Léim ar aghaidh chuig an bpríomhábhar
Gnáthamharc

Joint Committee on Justice díospóireacht -
Thursday, 30 Jun 2022

General Scheme of the Communications (Retention of Data) (Amendment) Bill 2022: Discussion

I welcome the members, officials and witnesses as well as anyone who may be following the proceedings online or elsewhere. Apologies have been received from Deputies Carroll MacNeill and Senator Martin. Deputy Costello is en route. He is tied up at another meeting but will join us shortly.

The usual housekeeping notices apply. I remind members to turn off their mobile phones or switch them to flight mode so that they do not interfere with the recording.

I welcome the witnesses. So that everyone is on the same page, some of the witnesses are participating remotely - we can see them on screen - while others are physically with us in the committee room. This is a hybrid model that we have become accustomed to in recent times and it works well. Members will be doing the same, with some logging in remotely and others physically present in the room.

The purpose of this meeting is to have an engagement with a number of stakeholders as part of the committee's scrutiny of the general scheme of the communications (retention of data) (amendment) Bill 2022. Before I formally welcome the witnesses and get into the substance of the matter, I wish to point out that it is important that we have this meeting. This is the second meeting that the committee has held this week on this legislation. It is important legislation, which we will hear a great deal about and discuss over the next hour or two. It addresses a number of lacunas in the law arising from various European court decisions, decisions of the High Court and other court decisions even prior to that. It was the strong view of the committee that it was important that we give this Bill due diligence. We are mindful that there is an urgent deadline, with the Oireachtas’s summer recess coming. We understand the urgency and desire on the part of the Government to get this legislation passed quickly, but we also feel that quick is not always right and that we should review the Bill, take a position on it and make various recommendations, which can only assist the legislation as it progresses through the Houses. I thank the members of the committee, the staff and everyone across the board for working with me on this. I hope that we will produce a report, albeit a shortened one, this evening following our meeting. That report can only be helpful to the Minister and the Department. It is important that we do our constitutional duty in scrutinising legislation that is referred to us.

The following witnesses are attending remotely: Mr. Ronan Lupton, senior counsel; Dr. T.J. McIntyre, associate professor at the school of law in UCD; Mr. Dale Sunderland and Mr. Gary Russell from the Data Protection Commission, DPC; and Mr. Justin Kelly, assistant commissioner over organised and serious crime, and Mr. Michael Flynn, detective superintendent in the security and intelligence service, from the Office of the Garda Commissioner. Joining us in the room is Mr. Dan Kelleher, principal officer in the criminal legislation division of the Department of Justice. It is Mr. Kelleher's second time joining us this week. He was good enough to give us a private briefing on Monday. I apologise in advance to those who attended on Monday because there may be some duplication of questions, but members felt it important that some of the issues explored in private session be teased out in public session. It is for the benefit of others that we have some repetition.

To allow the meeting to flow smoothly, I ask that everyone participating remotely mute his or her device when not speaking and to unmute it when speaking. We are all used to that at this stage.

I will invite each organisation to make an opening statement of three minutes. When two or more witnesses are attending from the same organisation, they can decide among themselves whether one person will speak for the others, whether they will take 90 seconds each or whatever way they want to do it. Normally, one person makes an opening statement on behalf of his or her organisation. The witnesses will have plenty of time after the opening statements to engage in discussion with the committee. Having a short opener will allow time later in the meeting to explore issues. After the opening statements, I will go around the table to committee members. Each member will have seven minutes in which to put questions, make observations and hear answers. Those seven minutes will be shown on a clock at the top of the screen, allowing us to keep an eye on the time. If a member wants to make a speech for seven minutes or to use the seven minutes to ask seven questions and hear answers to them, that is fine. However the member wishes to use that time is up to him or her.

I will call on the organisations in a moment. I have been made aware that Mr. Lupton is due in the High Court at 11 a.m. This session may run a little after that, but I will allow him to make his statement first. If there are questions for him, members should direct them to him early. He will probably have to leave us at 10.30 a.m. to get to court.

I appreciate that, although this meeting was put together at short notice, the witnesses have made themselves available. It assists the work of the committee greatly to have them in the room with us as key stakeholders and knowledgeable experts.

Mr. Lupton will be up first. He will have three minutes to make his opening statement and will have plenty of time later in the meeting to elaborate as questions arise.

