co-authored by Dr Caoilfhionn Gallagher.)
Marie McGonagle, Head of Department, National University of Ireland, Galway
Vincent Browne, Journalist (Chair Panel II)
Seamus Dooley, Irish Secretary of the National Union of Journalists
Professor Colum Kenny, B.L., School of Communications, DCU
Gerard Colleran, Editor, The Star
Mr Justice Adrian Hardiman, Supreme Court (Chair Panel III)
Patrick Walshe, Matheson Ormsby Prentice
Eoin McCullogh, Senior Counsel

Full details here (Word doc.)

You can listen to it in full on the An Líonra Sóisialta website, or download it here.

The lack of security measures, protecting the passport from being “skimmed”, are a real risk, exposing these passports to the possibility of being read and the contents copied by terrorists.

Recent press coverage has exposed the security risks associated with electronic passports.

‘Terror risk’ for electronic passport
Mark Tighe
THE new Irish e-passport is lacking a basic security feature contained in the American version, leaving Irish passport holders open to targeting by terrorists, according to a leading lobby group.

Digital Rights Ireland (DRI) claims the lack of any shielding in the passports means “skimmers” will be able to detect the passports from picking up their frequencies, and even identify nationality, without the holder knowing.

The new passports were launched last week by the Department of Foreign Affairs, ahead of a US deadline requiring countries on its visa-waiver programme to start issuing passports with a radio transmitter chip (RFID) from Tuesday. The department expects to issue 750,000 by the end of 2007.

While the chip is meant to be read from only a few centimetres, prototype testing showed they could be detected up to 9m (30ft) away. This led the US State Department to introduce a metal mesh in the passport cover to “make unauthorised reading of the passport very difficult from any appreciable distance as long as the passport is closed”.

An encryption system prevents skimmers from accessing the biometric data on the chip but security firms have demonstrated that a hand-held scanner is able to identify the presence of unshielded passports. Researchers are examining whether it will be possible to identify the passport nationality.

Antoin O’Lachtnain, a director of DRI, said it was unbelievable Ireland did not follow America’s lead in providing shielding. “The only reason we are implementing the e-passport is because the Americans told us we had to,” he said. “I really think e-passport holders should use a shield, such as a piece of tinfoil, to prevent the RFID chip being read without their knowledge.”

Some companies are already offering special wallets with shields to protect passports against skimmers.

O’Lachtnain said skimming technology would advance over the planned 10-year lifespan of the passports. “Terrorists could use a scanner to identify a group of, say, British or American nationals by the passport they are carrying and then kidnap them or kill them in a suicide bombing,” said O’Lachtnain.

The Department of Foreign Affairs said shielding was not necessary as the passports must be open at very close proximity to the reader. A source at the International Civil Aviation Organisation said: “I think it will not be long before other countries move to implement similar shielding.”

The legal background to this action is set out below.

On or about the 25th April 2002 Mary O’Rourke as the Minister for Public Enterprise, as she then was, issued a direction to the telecommunications providers in Ireland to retain data generated by customers of the telecommunications providers, purportedly in compliance with Section 110 (1) of the Postal and Telecommunications Services Act 1983.

The Minister for Public Enterprise (as she then was) purported to issue those directions under Section 110 (1) of the Postal and Telecommunications Services Act 1983 requiring telecommunications providers to retain that data, being detailed non-anonymous traffic data, and to retain it for a 3 year period, for the purpose of facilitating requests from An Garda Siochana and from the Defense Forces under Sections 98A and 98B of the Postal and Telecommunications Services Act 1983, as inserted by Section 13 of the Interception of Postal Packets and Telecommunications Messages (regulation) Act 1993.

On the 19th December 2002 the Data Protection Commissioner advised the Department of Communications, Marine and Natural Resources (being the successor to the Minister for Public Enterprise in regard to these matters) that the direction of the Minister for Public Enterprise was, ultra vires, inadequate, constitutionally invalid and was in breach of the Data Protection Acts 1988 and 2003.

