I wish to give some background to this set of amendments, as they were not present when the Bill was passed by this House. The data retention amendments, which are set out in amendments Nos. 3 to 9, inclusive, and their timing represent a response to a confluence of circumstances.
In January of this year, the Data Protection Commissioner, a statutory officer who is independent of the Minister for Justice, Equality and Law Reform, issued enforcement notices to telecommunications companies, directing them to erase telecommunications data as soon as it was six months old. As the notices were due to come into operation on 1 May 2005, a rapid response to them was essential. One of the reasons given by the Data Protection Commissioner for the notices was that he did not consider that there had been adequate legislative underpinning of the existing directives, which had been issued by my colleague, the Minister for Communications, Marine and Natural Resources.
The importance of data information in fighting crime, including terrorist crime, and in safeguarding the security of the State cannot be underestimated. I do not refer to issues of a "big brother" nature, but to criminal matters such as nuisance calls. Data information can be used to determine where a particular person was at a certain time, for example, or whether a prosecution witness is being truthful about when he or she received a telephone call that may be relevant to the facts at issue in a given case. Such information may be of use to the defence side of a case as well as the prosecution.
When the Data Protection Commissioner issued the enforcement notices, I decided that I could not allow the Garda Síochána or anybody else to lose access to data information as soon as it was six months old. As it would not have been practical to prepare a separate Bill and to guide it through both Houses by 1 May next, I decided to add the necessary provisions to the Criminal Justice (Terrorist Offences) Bill 2002 while it was before the Seanad.
Deputies may be aware that an EU framework decision on data retention was published last year following the terrorist bombings in Madrid. The decision, which arose from a declaration on combating terrorism, instructed the European Council to adopt an instrument on data retention by June 2005. The framework decision, which was a response to the declaration, encountered some technical difficulties during the negotiations on it. It is doubtful, regardless of whether the framework decision or an alternative instrument is eventually agreed, that it will be possible to adopt any instrument by June of this year. It is normal to await agreement on such international instruments before preparing implementing legislation.
If the Data Protection Commissioner had not acted as he did and if the EU had not encountered the difficulties I have mentioned, different options would have been open to me. It is like standing with one's feet in different boats which are beginning to move apart — one will eventually have to make a decision. In this case, I would have had to decide whether to legislate on a domestic or a European basis. In the circumstances, I had to act quickly. I had no choice but to legislate at this time, given the possible delay in obtaining agreement on an EU instrument and the timing of the enforcement notices issued by the Data Protection Commissioner, who is entitled to withdraw the notices he has served. I understand he stated his intention to withdraw the notices if I were to publish legislation, which is passed by the Oireachtas, to put this matter on a statutory basis.
The necessity for this legislation was reinforced by the recent decision of the Court of Criminal Appeal in the case of Murphy v. Attorney General. The legal advice available to me on the implications of the judgment is that primary legislation on data retention, with statutory safeguards, is necessary. Incidentally, the court’s judgment fully vindicated the use of communications data in the investigation of crime.
I emphasise two points before I outline my proposals. This legislation is concerned with data information such as the telephone number phoned, the time at which a call was made or the duration of a call. It is not concerned with the content of the call, which is dealt with in separate legislation from 1993. Section 60 clearly sets out the parameters of my proposals to ensure that there cannot be ambiguity on this point. The proposals are temporary measures for inclusion in this Bill as a matter of urgency, for the reasons I have outlined. As soon as an EU instrument is agreed, I intend to replace it with more comprehensive legislation that will take into account the provisions of the instrument.
Some people might wonder why I am making these proposals or why I am waiting for the EU to take a view on the matter. It is possible for somebody living in a certain jurisdiction to subscribe to a telephone service coming from another jurisdiction. That might not be as obvious in this country as it is elsewhere because we are on the north-west periphery of the European Union. A person living in County Louth could subscribe to a UK telephone service or a person living in Newry could subscribe to a telephone service in the Republic of Ireland. It is obvious that there are places across Europe in which it is possible, under free trade rules, to subscribe to and use a service which is provided outside one's jurisdiction.
There is a case for having the same minimum rules and parameters in respect of this issue across the EU. It is not the case that the EU is engaging in gratuitous meddlesome activity. It is not a case of integration or harmonisation for its own sake. There will be certain implications if a telephone company in one EU member state is required to store data and to make that available for retrieval at a later stage, at its own expense, while another member state is indifferent to the matter and decides not to bother with it. The timing of the legislation will depend on when agreement is reached on an EU instrument, as well as on its complexity. As things stand, it is likely to involve a unanimous decision of the 25 member states, although I am not certain. In arriving at an agreement, the speed of the train will be determined by the speed of the slowest carriage.
