I propose to take Questions Nos. 435 and 461 together.
As I have indicated previously I, of course, fully understand the concerns which have arisen here and in other countries in the wake of recent media reports about the PRISM programme. These concerns mainly centre on data privacy rights not being adequately respected. Commissioner Reding and myself raised these concerns with the US Attorney General Eric Holder at the EU-US Ministerial meeting last week. I also raised the matter at a bilateral meeting which I had with Attorney General Holder. At these meetings, the US Attorney General provided clarity on a number of issues, in particular that the information collected and processed relates only to metadata i.e. phone numbers, duration of calls etc, but not the content of calls. He also advised that the data were collected under judicial authority and only where there was a reasonable suspicion of serious crime, such as terrorism or cybersecurity-cybercrime. The courts only allow the data to be queried when there is a reasonable suspicion based on specific facts that the basis of the query is associated with a foreign terrorist organisation. He further stated that Congressional oversight applied to these programmes. It was agreed to set up a working group between the EU side and the US security services to continue dialogue in relation to this matter.
We cannot ignore the very important fact that there is a recognised need to protect our citizens from terrorist threats and dealing with that does require access to certain data. In doing so, however, it is necessary to ensure that the information used is properly obtained and subject to appropriate safeguards. The importance of protecting individual rights to privacy and ensuring respect for individual human rights contained in the European Convention on Human Rights was emphasised to the US side. The crucial need to ensure that any security surveillance undertaken is balanced and proportionate was also emphasised as was the need to give essential assurances to non-US citizens on this score. The US authorities have indicated that their practices are proportionate to the threat they are trying to deal with.
We do have, in this country, robust data protection legislation to protect individuals against unwarranted invasion into their privacy. Access to call content is governed by the Interception of Postal Packets and Telecommunications Messages (Regulation) Act 1993 and may only take place under Ministerial warrant. Access to retained data in this jurisdiction is governed by the Communications (Retention of Data) Act 2011.
Under the Act access may only be granted following a request to the particular mobile phone company or internet provider in connection with the prevention, detection, investigation or prosecution of a serious offence, the safeguarding of the security of the State or the saving of human life. The operation of both Acts is subject to judicial oversight and there is a complaints procedure which individuals can avail of if there is a concern that the Acts have been breached in relation to their calls or their data. There are also procedures in place under Mutual Assistance legislation to cover requests to and from other countries for this type of information.