DRI has led successful challenges against indiscriminate data retention and state surveillance measures in Ireland and the EU, fighting against blanket monitoring and unlawful access to personal communications by governments and corporations.

Mobile Phone Data Retention

For nearly a decade, Irish and European laws required mobile phone companies and Internet Service Providers to monitor their customers and hold data on users’ location, calls, texts and emails, and to store that data for up to two years. In 2006, DRI brought a case challenging this mass surveillance which led to a landmark judgment from the Court of Justice of the European Union.

Despite this ruling, in June 2023 the Department of Justice sought and was granted a High Court Order requiring mass surveillance and indefinite data retention on the part of mobile phone companies. The identity of every person you phone, text, and/or email; the date and time of when you do so; and the location of where you are when you do so; is now being retained by mobile phone companies for Garda access.

Impact: The ECJ’s judgement in favour of DRI struck down the European law and declared this type of mass population surveillance illegal. The case has now returned to the Irish courts, where we are still litigating to have our national Irish laws struck down also.

Smart Meters

Over 1.9 million smart meters have been installed in Irish homes, farms, and businesses by ESB Networks and CRU, the energy regulator. Consumers consented to these meters on the basis that they would report usage to and streamline billing from their electricity provider. The meters in fact collect much more data than what is required for billing, only a portion of which is visible to customers, and some portions of which ESB itself has classed as “secret.” Despite consumers being unable to see the data held on them, the ESB proposed to share this customer data with outside agencies including the CSO and An Garda Síochána, without customers’ consent, notification or any legal basis.

In November of 2024, Digital Rights Ireland issued a formal complaint to the Data Protection Commission and called on them to investigate ESB Networks and CRU and force them into legal compliance with GDPR.

Impact: Ongoing. DRI has raised concerns with and has engaged directly with them. We have seen some practical improvement in how privacy issues are being dealt with as a result.