Dáil Éireann debate -
Tuesday, 5 Jul 2022

I move: "That the Bill be now read a Second Time."

I am pleased to introduce the Communications (Retention of Data) (Amendment) Bill 2022 to the House. This Bill relates to serious matters of policy with regard to the scope of data retention and access measures that are permitted for the purposes of an effective response by State agencies to issues of national security, crime and the life and safety of persons. The Bill aims to amend the current Communications (Retention of Data) Act 2011. This provides for the general and indiscriminate retention of certain categories of communications data held by communications service providers, but not the content of such communications. Disclosure of such data is permitted for the purposes responding to serious criminal offences, safeguarding national security or the saving of human life.

Various safeguards are built into the Act, including access to a complaints mechanism if a person’s data are disclosed, a reporting requirement for State agencies on their use of the Act and an oversight role for a designated judge of the High Court. Deputies will be aware that there has been a civil law challenge to the 2011 Act, arising from a high-profile criminal case. While it would be inappropriate for me to comment on the specifics of any case that is before the courts or may be before the courts at a later date, it is necessary to refer to some aspects of that litigation.

Following a High Court decision in early 2019 which declared invalid the section of the 2011 Act permitting disclosure of retained data for law enforcement purposes, the State appealed the decision to the Supreme Court. The Supreme Court referred certain legal questions to the Court of Justice of the European Union. On 5 April this year, the Court of Justice delivered its ruling. In essence, the court confirmed that while general and indiscriminate retention of traffic and location data for national security purposes can be justified in certain circumstances, it is not permitted for the prevention, detection, investigation or prosecution of a serious criminal offence. The court added that access provisions for traffic and location data must incorporate prior judicial scrutiny other than in certain urgent circumstances and in such circumstances, there must be a post review.

The State's appeal proceedings are expected to conclude shortly.

I am advised that there is an urgent need to address the immediate impacts of the Court of Justice ruling by way of a number of targeted amendments to the 2011 Act. The current legal frailties within the 2011 Act have now been made definitive following the issue of the Court of Justice. In addition, service providers in the communications sector have expressed to me doubt as to the validity of continued general and indiscriminate retention of data currently held and the need for legal certainty as to what their data retention obligations now are.

An Garda Síochána and other relevant agencies require legal certainty as to the scope of their powers to seek disclosure of retained data for the prevention, detection, investigation, and prosecution of criminal offences, for national security and other lawful purposes. Accordingly, I am proposing a series of urgent amendments to the 2011 Act that balance a number of factors. First, I must adhere to the conditions placed on the general and indiscriminate retention of data for law enforcement and national security purposes. Within these constraints, I am seeking to ensure that An Garda Síochána and other related agencies have the most effective legal provisions that are possible to support their vital role. Second, I must have due regard to the right to privacy of individuals and to the need for strong oversight of any data retention measures that are imposed. Third, I must have regard to the needs of victims or potential victims of crime. There is a right to life and a right to personal safety of persons and these rights must also be given sufficient priority.

I will refer briefly to the main provisions of the Bill. It provides for amendments to the current rules on general and indiscriminate retention of traffic and location data, referred to as “Schedule 2” data. Such retention can only be permitted for national security purposes and where there is the approval of a High Court judge. It will no longer be permitted for law enforcement purposes. Disclosure of the retained data will only be permitted where approved by an authorised judge of the District Court. While I do not object to the concept of judicial approval of disclosure, confining general retention to national security purposes is a requirement of the Court of Justice rulings and would not be my preferred policy choice. I will, however, continue to advocate at EU level for an EU-wide legal instrument that will support strong general data retention measures that deal with both national security and law enforcement concerns.

Provision is made for new access provisions including two new types of orders which will strengthen the capacity of An Garda Síochána to secure and access specified categories of Schedule 2 data for the purpose of specific criminal investigations or proceedings or for national security. Preservation orders will require the preservation of specified Schedule 2 data in connection with specific persons, locations or other indicators, for example mobile phone numbers. A preservation order will not in itself require the granting of access to data. Production orders will require the submission of specified data to An Garda Síochána, and may include data that may already be the subject of a preservation order. The possibility of deploying such measures is to ensure the expedited retention of specific data in individual cases and has been acknowledged by the Court of Justice in its rulings. Provision is also made for the approval, in urgent cases, of temporary orders by an appropriate senior official in each organisation. These must be notified to an authorised judge for affirmation within 72 hours.

I am also providing, as required by the Court of Justice rulings, for separate rules and procedures for retention and disclosure of user data, which refers to issues such as the mobile number used, the equipment identifier number for any specific device, the Internet protocol, IP, number of a communication, and the date and time of initial activation of a communications service of a user. This more general type of information does not specify details relating to the number, traffic or location details of users of communications services. Court of Justice rulings do not require a change to the existing rules linked to the retention of user data, which is deemed to have less of an impact on privacy rights. The retention of and disclosure of such data can be permitted for both national security and general criminal offences in general.

As it is permitted by the Court of Justice, I am also making provision for the retention and disclosure, subject to judicial approval, of Internet source data. This refers to the data necessary to trace and identify the source of a communication by Internet access, Internet email or Internet telephony. This will typically be the IP address that will have accessed Internet content. The 2011 Act already provides for the retention of similar categories of data. Such data is deemed to be particularly important in the detection of offences committed online, such as child sexual abuse offences. Provision is also made in urgent cases of the disclosure of this data by an appropriate senior official in each organisation, which must be notified to an authorised judge for affirmation within 72 hours.

The Bill also makes provision for a transitional provision that allows for a time-limited period where there can be disclosure, on national security grounds only, of Schedule 2 data already retained under the existing 2011 Act until the earlier of the following events: expiry of a period of six months; or the making of a first order by the High Court permitting the future retention of Schedule 2 data. This provision will run for a period depending on when the relevant data was first processed but it will naturally expire and such disclosure will only, in line with the Court of Justice rulings, be for national security purposes.

The Bill makes provision for the authority of An Garda Síochána to seek urgent access to cell site location data that indicate the last location of a person’s communications, where necessary for the saving of a life or dealing with missing persons. The Bill also makes provision for notification, in certain circumstances, of the data subject where Schedule 2 data has been disclosed for law enforcement purposes.

There are a number of important differences between the data retention and disclosure regime in this Bill and the 2011 Act. General retention of Schedule 2 data is only permitted for national security purposes and only where approved on necessity and proportionality grounds by a designated High Court judge. In the 2011 Act, it is for both national security and law enforcement. There is no prior judicial approval. A single 12-month period of retention is provided for all forms of Schedule 2 data. It is currently 24 months for telephony data and 12 months for Internet data in the 2011 Act. Disclosure of Schedule 2 data is subject to approval by an authorised District Court judge and only where necessity or proportionality can be shown. There is no prior judicial approval process for disclosure in the 2011 Act. The preservation order regime is less intrusive on privacy rights as it does not require immediate production of data. This is not in the 2011 Act. The provision on notification of a data subject in certain circumstances is also not in the 2011 Act.

I am conscious that I am asking the House to approve these amendments on an urgent basis. I believe, however, that recent litigation and the urgent need to provide for clarity for service providers, An Garda Síochána and other State agencies justify making immediate legal changes now pending further reforms later this year. An Garda Síochána and other agencies cannot, in my view, have one hand tied behind their back in seeking to safeguard national security, prosecute offences and ensure the personal safety of individuals. I am also happy to confirm that later in 2022 I intend to bring forward a set of wider reforms to clarify and consolidate the law on data retention. I intend to publish an updated general scheme of a Bill, which will build on a previous general scheme that was published in 2017 and completed scrutiny in early 2018. This general scheme will also have regard to the evolving case law of the Court of Justice in the intervening period and will be proposed for discussion and further consultation, as required, before the Joint Committee on Justice. I am pleased to commend the Bill to the House.