Mr. Ronan Lupton

I thank the Chairman and I appreciate the invitation to address the committee this morning. My opening statement was submitted to the committee, which basically outlines my background. I am a senior counsel practising at the Law Library in Dublin. I also have an extensive career and knowledge behind me relating to the telecoms industry, covering 24 years at this stage. I have been involved in various State bodies and operating groups through the years. I was very much involved with a memorandum of understanding between the State agencies, An Garda Síochána, the Defence Forces and Revenue in 2011 to try to make the current legislation work from a practical standpoint. I need to correct my representation: I chair a trade association, the Association of Licensed Telecommunications Operators, ALTO. I am here with two hats on today.

I have put two submissions in writing to the committee. The first was an independent submission really dealing with legal issues arising, which is a 13-page submission. The second submission is a telco-specific submission. The first submission is a broad submission that deals with strategic issues arising from the general scheme of the Bill. Those strategic issues can be summarised in one sentence. The scheme gives rise to very costly and burdensome obligations on the telecoms industry. That is not to belittle the job of law enforcement and what this data retention amendment is designed to do. It is very serious in relation to preservation of life and State security. The third issue is what was challenged before the European Court of Justice, which was the investigation of offences. In my submission I made observations on those. The committee has seen them and I am happy to take questions on those particular issues

There are two other strands on the general observations. The first relates to the issue of the Murray report and the very serious report that was put out in respect of the preservation of journalists' sources and the integrity of freedom of expression in Ireland. That report must be considered in the context of this general scheme. I am aware that other people who will give evidence today are dealing with that. I have given the committee fairly extensive comments on it. There was also a case that came to the Court of Appeal called Corcoran, wherein a warrant was issued relating to a journalist's mobile phone. There was no latitude for an inter-partes, or two-way hearing, in respect of that issue. Again, this is similar to the preservation of the right to freedom of expression and how that should operate in any future legislation that comes forward.

I conclude in my submission by dealing with the concerns around the administration of justice versus administrative tasks that judges may or may not do and the fact of supervision. I also talk about how the industry is likely to be subject to handling criminal offences very quickly if this legislation is passed at breakneck speed, which is what the proposal is. Yet, we have not had a chance as industry to build the developments, which are very serious, into the systems and technologies.

I also submitted a telco-related observation with seven different strands to it. I believe my time is coming up now so I will stop at that but I am happy to share my submissions with anyone, either in the audience or on the committee. I will now hand over to the next witness if that is appropriate.

Perfect. I thank Mr. Lupton for keeping to the time. Mr. Lupton will have opportunities to come back in and out over the course of the meeting once we get past this opening round.

I welcome Dr. McIntyre, who is up next. Dr. McIntyre has three minutes to make his opening remarks.

Dr. T.J. McIntyre

I thank the Cathaoirleach and members of the committee. I am very grateful to the committee for giving us the opportunity to talk to this issue, and particularly the remarkable haste with which this legislation is being put forward.

The old Yiddish definition of chutzpah is the man who kills both his parents and then pleads for mercy on the grounds that he is an orphan. I am reminded of that when I look at how the Department of Justice has behaved in this, explaining that the Bill is so urgent it must evade normal democratic scrutiny.

It has been clear since 21 December 2016, when the European Court of Justice gave its judgment in the Tele2 case, that the Irish law on data retention is contrary to fundamental rights under European law. In case there was any doubt about that, in April 2017 the former Chief Justice, Mr. John Murray, delivered his report concluding exactly the same: that this was an illegal system of mass surveillance of virtually the entire population. The report delivered an extensive list of ways in which the law violated basic standards under the Charter of Fundamental Rights and the European Convention on Human Rights.

Incredibly, we have had, essentially, no response to that from successive Ministers for Justice in the five years since then. They did not do the responsible thing, which would have been to repeal the 2011 Act and put legislation in place that was rights' compliant. Instead they persisted with, and effectively endorsed, the use of a clearly illegal power in a way that has stored up problems for subsequent prosecutions and - whatever the outcome of the Dwyer case, which itself is sub judice and which we will not comment on - will subsequently create difficulties for subsequent prosecutions. They have fundamentally corroded the rule of law in that regard.

We received from the Department a heads of Bill published in 2017 but this was not a good faith response to either the Murray report or the Tele2 judgment. It failed to address very basic issues arising from that report and that judgment. Digital Rights Ireland submitted during the pre-legislative scrutiny of the 2017 heads of the Bill that it failed on multiple grounds. The predecessor to this committee accepted in its 2018 report that from start to finish, from the lack of notification of individuals who were affected by access, to the lack of protection for journalists’ sources, to the lack of independent effective judicial oversight, to the lack of an effective judicial remedy for abuse of the legislation, that the 2017 proposals simply failed to meet the Murray report or the Tele2 requirements. Incredibly, that is still the case today. These heads of Bill still fail to address, essentially, all of the core points arising from either Tele2 or the Murray report.