The Data Protection Commissioner advised the Department of Communications, Marine and Natural Resources of his intention to issue judicial review proceedings against the Minister of Communications, Marine and Natural Resources, to challenge the validity of any and all such directions issued by the him or his predecessor, to the telecommunications providers. While the actions of the Data Protection Commissioner were laudable, it appears he made no reference to data protection in European law. Data protection is and was the subject matter of Directive 95/46/EC (the transposition of which into national law was the intended objective of the Data Protection (Amendment) Act 2003).

In addition, telecommunications traffic data is specifically protected/regulated by Directive 2002/58/EC, Article 15 of which provides that retention of traffic data for purposes of law enforcement should meet strict conditions i.e. retention in each case to be only for a limited period and only where necessary, appropriate and proportionate in a democratic society.

The Government’s response to the representations of the Data Protection Commissioner was to procure the passing of the Criminal Justice (Terrorist Offences) Act 2005, and specifically the incorporation therein of the provisions of Part 7 thereof. Under that part of the Act, the Garda Commissioner may request a service provider to retain, for a period of 3 years, traffic data or location data or both.

These provisions were not and are not in accordance with European law and presumably for that reason, during the Irish presidency of the European Union, Ireland and, others, pressed for alterations in European Union Data Protection law resulting, ultimately in the publication and adoption of Directive 2006/24/EC.

We believe that the adoption of this Directive was not in accordance with European law. Ironically, this opinion appears to have been shared by the Minister for Justice, Equality and Law Reform, Mr. Michael McDowell. Ireland, through the agency of the Minister for Justice, Equality and Law Reform has taken proceedings under Article 230 of the Treaty of European Union to have the said Directive 2006/24/EC declared invalid by the European Court of Justice.

The claimed legal base for the Directive 2006/24/EC is Article 95 of the EC Treaty. In the opinion of the European Data Protection Supervisor this is not a correct legal base for this Directive. We currently believe that this is the very point on which Ireland has lodged their challenge in the European Court of Justice. The period during which Ireland must transpose Directive 2006/24/EC into national law will not expire until 18 months from April 2006.

In the meantime the direction of 25th April 2002 and the relevant provisions of the Criminal Justice (Terrorist Offences) Act 2005 are unconstitutional, in breach of the data protection law of the European Union, specifically of Directive 95/46/EC and also in breach of the European Convention on Human Rights.

From enquiries we’ve made and despite the aforesaid statement, we believe that the Minister for Justice, Equality and Law Reform may change his opinion and more importantly may, without reference to us, discontinue the said challenge under Article 230 of the Treaty of European Union to have the said Directive 2006/24/EC declared invalid by the European Court of Justice.

Furthermore, Ireland may commence and/or conclude the process of transposing Directive 2006/24/EC into national law.

We have written to the Minister for Communications, Marine and Natural Resources for an undertaking that he will withdraw the aforesaid direction of 25th April 2002 given to the telecommunications providers.

We have written in similar terms to the Garda Commissioner seeking an undertaking in writing that he will not, and he will ensure that no Garda Siochana will, seek access to the data referred to, being detailed non-anonymous traffic data, from the telecommunications providers by means of requests, purportedly lawful or otherwise, under the Criminal Justice (Terrorist Offences) Act 2005 or under the Direction of 25th April 2002.

We have written in similar terms to the Minister for Minister for Justice, Equality and Law Reform, seeking an undertaking in writing that he will not, and he will ensure that Ireland will not, withdraw or otherwise not prosecute the challenge under Article 230 of the Treaty of European Union and that Ireland will not in any circumstances transpose or commence the process of transposition of Directive 2006/24/EC into national law.

In default of hearing from them in the terms requested within seven days we have given instructions to our lawyers to prepare for legal proceedings.

Our Previous posts on Data Retention.

Whether it’s listening to music on iPods, talking on our mobile phones or surfing the web, most of us have embraced the digital lifestyle. Technology, however, is changing faster than the legislation covering our use of it. So while new technology promises a revolution in the way we consume and interact with different media, it is also giving content providers new ways of controlling our use of the music, movies and information we purchase.
…

MUSIC The iPod has revolutionised the way we listen to music, but it has also opened a legal minefield. “As it stands in Irish law, it seems to be illegal for you to make a private copy of a CD that you’ve bought, so it’s illegal to copy a CD on to your iPod,” says TJ McIntyre of Digital Rights Ireland. “Needless to say, the music industry would like to be in a position where they sold you the music once on vinyl, once on cassette, once on CD and they’d now like to make you pay for the privilege of listening to it on your iPod.”