Gabhaim buíochas leis an Aire. I will first address the manner in which this Bill has been introduced. It has long been known that this area needs to be addressed. Yet again, the Government has been found wanting. A proper approach to law reform does not involve sticking one's head in the sand and hoping that things will work out. There is no doubt that great complexities exist around data retention but they are not resolved by being ignored. Now, in a sense of heightened urgency the Government is seeking to address these issues while acknowledging that it is unlikely the Bill will be the lasting solution. It has engendered a sense of panic. The Joint Committee on Justice was asked to waive pre-legislative scrutiny, refused and was then asked to engage in pre-legislative scrutiny at very short notice. This is far from ideal and has produced, in the view of Sinn Féin, a poor solution to the challenges at hand.

It must be noted that EU law in the area does need to be examined, as my colleague, Deputy Martin Kenny, pointed out in April when the Advocate General of the Court of Justice gave his view on the Dwyer case. Any data retention regime must, naturally, comply with EU law. There is little doubt that the strict adherence to the notion that only threats to national security merit the retention of data can lead to serious criminals evading justice. I note that the submission from An Garda Síochána mentioned the challenges that all EU countries face, not just Ireland. The Minister must seek to address this at European Union level, solely in respect of serious crime.

There is a balance to be struck in EU and domestic law between civil liberties and the need for justice, as well as for a stable regime where there is certainty for operators, prosecutors, the courts, An Garda Síochána and ordinary citizens. The Data Protection Commission was only given a copy of the general scheme of the Bill two weeks ago and was invited to partake in the rushed pre-legislative scrutiny session to which I refer at 24-hours-notice. The commission has concerns arising from the proposed data protection audits referred to in the Bill.

In terms of the operators, there is little in the Bill which sets out the when, how and where of data retention. Improvising in respect of these areas is not something that should be done. The consequences of getting it wrong are very worrying. According to Ronan Lupton, the chair of their representative group, it could take between 12 and 24 months to build the systems necessary under the provisions of the Bill. Presumably, the Minister will have introduced fresh legislation within this period so this timeline will then need to be reset. Consultation with the operators over what is and is not feasible must be done.

For prosecutors, the uncertainty is of no great help. Obviously, the Office of the Director of Public Prosecutions, DPP, is unlikely to refuse any additional tool it can gain. If, however, it is uncertain about how legally sound the existing arrangements are, enacting a Bill which has received much valid criticism to cover a limited period is of no great comfort.

The courts are in a similar boat. I fear they will be making decisions that can be resolved by policy. The latter is an undesirable situation, in light of the separation of powers, but a seemingly likely one because the Bill lacks detail and provisions relating to real-world application.

The Garda Síochána, as already mentioned, has flagged that the issue of data retention is a challenge for many countries. Yet its job will be among the most difficult under this regime. It is worth quoting the remarks of its representative at the Joint Committee on Justice last week:

Under the scheme of the Bill, whilst AGS will be able to utilise Preservation and Production Orders to secure evidence, this process will be forward-looking and not retrospective. This will cause significant difficulties in criminal investigations, which usually commence post incident. However, this restriction does not arise in relation to matters relating to National Security matters.

The rights of ordinary citizens need to be recognised within this process. The Irish Council for Civil Liberties, ICCL, has outlined a number of its concerns. It is clear that, if passed, the Bill will lead to further legal uncertainty and legal challenges of the type brought by Graham Dwyer. Victims deserve better than that. At the same time, indiscriminate data retention with little legal certainty or process poses a great threat to privacy. Proper supervision of access arrangements is important but of course the best protection is always to not collate data in the first place, followed by collating it for specified reasons with a clear legal basis.

The Bill allows for a one-year retention period that can be renewed. This could see data being retained indefinitely, which is not a desirable outcome. The functions of a judge who grants access to this data must be expanded. There is a recognition of the need for supervision in the Policing, Security and Community Safety Bill. That Bill has enjoyed a far longer and more detailed scrutiny process, which is no doubt required here also.

Despite the Government's foot-dragging in this area, there is a clear need to address the challenges the ruling presents. Sinn Féin is holding its own engagements with stakeholders. Any new Bill needs to respect these stakeholders and be the subject of a proper timeframe to facilitate their input.

This Bill will significantly amend the Communications (Retention of Data) Act 2011. This is in response to a ruling in April by the Grand Chamber of the Court of Justice of the European Union, which held that the "general and indiscriminate" retention of electronic communications data for the purpose of combating serious crime is precluded by EU law. The court's ruling followed a referral by the Irish Supreme Court in February 2020, which was hearing a leapfrog appeal from the State against a High Court ruling in December 2018 which agreed that the Communications (Retention of Data) Act 2011 was incompatible with EU law.

The Bill provides that general and indiscriminate retention of communications traffic and location data can only be permitted on national security grounds where approved by a designated judge. It also provides for a system of preservation and production orders to facilitate preservation of and access to specific communications data held by service providers for both national security and for the investigation of serious crimes where permitted by an authorising judge.

A preservation order will act as a quick freeze that will require service providers to retain any specified data they hold at a particular point for a period. A production order will allow access to specified data held by a service provider for commercial or other reasons where such access is necessary for national security or law enforcement purposes. The effect of a production order will be that a service provider must immediately take steps to produce and hand over to the relevant State agency the data described in the order made by an authorised judge. Both traffic and location data retained for national security purposes and subscriber data, retained for national security or law enforcement purposes, will be retained for 12 months.

The Government previously indicated that the general scheme was consistent with EU court rulings in this area. We must ensure that there are safeguards and protections when it comes to accessing data, but we must balance this with the need to keep people safe and fight serious crime. There is an urgency in addressing this issue in light of the need for legal certainty for communications service providers and State agencies on what obligations apply to the retention of communications data, which is vital for law enforcement and national security.

The Government intends to bring forward a more comprehensive proposal later in the year to address wider reforms and a more consolidated legal framework in this area. The Minister needs to share the details of that proposal in order that we can judge the Bill before us in that context. We are potentially dealing with significant erosion of civil liberties, and must have all the information before making an informed decision.

The Joint Committee on Justice recently warned that the rushing through of this legislation would make it vulnerable to legal challenges. It further warned that the Bill will have serious consequences for future court cases. A senior garda told the committee that while the Bill's provisions are in line with European court rulings, typical investigations into serious crime will suffer under those provisions. The committee also strongly criticised the Government for announcing approval of the Bill on 31 May despite repeated indications over the past eight years that the legislation was problematic. Furthermore, the committee stated that the draft Bill was only sent to it two weeks before the Dáil's summer recess. This is not the way to do business. The committee has expressed its concern that the rushed process and lack of mandatory consultation will lead to legislation that is vulnerable to legal challenge and that this will have serious consequences for future cases. The committee also called for a sunset clause and wants much wider consultation to take place when more comprehensive legislation on accessing people's communication data is published later in the year.

Certain categories of citizens should be given separate rights, such as, for example, journalists, in order to ensure that sources are adequately protected. We also need to see a code of conduct for telecom service providers in order to provide clarity.

Yet again, we have legislation that is being rushed through by the Government. This will have consequences. If you act in haste, Minister, you will repent at leisure.

I appreciate the difficulties in the shadow of which the Minister for Justice is operating. This is a very tricky situation. We assumed in 2011 that the law enacted then provided a reasonable balance between what all of us would expect, which is that there can be no mass surveillance of our population and that we are all entitled to what are set out in the Charter of Fundamental Rights of the European Union as our personal freedoms in the context of not having our movements monitored and details of them collated and reported to any authority.

It needs to strike that balance between the right of the State to protect its citizens, to prosecute serious crime and to ensure that the perpetrators of serious crime are brought to justice, using whatever technologies we have.

Having said that and while I fully appreciate and understand the pressures the Minister is under, it is fundamentally unacceptable that in the second last week of a Dáil sitting we would be presented with legislation like this so fundamentally important to the rights and well-being of citizens and the prosecution of serious criminal cases. Let us consider the basics of it. The Data Protection Commission's deputy commissioner had sight of the heads of this Bill eight days before he was asked to make his presentation to the Oireachtas Joint Committee on Justice and give his observations. He only had sight of the draft Bill 24 hours before being asked to make that submission. Members of the committee got a draft of the Bill courtesy of the Minister the night before our session. Many of the people we had invited to make submissions to the committee were not in a position to make submissions, so tight was the notification.