I preface my explanation of the data retention provisions by further emphasising that they place no more obligations on communications service providers than the current provisions. However, I am incorporating into data retention for the first time important safeguards which will ensure that the system cannot be misused in any way. As things stand, service providers which receive directions are obliged to retain telephony data for three years, under directions issued by the then Minister for Public Enterprise in April 2002. It was intended that the directions would be temporary and would be replaced by primary legislation, as I now propose.
Section 61 of the Bill gives the Garda Commissioner the power to ask a service provider to retain communications data "for a period of 3 years". Under section 61(1), the data will be retained for the purposes of:
(a) the prevention, detection, investigation or prosecution of crime (including but not limited to terrorist offences), or
(b) the safeguarding of the security of the State.
Section 62 states that the data can be accessed in circumstances similar to those inserted in the Postal and Telecommunications Services Act 1983 by the Interception of Postal Packets and Telecommunications Messages (Regulation) Act 1993. Under section 62(2), if the data are required for the purposes mentioned in section 61(1), an application for access to the data must be made in writing by "a member of the Garda Síochána not below the rank of chief superintendent". The data will then be disclosed to that officer. Alternatively, section 62(3) allows for the application to be made by "an officer of the Permanent Defence Force not below the rank of colonel" when the data are required for the purpose of safeguarding the security of the State.
Sections 63 to 65 introduce for the first time the safeguards I mentioned some moments ago. The sections extend to data retention provisions the safeguards already in existence under the Interception of Postal Packets and Telecommunications Messages (Regulation) Act 1993, which ensure the integrity of the interception of communications. I refer to matters such as telephone tapping, to use a colloquialism. As a result of this legislation, data retention provisions will be kept under review for the first time by the same judge of the High Court who keeps the interception provisions under review under existing legislation. The judge will also have the power to ascertain whether the Garda and the Defence Forces are complying with the data retention provisions. He or she can include in a report to the Taoiseach such matters relating to data retention as he or she considers appropriate.
Similarly, the existing arrangements relating to complaints referees, who are appointed under the 1993 Act, will apply in respect of data retention. The scope of the functions will be extended to include data retention provisions. Any person who believes that data relating to him or her that is in the possession of a service provider may have been accessed by the Garda or the Defence Forces can apply to the referee for an investigation. The referee can investigate whether a disclosure has been made and, if so, whether any provisions of section 62 have been contravened. If the referee concludes that there has been a contravention of section 62, he or she must notify the applicant and report his or her findings to the Taoiseach. The referee may also order the destruction of the relevant data and recommend the payment of compensation to the applicant.
I sum up the data retention provisions in amendments Nos. 3 to 9, which constitute the new Part 7 of the Bill, by stressing the importance of communications data in the continuing fight against terrorist crime. I do not want to refer to current investigations or investigations of relatively recent origin. Every Member knows that telecommunications data do not apply simply to big brother circumstances but also to personal tragedy and, therefore, there should be a coherent legislative basis therefor. If I simply made provisions underpinning the present regime without providing further protections, Deputies on both sides of the House would obviously ask why it is right to allow a High Court judge to keep an eye on what the Minister for Justice, Equality and Law Reform is doing regarding phone tapping to determine the content of communications while there is absolutely no supervision to determine whether chief superintendents of the Garda Síochána who are looking for data are abusing their power. This is a fairly cogent argument and it had to be met head-on. In any event, our obligations under the European Convention on Human Rights might well require us to extend that kind of independent supervisory mechanism from phone tapping to data communication-type circumstances.
I must accept that the proposals are modest in that they do no more than effectively continue the present procedures and provide legal certainty. In that sense, they do not extend Garda powers beyond their present scope but, in view of the sensitivity of the subject, they provide strict new safeguards to ensure the proper and safe operation of the system.
On phone tapping and intervention to open postal packages, the relevant power is vested in me. I must operate on the basis of a public servant who is the authorised officer under the legislation. It is not proposed to vest the power under discussion in the Minister for Justice, Equality and Law Reform under the new provision. This is for a very good reason. In the case of a ring buying and selling hot cars, for example, the volume of applications could be substantial. It would be incorrect to contend that the Minister for Justice, Equality and Law Reform could spend his day authorising follow-on applications for data. I would do nothing else if I were to do that kind of work and I would not be able to supervise in any way. It is sensible to vest the power in senior Garda officers and it would be fanciful to suggest a Minister could discharge the function.
Regardless of who discharges the function, there is no argument against putting in place the same supervisory mechanisms. These mechanisms are such that a judge of the superior courts can vet what is happening every year and check by way of audit that there are good reasons for each action to be taken, and that somebody who believes his data were accessed improperly can go to an independent referee, make a complaint and, only if it is found that his data were accessed improperly, be informed of that fact, after which the independent referee can order the destruction of the data in question and propose compensation for the victim of the abuse of the power.