In May, the British Phonographic Institute (BPI) recommended that the law be changed to reflect a new reality in which people routinely convert their purchased CDs into MP3s. However, Sean Murtagh of Irma, the Irish equivalent of the BPI, says it has no plans to make a similar recommendation here. …

MOVIES With the advent of video iPods and Sony’s Playstation Portable (PSP) it seems that our DVD collections will eventually join our CD collections in our pockets. However, unlike CDs, DVDs are encrypted to protect the film studios’ copyrights. That is a matter of debate among certain copyright activists – if our CDs are unencrypted, why are our DVDs encrypted? Furthermore, it is illegal to create technology that circumvents copyright-protecting technology. So while copying CDs and putting them on portable players is legal in many countries – though not here – it is impossible to do the same with DVDs.

Movies will have to be purchased in a new format for portable players, even though the technology exists for them to be copied as CDs are. “The beauty of it is that [ the film studios] don’t have to persuade the market,” says McIntyre. “If they can come up with the technology and legislation that prevent fair use, they can ignore the wishes of the consumer.”

TELEVISION In the good old days, you watched something on channel A, you recorded whatever it was you wanted to watch on channel B, and then watched the tape. What’s more, you were legally entitled to do so. But that legal entitlement to fair use is under threat. As the technology moves beyond the VCR to “timeshifting” personal video recorders (PVRs) such as Tivo or Sky+, we should be able to digitally record programmes to a hard drive, skip the ads and move those programmes on to our iPods or PSPs.

However, a “broadcast flag” is being introduced by US networks. Certain programmes would be digitally flagged as, for instance, unrecordable, or watchable only once, or not entitled to be moved to a portable player. “Broadcasters would like to stop via technology what they couldn’t stop by legislation,” says McIntyre. “First they create the technology that stops people doing something [ the broadcast flag], and then they make it illegal for them to circumvent .”

What can we do about these issues? The Consumers’ Group BEUC is running a campaign at a European level, where you can sign a petition to urge MEPs to protect consumers’ rights. We’ll soon be launching an Irish campaign on these issues – watch this space for more.

This pamphlet is intended to give an outline of your rights and responsibilities as a photographer, but is not intended as a comprehensive guide.

As always, if you’re looking for specific legal advice, contact your local friendly solicitor!

Photographing on Public or Private Property?

In general, you are entitled to take pictures of anything you wish, when in a public place. You may take pictures of private property, people, or anything else you fancy.

On private property, you are also generally allowed to take photographs, provided you have permission to be on the property.

However, the owner may impose conditions on your entry to the property, which may include a complete ban on photography, a ban on photography of certain things, or a ban on certain types of photography (eg, flash photography, video photography etc).

Even where permission is not explicitly needed to enter the property, the owner is entitled to demand that you cease taking photographs, or that you leave the property. If you are asked to leave a property, you should not be threatened or attacked. Reasonable force may be used to remove you if necessary, however. In general, you are better off leaving when asked – the fact that you should not be threatened, does not mean you won’t be. The owner has no right to confiscate or damage any of your equipment.

The occupier of a private property, where he is not the owner, has the same rights as the owner would have. Security guards may also act for the owner or occupier in exercising these rights.

Violating the conditions under which you were admitted to a property voids your permission to be there, and you may be guilty of trespass. Trespass is a crime in some unusual cases but damages are more commonly sought in a civil case.

Photographs in a Public Place

You are not allowed to harass people in the course of your photography – stalking someone, or repeatedly blocking their way to take a photograph of them could be construed as harassment; simply taking a photograph of them probably won’t. Taking photographs of people in public is generally allowed – however, an exception is made where the subject would have a reasonable expectation of privacy. You’re perfectly entitled to take a photograph of someone walking down the street – but hiding in a tree to take a photo of them in their home may get you into trouble.