The Minister asked that we do away with pre-legislative scrutiny and all of us on a cross-party basis thought that was fundamentally wrong. The whole idea of pre-legislative scrutiny is to go into the details and hear from the stakeholders before we get into the minutiae of enacting legislation. This is one of the fundamental reforms brought in in 2011. The current Taoiseach was among the champions of demanding pre-legislative scrutiny as a permanent feature of the way we do business. I accept there will be occasions when emergencies arise but too often, particularly from the Department of Justice when it has had ample time to prepare legislation and certainly do the groundwork with committees of the House, it presents us with a fait accompli basically regarding the institutions of democracy, Oireachtas Éireann, as rubber stamps, really affording no time for the general public, affected individuals or organisations, including commercial entities in this case, to give a reasoned consideration and present their position to us because the Department of Justice knows all the answers to all the questions and could present a completed Bill that basically is unamendable.

To compound all of this I understand we are to have 45 minutes tomorrow for Committee and Remaining Stages. In essence it is probable that only the first amendment will actually be reached and debated tomorrow. That is just not good enough and not acceptable. It is not the way I expected the current Minister for Justice to deal with the House. The rhetoric is great, but this is the reality. There is no time for pre-legislative scrutiny, no time for the really affected organisations to prepare their presentation on this fundamental and tricky balancing between the right of citizens to personal privacy and the right of the State to prosecute serious crimes.

We are talking about crimes like online child abuse, murder and people trafficking, where it is really important that we give sufficient capacity to the prosecuting authorities and the investigating authorities to investigate and hold those responsible to account while at the same time ensuring that we do not turn ourselves into a mass surveillance state. The European Court of Justice is particularly exercised about individual rights and freedoms so that someone is able to have a life online as they would have a life in their own village and protecting their privacy in going about this.

As the Minister rightly said, the decision of the European Court of Justice had a profound impact on the 2011 Act. It found that section 6(1)(a) was inconsistent with the European e-privacy directive. Equally there have been views expressed about its compatibility with the Charter of Fundamental Rights of the European Union and also the European Convention on Human Rights itself.

Critical to determining these matters surely is the view of the Data Protection Commissioner. Surely it is not good enough that final Bill would be presented to him 24 hours before a hearing of the justice committee on pre-legislative scrutiny which, if the Minister had her way, would not happen at all meaning that all we would have is this short debate tonight and 45 minutes of detailed scrutiny, which is what Committee Stage is supposed to be about. That will not take place in the Select Committee on Justice, but 45 minutes here tomorrow where we are likely to debate only one amendment. Thankfully the first amendment is mine, but that is likely as far as we will get. That is about putting in a sunset clause which I think is the best we can do in the circumstances and at least timeline this.

I want to go through the Minister's presentation of the Bill in some detail but before doing so, I wish to say one final thing about the general structure of the Minister's proposal. The Bill is complicated to read because like all amending legislation it cross-references the 2011 Act. The Minister has promised to bring in a comprehensive consolidation Act before the end of this year. Is that right?

That would be very welcome because legislation should be readable and we should be able to understand exactly what the rights of every citizen are in relation to data. The Garda should be crystal clear on its rights when accessing and using data for criminal investigation purposes. That is really important.

Equally important is the point already made - a question I asked the representative of the data platform providers in the course of the truncated pre-legislative scrutiny last Thursday. I asked how long he thought it would take for the platforms to implement this particular set of proposals. He said it would take up to 24 months. He could not give me a cost but said it would be a very considerable cost, which obviously would have to be passed on to users. That is not escapable inasmuch as we are required to implement the European Court of Justice findings but we need to be practical about its implementation.

The Minister said the Bill provides for amendments to the current rules on general and indiscriminate retention of traffic and location data, the so-called Schedule 2 data. That is really important because it provides data on where each of us is. As we now learn from court cases we follow, phones are like having tracking devices on our persons. The companies that provide us with the service know where each of us is at any given moment in time. Most of us are not comfortable with that. For most of us it would be very boring to find out where we are at any given time. We would like our lives to be more exciting but still we do not want everybody to know always where we are at any given time. That is why privacy on these matters is so important. However, there are occasions when it will be important to know where suspects are or have been. We really did not have a chance to tease out with representatives of An Garda Síochána whether this is the best fist we could have made of the European Court judgment. I am intrigued by the Minister's comment in her presentation to us that she wants to raise this matter with colleagues in the justice committee I presume at the European Council.

She has done so. Presumably then there will be a collective view that maybe the issue should be readdressed recognising the fundamental importance of not only matters that go to protection of the integrity of the State but also matters that go to prosecuting serious crimes that are by nature ones that threaten the viability of the State anyway if we cannot prosecute murderers or if child abuse or human trafficking becomes more difficult to prosecute.

I am intrigued by the Minister's belief that this is happening anyway. I do not know whether she is telling us that there may be the prospect in the foreseeable future of an amended directive. Is that what is envisaged? In the interim, we must implement the law as it has been stated by the Court of Justice of the European Union and we have to make the best fist of it. I would have liked more time to tease this out with representatives of An Garda Síochána because I am not sure it has fully thought through how useful the particular piece of legislation will be for it.

In terms of the so-called Schedule 2 data, such retention can only be permitted for national security purposes and where there is the approval of a High Court judge. The location data can only be retained for national security purposes, not for the prosecution or investigation of serious crimes regardless of how serious the crime is if it is not a matter of national security. Presumably this is as far as we are permitted to go and be consistent with the Court of Justice of the European Union's judgment, which would cause concern for many of us, including the Minister. The preservation orders will require the preservation of such data in connection with specific persons, locations or other indicators. A preservation order will not in itself require the granting of access to the data. Production orders will require the submission of specified data to An Garda Síochána and may include data that is already the subject of a preservation order. Again, I would like more time to tease out the transition period. We will not have time for it tomorrow either. There will be a number of crimes, probably very serious crimes, that are well-advanced in investigative terms. I do not know whether it is possible for the Minister to indicate how many of these cases are under way. Has she been briefed because she should be if this has implications for these cases? These cases may well be affected by the legislation we are putting through.

The most serious issue is whether investigations and prosecutions come to a shuddering halt because of further action in the Court of Justice of the European Union. That would be a very worrying issue. I also want to make reference to the actual basis of this Bill. A number of real concerns have been expressed. One concerns the legal requirement on the Minister and the Department to produce a written data protection impact assessment. At a meeting of the Oireachtas Joint Committee on Justice last week, I asked Department officials whether this was a legal requirement because that is the legal advice I was given. An official said he would check that so the Minister might be able to indicate to us whether there is an actual legal requirement on her to produce a data protection impact assessment. I think we want to be very clear that we are not producing legislation that will be subject to challenge immediately and because of the way it has been handled here, be referred for scrutiny to the Supreme Court.

I have a question for the Minister that I put to her officials last Thursday. Is she satisfied that it is adequate and appropriate to give this type of notice on such fundamental legislation, which will have implications for the industry, every citizen in the country with mobile data and prosecuting authorities? Is it appropriate that such little time and notice was given to the Data Protection Commissioner? There was no regard to the Data Protection Commissioner's views on the final draft of the Bill because the Bill was published before the commissioner had a chance to scrutinise the detail of it and there was no opportunity for the commissioner to come back to the Oireachtas Joint Committee on Justice. Unfortunately, the committee divided along Government and Opposition lines, which has never happened in any pre-legislative scrutiny in which I have been involved, because we were not finished. We did not get a chance to hear all the views we wanted to hear. We did not get a chance to hear or even receive a submission from some organisations that would have liked to have had an oral and a written submission. This is not good enough with regard to matters of this level of importance.