I regret that I have not had the opportunity to provide the committee with a more detailed submission on this. I hope to get that later today if possible. Fundamentally, it seems that this Bill is being rushed out with manufactured urgency in an attempt to sandbag any proper democratic scrutiny. The extent to which the Data Protection Commission has not been consulted in relation to this, is in itself a distinct breach of European Union law, which requires that there would be prior consultation with the Data Protection Commission around measures of this sort.

I thank Dr. McIntyre for his comments. This is why we wanted to hold these sessions. We share at least some of those concerns. The Data Protection Commission was mentioned in that contribution and Mr. Sunderland is up next. The deputy data protection commissioner is familiar with the committee and has been here before. Mr. Sunderland is very welcome and also has three minutes.

Mr. Dale Sunderland

Thank you Chairman and good morning to you and the committee members. I am very pleased to be able to assist the committee today in is pre-legislative scrutiny of the proposed Bill.

The timing of our contribution today is somewhat unusual given that the general scheme was published just eight days ago and the formal invite to appear before the committee issued only yesterday. These timescales pose some challenges for the Data Protection Commission, DPC, in our role in assisting this committee in the pre-legislative scrutiny and also in our role in being mandatorily consulted by the Minister for Justice under the Data Protection Act 2018.

On foot of the Court of Justice of the European Union, CJEU, judgment in April, the DPC was informed by the Department of Justice in June that a general scheme was in preparation as an interim amendment to the 2011 Data Retention Act, pending fuller scale reform. The Department indicated that the DPC would be consulted and, in fact, the DPC received the general scheme just eight days ago. We have not yet returned our detailed observations to the Department on the general scheme as we were advised last week by the Department that significant data protection-relevant updates to the scheme were being made, which would be reflected in the revised final version of the Bill. The DPC has only received a copy of that updated Bill in the past 24 hours and we are now working diligently to prepare our detailed observations for the Department of Justice.

In the meantime, the DPC is very happy to share our preliminary observations on the general scheme, while acknowledging that some of what we comment on may already have been addressed in an updated version of the proposed Bill. The DPC’s remit relates to data protection-related rights and freedoms of individuals and our observations on the proposed Bill reflect the binding requirements in this regard set out by the CJEU.

Under the current 2011 Act, the main oversight and monitoring functions are reserved for the “designated judge” as set out in section 12 of that Act, namely to ascertain whether the agencies prescribed to make disclosure requests are complying with the Act. However, the Act also provides that these judicial supervisory powers do not affect the functions of the Data Protection Commission. In addition, the Act assigns a specific role to the DPC where it is designated as the national supervisory authority. With these provisions in mind, some years ago the DPC conducted a number of audits to examine the designated bodies concerned and the telecommunications service providers. The summary findings of those audits are available in the DPC annual reports of 2016 and 2017.

The general scheme clearly sets out to address the CJEU finding that mass and indiscriminate retention of electronic location and traffic data is not permitted for the purposes of combatting serious crime. In making this finding, the CJEU set out a number of more permissible targeted retention measures that could be deployed, subject to specific safeguards and limitations by member states, for the purpose of fighting serious crime.

In that respect, head 5 provides for, subject to judicial authorisation and a transparency requirement to publish any order, the retention of Schedule 2 data, where an existing or foreseeable national security issue is in play. It is the DPC's preliminary view that the arbitrary period of 12 months for retention is at odds with the CJEU's requirement for an assessment, in each case, of the period of time for which retention is actually necessary.

The CJEU has made it clear that derogations to the prohibition of storage of traffic and location data may only be granted for a period of time that is strictly necessary to achieve the objective pursued. We also note the provisions that will allow bypassing of the advanced judicial authorisation in the context of requiring disclosure of such Schedule 2 data, as set out under head 9. However, it is not clear how such purportedly urgent exceptions would, in the event, be justified. Likewise, the means by which it will be clear a national security issue exists, or is foreseen, is not clear from the general scheme and further detail in this regard, would be of assistance to the DPC in our assessment of the measures.