You are not allowed to obstruct movement on the highway (roads, footpaths, cycle paths etc), or the work of a police officer, while taking photographs. Whether you are regarded as obstructing will depend on the situation, and you will generally be asked to move along by the police, if they view your behaviour as obstructive. If you refuse to do so, or persist in obstructing the highway, however, you may be arrested.

Legal Restrictions

What you can do with your photographs is limited by Irish law. You may be found in contempt of court if you publish a photograph of a defendant, where identity is in question, that is, where witnesses may be asked to identify the defendant. You may also be found in contempt of court if you publish a photograph that might prejudice the defendant by insinuating his guilt (for example, of him being brought to court in handcuffs), or a photograph that might reveal prior convictions (for example, of the defendant at a previous trial).

Your Subject’s Rights

Can the subject of a photo prevent you from publishing it? Most of the caselaw in Ireland has centred on the misuse of celebrity images to imply an endorsement of a commercial good or service. This is dealt with by the courts, in general under the normal rules covering passing off. So, if the subject’s image might be worth money if used in an advertisement or as part of a product endorsement, they have a right to protect the income flowing from that, as a property right.

But what about the rest of the world, who don’t make their fortunes by assuring the world that, as Hollywood millionaires, they choose only the finest home-bottle hair-dyes to colour their hair? As the actor Gordon Kaye found out, when he was photographed by an interviewer whilst recovering from a serious head injury in hospital, there’s not much anyone can do to prevent you from publishing your photos. Provided your photographs are genuine, even if they would bring the subject down in the eyes of society, they’re not libellous.

Up to now, the right to privacy has been largely determined by a mixture of Constitutional rights, and ECHR caselaw – the Minister for Justice has previously said that the private interactions of a person – even in a public place – may be covered by the right to privacy – for example, while doing the shopping, or meeting a friend for coffee. But, once the interactions become public – at an awards ceremony, or waving from the podium at the Olympic Games you lose that right to privacy. It may be hoped that the forthcoming Privacy Bill will clear up these issues, but for now, it is generally safe to presume that you can publish your photographs, unless your subject was in a situation where a reasonable person would believe that they’d brought their ‘portable sphere of privacy’ out with them.

In short, your subject can object to the publication of photos of them if: The photographs are untrue – they’ve been altered in some way, to show something that isn’t the case; The photographs are interfering with the subject’s commercial endorsement business; The photographs are tortiously violating the subject’s privacy.

The last option is still not entirely clear, but use common sense and remember the hypothetical “reasonable person”, and you shouldn’t go too far wrong.

Ownership of Photographs?

If A takes a photograph of B, who owns the copyright in that photograph? As a general rule, the photographer owns the copyright. This is true even if B has commissioned and paid for the photograph – as in the case of wedding photographs. If B wishes to enjoy the copyright, he must agree with A that the copyright will be transferred to him. B should make sure that the agreement and any transfer are in writing – or they may be ineffective under Irish law to transfer the copyright.

The main exception to this principle is where photographs are taken by an employee in the course of their employment – if X Ltd. employs Z as a photographer, then the photos taken by Z in the course of his work belong to X Ltd. and cannot be used by Z without their permission. This can trip up the unwary – for example, Z may be in difficulties if he wishes to use those photos as part of a portfolio of work.

Digital Rights Ireland deplores the decision of the large parties in the European Parliament to collude with the Council of Ministers in this back-room deal, by-passing the compromise proposal proposed by the Parliament Rapporteur from the Committee for Civil Liberties, Justice and Home Affairs, Mr. Alexander Alvaro.

The Directive mandates that EU member states, including Ireland, are to track the location of all mobile phones, all calls made from land lines and mobile phones, as well as all information on individuals’ internet and email usage. This will include keeping records of all web sites visited, the senders and recipients of all emails and the use of any other Internet Protocol (IP) based communication such as the increasingly popular Voice over IP (VoIP) phone providers such as Skype.

Digital Rights Ireland chairman, TJ McIntyre responded “We will be campaigning for a full and public consultation process before the Irish implementing legislation is drafted. So far, data retention measures have been negotiated behind closed doors, with a haste justified by artificial urgency. The citizens of this country deserve an open and inclusive debate before any further freedoms are taken away.”