We have a very truncated debate tonight. We will have no detailed scrutiny because we will have 45 minutes tomorrow to go through every element of the Bill. We will not be able to amend any of the substance of the Bill tomorrow. The Minister is working on consolidated legislation and said she will have the general scheme before the end of this year and the Bill presented to the Dáil within the next 12 months. Will she agree to put a sunset clause into the Bill tomorrow? As flawed as the process has been, I understand the pressure she is under in terms of cases that are before the courts which we will not reference and wants this legislation enacted with great expedition to give some assurance and clarity to the prosecuting authorities. Will she agree to accept the amendment tomorrow or draft her own amendment to provide for a sunset clause so that we will tell everybody concerned, including the platforms, which will have to prepare for this, that this is a temporary measure until the overarching consolidation Bill comes before these Houses in the next 12 months and we have the real time to go through it in detail, hear the views of everybody and get the balance, which is a tricky and difficult one, right to ensure we do not tie the hands of prosecuting authorities behind their backs regarding the prosecution and investigation of serious crime and that we afford the highest protections to all our citizens, who have an entitlement under the European e-privacy directive to go about their business without being subject to mass surveillance because that would cause great anxiety and disquiet among our people? It would go some way towards addressing some of our concerns if at least a sunset clause element was accepted.

I have also tabled an amendment seeking a sunset clause. I think there are probably several of them. If the general scheme is to supersede this legislation and other legislation, I would have thought it would be self-evident that a sunset clause would be a safeguard, which would be the minimum we would expect. It needs to be stated very clearly that if this Bill passes, we will be making mistakes. Many mistakes with this legislation can be foreseen and I will come back to those issues later but there will inevitably be mistakes in this Bill we will not see coming.

Yet, the shorter duration there is for this Bill, the less likely it is to manifest itself on a constant basis.

I will reiterate the point on scrutiny. This is not the way to do legislation. There has been no oversight of this Bill. That is not the fault of justice committee. It is not the fault of the Data Protection Commission, DPC, which did its level best within the time allowed. Truthfully, it has been shouting into the wind. The way the Department of Justice has handled the introduction of this legislation makes a mockery of the concept of oversight. There is no oversight.

Following the 2016 decision by the Court of Justice of the European Union, CJEU, it was clear that the way we were retaining data in Ireland was a complete breach of European law. In 2017, the Murray report found that the original 2011 Act amounted to the illegal mass surveillance of virtually the entire population of Ireland. A vast amount of private communications information is retained without the knowledge or consent of the people on whom it is being retained. The data shows who we speak to, where we are going and what we are interested in.

The Murray report also made a number of clear recommendations on how we should bring ourselves into line with the law. Those recommendations are not reflected in this Bill. In 2017, the justice committee conducted pre-legislative scrutiny of the general scheme of the 2017 draft Bill. It made a number of recommendations on how to bring the legislation in line with the law. Those recommendations are not reflected in this Bill.

After five years of successive Ministers for Justice essentially sitting on their hands, we are now in a position where emergency legislation is required. This Bill has been fast-tracked through both Houses on the basis that it is an emergency. However, it is an emergency of both this Government's and the last Government's making.

This time around the Minister requested a waiver of pre-legislative scrutiny, attempting to circumvent the scrutiny of legislation that will affect the rights of every person in this State. That was not granted. Yet, from the Department’s point of view, it may as well have never happened, because nothing that was said at the meeting was reflected in the legislation. It was never going to be. The Bill was published last Friday, a day after the pre-legislative scrutiny. Committee and Report Stages are scheduled for tomorrow. There is clearly no intention to take on board the serious concerns raised by Members of this House.

It is concerning to see the disregard for the Data Protection Commissioner's role in being mandatorily consulted by the Minister for Justice under section 84(12) of the Data Protection Act 2018 - that is my reading of it - on any proposal for a legislative matter that relates to the processing of personal data. The Minister might confirm that.

The deputy Commissioner for Data Protection, Dale Sunderland, told the justice committee last Thursday that the DPC had received the general scheme of the Bill only eight days earlier. It had not yet submitted its observation to the Department, because the Department had advised that there were significant updates to be made. The DPC received an updated copy less than 24 hours before appearing before the justice committee and less than 48 hours before the Bill was published. The DPC had to brief the committee on its feedback on the general scheme which, at that point, was already outdated. It did not have enough time to prepare a response to the updated Bill. This is ridiculous stuff. This is the kind of thing that happens. We can pick the dates every year on which we are going to see this kind of thing. It tends to be two or three weeks before the summer recess, or just before the Christmas recess. It is almost like a management tool to get Bills that are unpopular or dangerous through at breakneck speed.

There was no meaningful consultation with the DPC at all. Sending it the Bill in advance is not consultation. This is a dangerous lack of oversight on this Bill relating to the State’s continued operation of the clearly illegal power for years after it was made known. It is damaging the rule of law. It is undermining prosecutions that can be thrown out on appeal because of the manner in which State has retained the information.

The Government has admitted that this Bill is not adequate. Another Bill will follow later this year. I would ask the Minister to ensure that the processes surrounding that Bill are sound, that stakeholders will be consulted and that recommendations from the Murray report and the justice committee are taken into account. We need to get an assurance from the Minister that that is how this will be handled when the general scheme comes before the committee and this House.

For this reason, I have submitted an amendment, as have others, in relation to the sunset clause. This is to ensure that the revision of the Communications (Retention of Data) Act 2011 is done in a timely manner. This Bill does not scratch the surface of what needs to be done in order to bring the data retention systems in line with EU law. It does not provide an explicit exemption for journalists, clear oversight mechanisms or compensation to persons whose rights have been violated. Critically, it does not ensure that prosecutions against criminal groups through the use of this data will not be thrown out on appeal. I say this because data that has been collected under this Bill will still be improperly collected.

Under the new section 3(a), one-year data retention orders are given out in all cases. This is completely against the ruling by CJEU that the duration of each data retention measure cannot be systemic in nature and that it must be limited in time to what is strictly necessary. Data retention orders need to be assessed individually. This system of blanket one-year retention orders that can be renewed indefinitely is completely out of line with EU law.

When it comes to the need to retain data for national security reasons, this Bill leaves out one fundamental detail, which is the definition of “national security”. By including a broad and undefined term, such as “national security”, the Bill again falls short of the court’s requirement of proportionality. It is clear under the European law that the legislation we adopt on data retention must have clear and precise rules governing the scope and the application of the data retention measures. It must be limited to what is strictly necessary. By not defining which events or acts constitute a threat to national security, we are granting An Garda Síochána an almost unlimited degree of discretion to determine what is a threat to national security and whether that threat is serious enough to justify secret surveillance of individuals or groups. That situation is rife to abuse.

The Murray review was originally commissioned on the back of a discovery that the Garda Síochána Ombudsman Commission, GSOC, had obtained the phone records of two journalists without their knowledge or consent as part of a criminal inquiry into a third party. It is, therefore, hard to comprehend why this Bill, five years on, fails to provide for the protection of journalists’ sources. It is a requirement under the European Court of Human Rights, ECHR, that surveillance that is aimed at identifying journalistic sources must go through a heightened screening process, including prior independent judicial approval, before any information that could identify a source is handed over, regardless of how urgent a situation is deemed to be.

The oversight mechanisms in this Bill are simply not up to scratch. The ECHR requires that all surveillance measures must operate under objective supervisory bodies that are completely independent of the authorities carrying out the surveillance and that they must have sufficient powers and competence to exercise effective and continual control. Instead, we have a proposal for a designated judge who has no technical or legal expertise in the area of data protection, who has no administrative support, who has no power to suspend illegal surveillance, and who will only carry out this function on a part-time basis, once a year.

The Murray review found that there should be an appropriate judicial remedy for breaches of rights under a data retention system.

This is not included in the Bill. I have overall concerns that this Bill attempts to retrospectively validate the illegal retention of data contrary to EU law. Section 9 requires providers to continue to retain data that it is acknowledged is currently being held illegally. By doing so, it is retrospectively validating the illegal retention of data.

I understand there are a number of cases still to come in relation to the retention of data under the 2011 Act, including one by Digital Rights Ireland, which also made a complaint to the Data Protection Commission, DPC, seeking it to take enforcement action against providers requiring them to delete data that has been retained illegally. Has the Attorney General given advice as to how this will not come into conflict with the Sinn Féin funds principle, which found that the State cannot legislate to determine something that is currently before the courts? It would also undermine the independence of the DPC by interfering with the power to act in relation to the pending complaint, contrary to Article 52 of general data protection regulation, GDPR.