Heads 12 to 15 give rise to some concerns, given the court has said that the limited and targeted retention it sees as permissible for serious crime investigation must not be turned into mass and indiscriminate retention. In this regard, in respect of the specified bodies, themselves quite broad in range, which may access preservation or production orders for Schedule 2 data, the means by which objective targeting and limiting criteria will be established are not clear from the scheme. With regard to justified urgent cases in heads 14 and 15, the apparent lack of judicial oversight after the event is also of concern.

In light of the high risks to the rights and freedoms of data subjects inherent in the processing envisaged in the general scheme, the DPC is of the view that the Department should now conduct a data-protection impact assessment with regard to the processing and the provisions proposed. The DPC also notes that there is no provision in the general scheme for the restriction of data subject rights. Such rights include access rectification and erasure. If restrictions are intended, we recommend that these should be provided for in the Bill, with a justification for why the restrictions are necessary and in what circumstances.

I hope to be of assistance to the committee and I am very happy to answer any questions members may have.

Mr. Justin Kelly

I am here to represent the Commissioner of An Garda Síochána. My role, as assistant commissioner, is in organised and serious crime. Under that remit are sections such as the Criminal Asset Bureau, the fraud bureau, cybercrime, the Garda National Protective Service Bureau and the Garda Drugs and Organised Crime Bureau. I will, shortly, provide an overview of An Garda Síochána's position on the Communications (Retention of Data) (Amendment) Bill 2022, which is focused on addressing the immediate impact of recent judgments from the CJEU, including in the Graham Dwyer case. As the committee will be aware, in the Dwyer case, the CJEU ruled that EU law prohibited the general and indiscriminate retention of electronic and location data and found that in Ireland's case, section 6(1)(a) of the Communications (Retention of Data) Act 2011 was inconsistent with EU law.

An Garda Síochána welcomes the Communications (Retention of Data) (Amendment) Bill 2022. We welcome the provision contained in same to seek and retain electronic traffic and location data, in order to mitigate risks posed to our national security. An Garda Síochána also welcomes the provisions in the Bill to allow for the lawful access to subscriber data and information on Internet protocol IP addresses, which will be invaluable in sensitive criminal investigations. It similarly acknowledges the provision in the Bill to access location information in high-risk missing persons cases, which allows us to meet our Article 2 obligations to preserve life.

An Garda Síochána welcomes the fact that judicial authorisations will be required to preserve and access data and this, in turn, will provide reassurance to the public of the independence of the process and ensure the protections to the right to privacy and the right to protection of personal data. Unfortunately, from the perspective of investigating serious crime, significant difficulties are foreseen. We are, however, cognisant that the Bill has to conform to the jurisprudence of the CJEU.

Going forward, the issue of targeted retention is a challenge for all countries in the EU, not just Ireland. It is acknowledged that the current Bill will be followed by additional legislation intended to address other outstanding issues. As the committee will probably be aware, a significant feature of criminal investigations is the use of electronic traffic and location data to provide investigative opportunities to gather evidence. In that regard, there is also a positive obligation on foot of the rulings of the superior courts in Ireland, which mandates An Garda Síochána to seek out and preserve all evidence which tends to show the guilt or innocence of persons suspected of involvement in a crime.

Under the scheme of the Bill, while An Garda Síochána will be able to utilise preservation and production orders to secure evidence, this process will be forward looking and not retrospective. This will cause significant difficulties in criminal investigations, which usually commence post-incident. However, this restriction does not arise with regard to matters which relate to national security.

The Bill will be of most benefit where An Garda Síochána is aware in advance of communications methods utilised, for example, by an organised crime group. Unfortunately, this is rarely the case. In the norm, many of our criminal investigations look into the past and utilise post-incident analysis. This will no longer be possible and will be a significant challenge for criminal investigations. An Garda Síochána urges wider consultation with the communication service providers in the initial period and post the enactment of the Bill, to examine the availability of data during this phase.

If any member of the committee has questions, my colleague and I are keen to assist.

I have anticipated and share some of those concerns. I thank Mr. Kelleher for coming before us for the second time in a week.

Mr. Dan Kelleher

I am a principal officer in the criminal legislation function in the Department. I am conscious of time. The background of this is well known, so I will confine my remarks to noting what the most immediate impacts of the CJEU rulings are, as crystalised in the Graham Dwyer judgment of 5 April of this year.

We saw that there were three points. The first was the confirmation that general and indiscriminate retention of traffic and location data for the purposes of prevention, detection, investigation and prosecution of serious crime can no longer be permitted. The second was the confirmation that general and indiscriminate retention of traffic and location data is only permitted for national security purposes and not serious crime purposes. The third main point of the CJEU's rulings was that access provisions for traffic and location data must incorporate prior judicial scrutiny, other than in certain urgent circumstances and, in such circumstances, there must be post-review.