Privacy Under Attack

Ireland has already had surveillance of this kind for some years. The existing rules required details of telephone use and mobile phone location to be stored for three years. This was initially introduced in secret in 2002, and was placed on a statutory basis only this year, by way of a last-minute amendment to pending legislation. This amendment was introduced without prior warning or consultation, and rushed through with little debate.

However, this European law goes further. It extends monitoring to cover all internet use. It will require Internet service providers to record details of every email you send and every web page you visit. The Directive requires this information to be kept for a minimum of 6 months, but allows national governments to adopt longer periods if they wish. The Irish Government already requires your telephone records to be held for 3 years and seems set to apply the same to these new areas.

In addition, this law, since it was adopted in Europe, is immune from challenge under our Constitution. No Irish judge will be able to decide whether this law amounts to a breach of the constitutional right to privacy. Digital Rights Ireland is concerned that our Constitutional rights can be evaded so easily.

A Rushed Job

This directive was the fastest ever to be adopted by the European Parliament – moving from initial European Commission draft to final vote in less than three months, as opposed to the usual period of over a year. The rush was attributable to the UK Presidency’s need to have the matter dealt with during their term of office.

Gay Mitchell MEP, who broke with Fine Gael’s grouping (the European People’s Party) to vote against the law said, “I do not know why this proposal was rushed. The extremely accelerated legislation procedure has meant that there was little time for discussion, and translations were sometimes unavailable. There was also no time for a technology assessment or for a study on the impact on the internal market.”

Internet business groups have decried the Parliament’s decision. The umbrella group for European Telco and ISP industry associations warned “This directive will impose a significant burden on European e-communications industry, impacting on its competitiveness. However, only a fraction of the e-mail services used today would be covered by the EU Directive as the world’s largest e-mail providers are not in Europe, allowing criminals to easily circumvent the rules.”

Michele Neylon, of Carlow-based Blacknight Hosting echoed this warning “Although, as a responsible company, we can appreciate the spirit of the legislation, I feel that this legislation’s introduction will have a negative impact on industry, while it will fail to address its own objectives.”

“It is disappointing that the European Parliament has seen fit to support such a draconian and disproportionate directive. Those MEPs who voted in favour of data retention have shown an alarming disregard for Europeans’ civil liberties and human rights. We will now be looking at what can be done both in the European Court of Human Rights, and on a national level, to overturn – or at least limit – this legislation.”- Suw Charman, Open Rights Group (UK)

Gus Hosein, Visiting Fellow of the LSE and Senior Fellow of UK-based watchdog Privacy International said “The EU used to set the standard for privacy protection. Now because of pressure from the UK and Ireland, the EU is ‘going it alone’ and leading the world in surveillance of all of our interactions and movements in the information society.”

Ireland’s Response

The Irish Minister for Justice, Mr. Michael McDowell, who was one of the promoters of Data Retention in the Council of Ministers, has now threatened to take a legal challenge to this directive to the European Court of Justice. This is the result of an argument over whether the European Commission and Parliament should have had any role in determining what Mr. McDowell argues was a matter solely for the governments. Digital Rights Ireland would welcome this development, and calls on the Minister not to pull back from his stated position, which is also supported by the government of Slovakia.

Digital Rights Ireland, along with other European rights groups and industry representatives, have argued that data retention is a disproportionate invasion of everyone’s privacy. It treats everyone using a telephone or the Internet as a suspect, putting every man, woman and child in Europe under surveillance. Data preservation, which rights groups prefer, would target only those actually suspected of being engaged in criminal activities, and would implement adequate safeguards such as court orders and warrants

Following the formality of Council of Ministers’ approval for this law, Ireland will have 18 months in which to draft national legislation to implement its terms, pending the outcome of the Minister for Justice’s mooted challenge to the validity of this directive.

As befits the public significance of this kind of legislation, Digital Rights Ireland will vigorously seek to assist policy makers in drafting proportionate and secure national laws.

We will also be campaigning for adequate safeguards to be put in place before this new law is implemented. These must include minimising the time for which your information is stored, limiting the circumstances in which your information can be accessed, providing for adequate oversight of the data retention system, and requiring independent approval before your personal information can be accessed. Without these safeguards, details of your phone calls, your internet use, and even your whereabouts will be wide open to abuse.