The DPC has raised significant concerns with this legislation. It is simply not acceptable for the Department to have completely bypassed the DPC in the drafting of this Bill. In light of what it deems to be high risks to the rights and freedoms of data subjects under this Bill, the DPC stated very clearly that the Department should have conducted, and should still conduct, a data protection impact assessment with regard to the processing and provisions proposed. It is absolutely fundamental that this happens prior to the drafting of new legislation later this year, especially if the Government intends to retain the processes outlined in this Bill. The Minister might respond on her intention in that regard.

My final concern with regard to this Bill are the offences contained for service providers that do not comply with the legislation. It creates both a 72-hour and 90-day obligation on service providers, which are subject to a threat of sanction or offence if not complied with. The list of offences includes fines of up to €500,000 and five years' imprisonment. All of this was not communicated to service providers prior to the publication of the general scheme. They should have been consulted in advance to determine whether it was possible for the telecommunication companies to comply with the legislation within that tight timeframe. From Three's submission to the Joint Committee on Justice, it is quite clear that it cannot. Given that the Bill contains additional specified categories of data that need to be preserved, Three estimated it would take it between 12 to 18 months to set up the necessary IT projects. Presumably, the new legislation will be in place within that timeframe, which could very well contradict this Bill. Service providers need assurance that they will not face the threat of criminal sanction for non-compliance when there is simply no way they could comply at all. They also need assurances that they will not be spending money on new IT infrastructure, which they will have to scrap within a year when it is determined that this legislation does not actually conform to EU law.

There are serious concerns with the way the State collects data. It is illegal and infringes the rights of every single person in the State. I do not see any way in which this Bill remedies that situation. However, I see several where it actually makes matters worse. I have absolutely no doubt that we will be in this Chamber in a number of months correcting the mistakes in this legislation and it will have been an absolute waste of everyone's time and effort. I ask the Minister to introduce this sunset clause. That is the very minimum we should expect. Very often, there is a presumption that domestic law trumps EU law in all situations and that is not the case. Our Data Protection Commissioner has a particularly important role given where we are positioned in terms of how the Office of the Data Protection Commissioner relates to other jurisdictions across Europe. I really think we are treating that office which a great deal of disrespect. It is not just disrespect but contempt in terms of not including it in the process by merely sending it a copy of the Bill and that being taken as consultation. It is just not good enough. There is no doubt that mistakes will be made, the result of which we will see before the new Bill appears before us. Hopefully, that will come sooner rather than later.

I too am pleased to contribute to the debate on this legislation, although "pleased" is the wrong word. I am genuinely perplexed because I do not know whether it is right or wrong - there is good and bad in every situation. In early June, the Government approved the drafting of the Bill, which is aimed at addressing the impact of recent judgments from the Court of Justice of the European Union, CJEU, which I have often commended and complimented. I said people had to go to Europe to get justice on many issues when they could not get justice in this country.

This is a rather troubling case, however. In the case taken by convicted murderer, Mr. Graham Dwyer, the CJEU ruled that EU law precluded the general and indiscriminate retention of electronic, traffic and location data to combat serious crime. That kind of worries me because serious crime is just that and murder is the most serious of all. Everyone is entitled to a fair trial and a person is innocent until proven guilty. The indiscriminate use of data for other issues is a completely different area, however. That is happening. All kinds of information is being kept on individuals and ordinary peace-abiding people.

The Communications (Retention of Data) (Amendment) Bill 2022 will allow the general and indiscriminate retention of communication, traffic and location data only on national security grounds and where approved by a designated judge. Far be it from me to criticise any judge but it is kind of troubling. The Bill also sets up a system of preservation orders and production orders. These will facilitate the preservation of and access to specified data held by service providers for both national security and the investigation of serious crime where permitted by an authorising judge. The preservation order will access the quick freeze, requiring service providers to retain specified data they hold at a particular point in time for a period. A production order will allow access to specified data held by a service provider for commercial or other reasons where such access is necessary for national security and law enforcement. Therein lie the grey areas as far as I am concerned.

I have worries about this being challenged. Again, this is rushed legislation. In my opinion, any rushed legislation, although not all of it, can obviously lead to flaws. As we would with any legislation, I would like to see an impact assessment after a finite period to see how it has it bedded in and whether it has been functional, practical and, above all else, fair.

The Minister for Justice said the urgency of the Bill was unavoidable given the need for legal certainty for communications companies and State agencies. Certainly, I agree with that. In addition to this urgent Bill, the Minister intends to bring forward a more comprehensive proposal later in the year to address wider reforms and a more transparent legal framework in this area. The Department of Justice said the proposed changes were without prejudice to the State's current appeal to the Supreme Court of a High Court ruling on the Act. It is like the saying, live horse and you will get grass.

I know it is urgent and I know the reasons, but why is it so urgent in the second last week of a term? Why is the Minister going to bring forward more robust legislation? She tells us she will, and this is not a personal criticism but a criticism of the system. Will we have a different legislative measure, will it be more robust and will it weed out the chaff from the oats as regards retention of data? They are being retained and are being used, and misused in many cases. I agree that where there is serious crime we must try to get a balance whereby we would retain data for that area. However, as I said, I often encourage people to go to Europe to get justice when they do not get it here. In this case, the Court of Justice of the European Union made a ruling and confirmed that EU law precludes the general and indiscriminate retention of traffic and location data relating to electronic communications to combat serious crime.

We passed the introduction of electronic tagging, for which I advocated for years as it would cut down on an enormous amount of Garda time. I do not know if it is being used at all. We are very slow here to embrace and engage with things that are done in other jurisdictions. We say we will and we have great aspirations, but the aspirations do not normally deliver, although it is great to believe in them.

I have concerns about this Bill. I have concerns about any rushed legislation and more about this. I have a very open mind on this but the real criticism is that, as we pointed out today on the Order of Business, five legislative measures are being rushed through without proper scrutiny and debate. It does not augur well for a democratic parliament.

I will not take much time. We read that EU law precludes national legislative measures which provide, as a preventative measure, for the general and indiscriminate retention of traffic and location data relating to electronic communications to combat serious crime. What we are really talking about here is the Graham Dwyer case. He was convicted in this country with all the means, and I believe rightfully, that the Garda used. We must ensure that the Garda will be able to do its job into the future to convict murderers, drug lords and serious villains, and ensure that we assist the Garda in every way we can as legislators.

There is the problem, however, of seeking to retain data from innocent people. I have a serious problem with one matter. People come to me every day who are seeking to renew their driver licence. They are asked for their public services card number. Many elderly people do not have that number. When they go to renew their licence after ten years they might have to travel long distances to Tralee to do so. Then they are asked for their public services card number. I do not see the need for that when the service already has a personal public service, PPS, number and a date of birth and the people were already licensed. I do not know why anyone needs those data. We were told in the Dáil that this was actually illegal, and we had some type of agreement or understanding passed in the House that the card was not necessary for such things. The people who operate this service are in a private company that won a tender from the State. They are operating this service and we do not know what they are doing with those data or why they should have them. They already have a PPS number, the date of birth and the old licence number, so I cannot understand what that is about.

What I want to get across here is that we must do everything we can to ensure that whatever avenues are available to the Garda are utilised to the utmost to ensure the conviction of somebody like Graham Dwyer. We applaud the Garda for bringing him to justice for what he did to a lady who was doing no harm to anybody. At the same time, we must have a distinct difference. I cannot understand why we need to retain data in many other instances involving innocent people. This Bill is being rushed and we need more discussion. I am amazed that many of the Government speaking slots were not taken up in this debate. We appreciate that the Minister is here, but there were other speakers from the Government parties and they have not shown up at all. We need to have a full debate on the totality of this. It is very serious and necessary on one point to deal with the likes of Graham Dwyer, but it must be fair and avoid the unnecessary retention of data concerning innocent people.

The amending of the Communications (Retention of Data) Act 2011 to ensure compliance with the ruling of the Court of Justice of the European Union in the area of general and indiscriminate retention of communications data for national security and law enforcement purposes is very important. The people who are charged with dealing with and pursuing serious crime will tell you that the Dwyer case certainly put the cat among the pigeons with regard to their work, their ability to do their work and the results of their work being put to use afterwards in prosecuting a person through the criminal courts system. It has led to a great deal of uncertainty and people say there are cases that are in limbo because of this.

That is why it is very important that we are having this debate. The Garda Síochána and the people in charge of it should be able to look upon the Government and us as legislators and be able to say that we are being sure-footed, exact and precise about what we are doing. We want to help the members of the Garda in doing their work. I know that the Minister, in her important and serious role as Minister for Justice, is intent on doing nothing but good with regard to this legislation. All she is trying to do is help the law enforcers of this country do their work and we all want them to be successful at their work in securing convictions.

The entire realm of data, retention of data, how data are accumulated, how they are preserved and how they are used afterwards is very complicated and complex. When we are dealing with this we have to look at an even bigger picture and that is the advent of the mobile telephone. Mine is ringing at present. It is not just that it is a mobile telephone, but the fact that it is a computer. The Minister knows this because it has been raised with her on numerous occasions. When a member of An Garda Síochána is respectfully going about his or her duty and wishes to pull in somebody for questioning, as he or she is perfectly entitled to do, how many times does it happen that the person the garda is questioning takes the telephone out and records the garda? Two seconds later that can be up on YouTube. The Minister knows how non-factual that can be. A garda can be asking the questions in a very respectful and proper way, but the angle of the telephone, the interpretation of what the garda is doing, the garda's gestures and the way the garda is standing near the person can be misconstrued when it is put up on YouTube. The garda can be ridiculed and made to look bad when the garda is doing nothing other than his or her job. It is very important for us as legislators to think about things like that and to think about protecting the gardaí when they are going about their jobs.

For instance, the use and putting up of things like that has to be looked at. We are not trying to silence people or do anything wrong. We are trying to make sure wrong is not done to the very people who are trying to do things right in trying to keep law and order, which can sometimes be difficult and onerous. We are going in the right direction as regards this Bill. We have to take note of what happened in the landmark Graham Dwyer case, its ramifications and its potential ramifications for future cases. However, I ask the Minister to look at the bigger picture and all the other aspects of the type of issues I have raised. One is the fact that members of the Garda will tell you that the whole idea of everyone going around with a computer in their pockets has posed difficulties for them in carrying out their work in an effective and fair way. I would like the Minister to look at that matter.

I wish An Garda Síochána well in solving many of the undetected crimes. The Minister is well aware of this new technology - I believe it will be used in the Sophie Toscan du Plantier case - of the deep reclaiming of DNA. Whereas previously DNA was swiped from a surface, there is now technology that can go deep into the pores of any surface and pull out DNA that might have been hidden and missed in initial investigations. It is hoped that will be used to good effect in the west Cork case. I hope it will. It might give us a lot of answers we have not got for a number of decades now. That is just that case which is, of course, very important. That technology has been perfected and is being used to solve many cases in America over the past year and a half, in particular. It has solved cases that had people perplexed. I hope that it will be used in some of our cases that have been there for a long time now, going back more than 30 years, including unsolved murders and disappearances such as, for example, the Philip Cairns case and many others. Families were left without answers because their loved relatives, children, wives, husbands, sons and daughters, disappeared or were murdered and found. These families were left with nothing but questions afterwards. I hope that An Garda Síochána will start using that technology here and will use it to good effect. Every case that can be closed will bring a conclusion for those families. There are people who are working on cold cases, and going back over these cases for many years, who would dearly wish to bring them to a successful conclusion. I hope that technology is something the Minister will pursue during her term to make sure it will be used to good effect here.

I am sharing time with Deputy Connolly. I thank the Acting Chairman for the opportunity to contribute to this debate. The Joint Committee on Justice, of which I am a member, conducted pre-legislative scrutiny on this legislation last Thursday. Unfortunately, due to the ridiculously short timeline we were forced to work to, this scrutiny had no influence whatsoever on the legislation and the whole exercise was sadly and quite frankly pointless, even to the extent that during pre-legislative scrutiny the deadline was due to pass for the tabling of amendments to the Bill. We had to adjourn the meeting to get that deadline waived in order that the meeting could continue, even though, apparently, the Bill cannot be published until the pre-legislative scrutiny is placed before the Minister, despite her not having to take any account of it. That was the kind of fiasco of a process we went through last week. It is sad because this is a Bill that could have done with a lot of pre-legislative scrutiny and a lot of taking on board of matters regarding it. I will deal with that later in my contribution.

I will point out that concerns regarding the rushed process of progressing this legislation came up time and time again during the committee meeting. Members and witnesses present agreed that the rushed process and lack of mandatory consultation will lead to a Bill that is vulnerable to legal challenges. When I raised concerns in the House last week about the consequences of rushing through legislation, I was wrongfully interrupted by the Chair at the time. However, let me make clear that I am not the only one who has spoken out against the ridiculous rushing through of legislation. The Bill Digest produced by the Oireachtas Library and Research Service states that due to the timeframe between publication of recent Bills and the Second Stage debate, it is not possible for it to consider all relevant issues. We have countless stakeholders telling us the exact same thing, yet we are supposed to give this Bill proper consideration and come to the House to rubber-stamp it for the Minister.

Last week, the Irish Council for Civil Liberties published a graph showing the number of Bills enacted per month. It showed how the number of Bills passed by the Oireachtas increased shockingly before the recess, with this year being the worst yet. Some 19 Bills will be passed this month. The average for every month other than this is approximately two Bills. That shows what the Government's attitude is to the recess, and to proper legislative oversight and consideration. It may be that officials in the Department use the summer recess as a false deadline and think they have to get Bills finished by the recess, and rushed through and so on, but that is wrong. It means we do not get proper scrutiny of legislation, which can be seen today. A perfect example will be seen in the House tomorrow, when we will rush five Bills through Committee Stage in one day. Ramming through legislation like this means that oversight suffers and unexamined legislation is allowed to pass without proper scrutiny. Yet, we are told in the Chamber that we are not allowed to hold the Government to account over this.

On this particular Bill, I strongly believe a sunset clause should have been included, given this legislation is supposed to be a temporary measure. I am disappointed to see it has not been included, despite multiple calls to do so. I tabled an amendment on a sunset clause, along with many other Members, which is vitally important in the context of being constantly told during pre-legislative scrutiny that this Bill will be superseded by the reviewed Bill that will come later on in the year. However, there is no sunset clause or anything like it in the Bill. It makes you wonder whether this Bill will be superseded at all.

I will again voice my concerns regarding the fact there is no definition for the "security of the State" included in this legislation either, despite the fact the proposed new section 3A provides that the Minister may apply to a designated High Court judge for an order to retain data, where satisfied that "a serious and genuine, present or foreseeable threat to the security of the State" exists. The Irish Council for Civil Liberties and Digital Rights Ireland have also highlighted this. It was said during pre-legislative scrutiny that this is not a requirement of law, but the European Court of Justice stated that legislation "must indicate in what circumstances and under which conditions a measure providing for the processing of such data may be adopted, thereby ensuring that the interference is limited to what is strictly necessary". The European Court of Human Rights, in a case involving Russia which is also relevant to Ireland, stated that where there is no definition of "security of the State", the authorities are left "an almost unlimited [degree of] discretion in determining which events or acts constitute such a threat and whether the threat was serious enough to justify secret surveillance. ... [thereby creating] possibilities for abuse." It was said before the committee last week that the Department would decide what "security of the State" is. Therein lies the crux of the problem. If it is down to the Department or Minister to decide what constitutes security of the State, that is a very arbitrary thing that will be at the whim of a Minister. We should not have that in legislation that is so important.

The proposed new section 3B goes on to provide that service providers must retain Internet source data for one year, or as prescribed by the Minister, from the date of first processing, where the Minister considers it necessary and proportionate for the purposes of safeguarding the security of the State. It is very important to understand who determines what is a threat to the security of the State. This cannot be left to interpretation and, despite continually raising this, I am very disappointed to see that it has not been included in the final legislation.

On top of this, it seems that this legislation could actually breach current data protection law, which requires a data protection impact assessment to be carried out where "a type of processing, and in particular a type of processing using new technology, is likely to result in a high risk to the rights and freedoms of individuals". According to a statement from the Data Protection Commission submitted to the committee during pre-legislative scrutiny, "In light of the high risks to the rights and freedoms of data subjects inherent in the processing envisaged in the General Scheme, the DPC is of the view that the Department should have and should conduct a Data Protection Impact Assessment in relation to the processing and provisions proposed". It is clear that there has not been adequate time for consultation and proper impact assessments to be conducted, which has led to this incredibly weak legislation.

Section 5 of the Bill provides certain members of the Garda Síochána, the Defence Forces, the Revenue Commissioners and the Competition and Consumer Protection Commission with the powers to access user data retained by service providers without any judicial or independent oversight or review. This seriously needs to be addressed going forward. Without sufficient safeguards, there is potential for possible abuse. We cannot allow that to happen. The issue was raised by representatives of Digital Rights Ireland at a meeting of the Oireachtas Joint Committee on Justice, demonstrating why committee discussions are so important and should be given proper and full consideration when finalising legislation. It is clearly the Government's view that scrutiny slows the legislative process but really, it is what creates strong legislation. We should prioritise passing legislation that is strong and fit for purpose, not legislation such as the Bill that is before us. I absolutely oppose the legislation in its current form. It is messy, incomplete and legally questionable. It is important to note that Government approval for the drafting of the Bill was only given a month ago, despite previous indications that legislation in the area was problematic. Regardless of this, the legislation was then shockingly dumped on the committee only a fortnight before recess.

The Bill in no way achieves what it aims to do. The rushed progression of the legislation means that citizens' rights are not being properly considered. I strongly urge the Government to delay this legislation until after the recess in order to let us consider it properly. The legislation is far too important to be rushed through within days. I also urge the Government to ensure that the same mistake is not made with the proposed revision of the Communications (Retention of Data) Act 2011 later this year. Legislation should include wider and more thorough engagement with stakeholders than was allowed for this legislation. We must ensure that finalised legislation is robust and can withstand legal challenges. In doing so, we can provide a good service to all the citizens of Ireland.

Tá fadhbanna láidre agam maidir leis an mBille seo. Níl ár ndóthain ama againn chun é a phlé. Níl an cúlra tugtha ag an Aire, go háirid ó thaobh na tuarascála ón iar-bhreitheamh, Mr. Justice John L. Murray, a foilsíodh in 2017. Tá cuid den scéal anseo ach níl an scéal iomlán ann. Tá an scéal thar a bheith tromchúiseach. Tá spin agus propaganda á n-úsáid ag an Taoiseach agus an Tánaiste, ag cur in iúl go bhfuil muidne ar an taobh seo den Teach in aghaidh gach rud agus nach bhfuilimid sásta ár jab a dhéanamh ó thaobh reachtaíochta de. Is bréag amach is amach é sin. Is cur i gcéill atá ann. Tá sé an-deacair a bheith anseo ar an taobh seo den Teach ag éisteacht leis an Taoiseach agus an Tánaiste ag cur in iúl go bhfuil drogall orainne ár jab a dhéanamh.

As someone who practised law for some time, I find it difficult to stand here today, as I did last week, and listen to the spin coming from Government that we do not want to do our job and prefer to make statements and not deal with legislation. That is so far removed from the truth that I must put it on the record. It is appalling spin. We are faced with legislation that is extremely difficult for anyone considering it. I have been given a sample of the papers that Deputies are expected to go through for one item of legislation. I cannot recall how many papers we were given for this Bill. Perhaps Deputy Pringle can tell me. We may have been given 15 papers on it this week. I am not sure what the figure is.

I thank the Minister for her speech and the copy provided to us. I appreciate that the Minister is being put in a difficult position once again. I am not a member of the justice committee, so I am reliant on the documents that I get after each meeting. The Minister's speech today and the brief provided by the Department to the Oireachtas committee utterly failed to mention the background to this legislation. I will not mention the name of the man who is currently in prison and is waiting on the outcome of his appeal and the civil action. To me, it is not relevant. What is relevant here is that the 2011 Act is not valid because it is based on a directive that is not valid. The Government and the EU have known that for a long time. The directive was brought in back in 2006. We took another few years to introduce implementing legislation in 2011. In 2014, the directive was ruled by a court to be invalid in a case taken by Digital Rights Ireland. We have legislation that is currently in force and which is based on a directive that has been found to be invalid. We have known that since 2014. In April 2017, Mr. Justice John L. Murray produced a very detailed report entitled the Review of the Law on the Retention of and Access to Communications Data. There are almost 200 pages in the overview. The review also contains a summary of the main recommendations and a postscript. Mr. Justice Murray was asked to examine the statutory framework of the Communications (Retention of Data) Act 2011. According to the review, the statutory framework of the 2011 Act "establishes a form of mass surveillance of virtually the entire population of the State". The 2011 framework, under which the Government is still operating and to which it is making patchy amendments this week, allows for the establishment of "a form of mass surveillance of virtually the entire population of the State involving the retention and storage of historic data, other than actual content". In the review, Mr. Justice Murray notes that the data retained under the legislative framework provide not just a snapshot of information in time, but a whole historical picture. He states: "The private information thus retained by Service Providers is not a snapshot of information concerning a particular communication or recent communications but constitutes an historical record of all communication over a lengthy period." Mr. Justice Murray also refers to the "anodyne" term "data", which means a lot more that what it seems to mean. In the review, points are made about a lack of sufficient safeguards and oversight. I do not have the time to go into all the detail. It is all set out in the review, which was published in April 2017. Significantly, nobody from the Department of Justice has even referenced the report or pointed out its findings and recommendations. In the postscript of the review, Mr. Justice Murray goes so far as stating:

As has been demonstrated in the course of reviewing the provisions of the Communications (Retention of Data) Act 2011, the Review has felt bound to conclude that many of the features of the data retention scheme established by the Act are precluded by EU law. Accordingly, it is recommended that consideration be given to the extent that, if at all, statutory bodies should, as a matter of policy, continue to access retained communications data [and so on].

I counted 43 paragraphs in the summary and main recommendations of the review. Most of them are recommendations highlighting what should be done. No reference has been made to them by the Department.

The EU judgment, the European Court of Human Rights and the UN have also highlighted serious issues with the mass retention of documents and the mass surveillance of people. The question must be asked as to why we are acting now in this rushed manner, as a result of the appeal that is pending. We know what the outcome of that will be, really. Why was action not taken before this? The Library and Research Service was to publish the Bill digest today but stated that it did not have enough time to do so. We utterly depend on the Bill digest if we are not members of the Oireachtas committee. We are also dependent on the committee to do its work. I have not seen a single Government backbencher, whether a member of the committee or not, come to the House to take the opportunity to discuss this very serious Bill. That is significant. I note that the Chairman of the Oireachtas Joint Committee on Justice wrote to the Minister on 30 June, setting out the serious concerns of the committee on the matter. The committee recommended that the legislation should include a sunset clause and that there be better consultation with stakeholders.

It also recommended that a certain category of citizens, such as journalists, should be given separate rights under the Bill. That is serious because that Murray report arose from GSOC taking information from journalists under the 2011 Act.

I have another case on my desk in respect of which the Court of Appeal finally saw sense regarding what had happened in the District Court and the High Court in the context of a warrant to take a journalist's phone. Right up to today, we have gardaí going into court seeking warrants to take phones without even outlining that the matters involved relate to journalists and their sources. Why am I saying that? I am saying it because we have good gardaí who we cannot do without but we have seen over and over that any system, including the Garda, which is an institution - just like the Houses of the Oireachtas is - needs oversight and built-in protection. That has been said repeatedly in different spheres and it has been said repeatedly by the Court of Justice of the European Union, the European Court of Human Rights and the UN bodies.

We are bringing in a Bill that is piecemeal and inadequate. The Data Protection Commission is highlighting its concerns, the most basic of which is that a data protective impact assessment be carried out. Has it been carried out? Nobody seems to know. As a result, we are making a presumption that it has not been. I do not have a copy of it. I do not know where it is and I am being asked to comment on it and vote in favour of this Bill. Then we have the ICCL under extreme pressure and highlighting its concerns, which are set out in a number of pages. Its main concerns, which it has kindly summarised for us, include that the Bill will permit rolling one-year renewable data retention, which in effect is indefinite retention. I realise that the Government amendments are improving the situation in that there was a two-year retention period. The Government is improving the position with just one year, but that is a rolling retention depending on the circumstances.

The Bill fails to provide any definition of "national security". Complete discretion is provided to any Government to do what it wants under the heading of national security. The Bill fails to provide for the protection of journalists' sources, which is particularly significant given the background to the Murray report, as I mentioned, and the recent case that ended up in the Court of Appeal. The Bill fails to provide an adequate oversight mechanism and there is no judicial remedy for a breach of the powers in the Bill. The Bill attempts to retrospectively validate illegal data retention, which is contrary to EU law. The Bill also attempts to interfere with the independence of the court in data protection.

I could say much more but what I really want to get out are my concerns at the way this is being forced through the Dáil. The blame is being laid at the Opposition's door as opposed to the Government putting its hands up and admitting that it has known for a long time that the directive was invalidated way back in 2014. The Government also knows from Mr. Justice Murray's report about the serious issues that should have been looked at then and it knows from the case law, including: the Digital Rights Ireland case; the Tele2 Sverige case, which superseded that one; and the other cases that have been mentioned.

The Minister is here with an inherited situation. When you inherit a situation, however, at some point you have to say "Stop". We have to do this differently. We have had mass surveillance with no oversight or protection on the books since 2011 and we have had no safeguards on how that was retained, which country it was retained in and whether it has been retained in Ireland, England or non-EU countries. What about the destruction of the data? What happened when the two-year period was up? Nothing happened except one piece of oversight by a judge once per year, which was retrospective. Nothing else was built in and in this Bill we are building in some protection on a very limited basis. We are also bringing in extraordinary penalties for service providers. I would normally be critical of service providers, but in this situation they are being presented with a difficult transition period with no concept of what they are facing. I thank the Acting Chairman for indulging me. I went over time.

I thank colleagues for contributing to the debate. There is nobody to blame here. I am not trying to lay the blame on anyone, certainly not on the Joint Committee on Justice. We are introducing emergency legislation. I appreciate that there is concern and annoyance at the timeframe in which this has been brought forward, but emergency legislation often has to be brought forward quickly. Anyone who knows about the work I have done in the Department in setting out my justice plans for 2021 and 2022 knows that I have clear timelines and targets. Introducing emergency legislation means that teams have to be taken off legislation that is in the current plan in order to ensure that this can be done on time and to be able to respond, in most instances, to judicial rulings. This is not ideal for anybody and it is not the way I like to bring forward legislation, but this is emergency legislation responding to a Court of Justice ruling.

Some may say that this is something we could have predicted. If people look at the timelines, however, they will see that we had the general scheme of a Bill done in the period 2017 to 2019 and that this was put on hold because of the significant case to which we have all referred. This was before my time. When I came into the Department, I upheld the decision to wait until those rulings passed through. There have since been a number of judgments that have involved changes, the most recent of which was in October 2020. We had the ruling of the Court of Justice on 5 April. Subsequently, on 25 May, through a case management hearing, we received legal advice to say that the Supreme Court would most likely row in behind this and not change the ruling. Within a week, I had presented an outline of the Bill to the Cabinet. I have brought it through as quickly as possible. While Members may say that we could have responded to this quicker, it was important, because we had a number of different judgments involving changes, that we got this right. We have colleagues in France, Belgium, Denmark and other places where they have introduced legislation in recent years that has to be changed now. We have tried to do this right.

On the timing, I cannot dictate when the European courts and the Supreme Court will meet. We have to respond to the timelines we have and it is unfortunate that these timeframes are coming into sharp focus with the end of the Dáil session. It is important, for many reasons, that we introduce this legislation, not least that if we hold off until September we will potentially have two months where we have a certain section of the 2011 Act that will fall, while other parts of it will be extremely fragile. What we have been asked for, not just by An Garda Síochána but also by the service providers, which many colleagues have mentioned, is certainty. I was written to by IBEC and we were engaged by many providers to say that they need certainty in order that they know the data that they have on hold is being held legally and in compliance with legislation. Otherwise, there is a risk that they would just get rid of all of that data, which may have implications for An Garda Síochána in fighting crime and in security matters. There is a significant overlap there. As a result, we are doing this to make sure there is certainty, not just for An Garda Síochána but also for our colleagues, including those commercial entities, platforms and operators. We are not asking them to retain data that they do not already retain. We have made a point of using existing terms in the Act to try to make sure there is limited disruption in that regard.

A number of speakers referred to me engaging with my colleagues at EU level At our last meeting in Luxembourg, during a discussion at lunch, which was a separate but similar discussion, I raised this directly with Commissioner Didier Reynders and was supported by a number of colleagues who all feel that An Garda Síochána and the relevant police services should not have their hands tied behind their backs in fighting crime, and that we need to do more. However, the problem does not relate to measures being enacted at EU level; it is European court rulings that are having the impact here, as well as how the Charter of Fundamental Rights of the European Union is being interpreted, which is the biggest challenge. We will continue to have those discussions at EU level and I will continue to engage with colleagues.

On the Data Protection Commission, it is an obligation in respect of data protection impact assessments that the data controller would carry out the data impact assessment prior to introducing new data processing activities, which is provided for under section 84 of the Data Protection Act 2018. In this instance, the Minister for Justice is not the data controller under the Bill. An Garda Síochána and any other bodies that will be accessing data are data controllers and so they will carry out the necessary data protection impact assessments prior to the commencement of processing under the new provisions.

The law can be enacted but they will have to ensure they provide the data protection impact assessment before this is used or any system is put in place by An Garda Síochána. Separate to that, there is an obligation on my Department to consult the Data Protection Commission under section 84(12). We are doing that, the process is ongoing and we will continue to engage with the commission.

I appreciate the timing is not perfect for anybody but this is emergency legislation and we tried to make sure it was introduced in the best way possible. I confirm and commit that when the general scheme of the broader Bill is published later this year, there will be full engagement with the justice committee and colleagues. There will be full scrutiny and we will progress in a way that is perhaps not as fast as we have done in this instance.

"Security of the State" is not defined and we do not define it. It is not defined in the Offences against the State Acts. We leave it to the courts to decide. This has always been the case and that is why it is the case here.

On journalists, that will be covered in guidance by An Garda Síochána before this is commenced. There is a body of work to be done following on from the legislation and that will be put in place.

On the sunset clause, we have been asked for certainty and by introducing such a clause we are not providing that certainty, particularly for service providers or platforms and for members of An Garda Síochána. I respectfully propose that tomorrow we do not have a sunset clause amendment on the basis that it does the opposite, does not provide certainty and it is less likely those who need to invest in their systems will do so if there is a possibility that it might change.

I appreciate how quickly this has come through the House. It is not the way I like to work. Anytime we have brought legislation in this manner, it has been emergency legislation and generally because of a ruling from our courts. We have had that a number of times in recent weeks. It disrupts all our business and planned business but is important and necessary, particularly in terms of gardaí and their work on national security, making sure the measures are in place for them, insofar as it is possible following the ruling, to be able to apply this when fighting crime or dealing with particular cases.

This amendment allows for less data retention with greater oversight and oversight structures than we currently have in the 2011 Bill. The report Deputy Connolly mentioned from Mr. Justice Murray made a number of recommendations and we are implementing two significant ones in this, one on judicial authorisation and the other on notification of data subject. We are responding to that and to a number of other elements which have been proposed in recent years. I look forward to further debate with colleagues tomorrow and thank all colleagues for their contributions.