In the view of the Department and the Minister, the law enforcement and national security concerns and operational risks arise on two fronts. The first is where concerns have been raised by service providers, with the Department, with regard to the legal robustness of holding the data that are already retained under the existing 2011 Act, now that the CJEU has issued its final ruling in the Dwyer case. The second is where serious concerns exist from the point of view of national security and the prosecution of serious offences, that a robust legal framework be in place for the retention and disclosure of communications data that supports these aims, while abiding by the constraints set down in the CJEU judgment.

Given the urgency of the matter, our Minister undertook to produce a draft general scheme which was published on 21 June. That scheme provides for two main pillars of response. The first pillar is the retention of traffic and location data and authorisation for disclosure of such data is for national security purposes. This is a considerable change from the existing legal regime. The first of those changes is that retention can only be for national security purposes and not for serious crime purposes.

The second big change is that both the retention decision and the access to that material can only be permitted on foot of independent authorisation by a judicial authority. The second plank of the response includes preservation orders and production orders. The committee will have received our material on that but the key distinguishing feature in terms of preservation orders is that they only require the data to be retained for a set period as authorised by a judge. They do not entail access by the investigating agencies. Production orders do indeed involve access to certain data but only data as specified in the application for the order. Such orders can be for either serious crime or national security. Those are the key features of the Bill.

I am conscious of time but the Chairman asked for clarification and I should address the gap between the published general scheme and what is pending in the Bill. I apologise for the misunderstanding in that regard from my appearance last Monday. This Bill is being developed in a truncated timeline. Assuming it passes scrutiny, which, of course, I cannot assume, the Bill does include a number of further measures, most notably, one involving general retention of what is called IP source data. These are data that, where the Garda investigation identifies unlawful online content, it can track back and see what IP address is linked to that content. The Court of Justice of the European Union, CJEU, has been explicit that such a measure is permitted under its rulings, as has the European Parliament. Again, however, it is intended that this will only be on foot of a judicial authorisation. The theme of judicial authorisation, therefore, comes up again and again because that principle underlies much of the content of the Bill. There are other provisions but we can deal with them in the question-and-answer slot. I thank members for their time.

I thank Mr. Kelleher very much. That concludes the opening statements. To deal with Mr. Kelleher's last point now, I will make the point to the Department that on any Bill that comes before the committee when it is performing pre-legislative scrutiny or any other task, it is imperative that it has the very latest updated version, rather than performing scrutiny on an older version of legislation, which transpires not to be the one that is published after we scrutinise it. That would be a key imperative. I thank Mr. Kelleher for acknowledging that. I have also spoken to the Minister about that because it is key.

We will move to questions. Again, I mentioned at the outset that Mr. Lupton is under particular time pressures. I appreciate all witnesses are here at short notice today. I propose that rather than have a normal around the table session in which members indicate which witness they want to ask questions, we take Mr. Lupton's questions first because he has to be released to get into court. I will do a quick two minute per member session for Mr. Lupton only at the outset. He can then be freed to go about his business. We will then take a second round with a wider gaze with rest of the panel if that works for everybody. It might be a way to get the most out of everyone's time when people are under pressure. Members may indicate to ask a question of Mr. Lupton only for the opening round. Deputy Pringle is first, followed by Deputies Howlin and Martin Kenny.

I thank the Chairman. I did not realise I was going to be first. This is a very general question for Mr. Lupton. He stated in his second submission:

It is quite clear to me that robust laws will act as a disincentive to bad faith actors, and properly enable An Garda Síochána and other State Agencies ... Those robust laws must be compliant with the Constitution and Charter of Fundamental Rights, as interpreted through the various decisions of the Court of Justice of the European Union.

In Mr Lupton's opinion, is this legislation in compliance with law? Has he an outline of what he sees are problems, if any, in relation to this?

Mr. Ronan Lupton

That is fine. My view is that we are currently operating a regime where the telecommunication companies are retaining data under the old legislation. The idea with the general scheme is to build on top of that and triage, effectively, to allow law enforcement to do its job with the various flavours of solutions that have come from the Court of Justice of the European Union.

To the degree that solutions have been set out, Mr. Kelleher said the Department has gone about its job and is trying to faithfully do what is right within the ambit of what the judgment says. However, Mr. Sunderland in his opening statement said there are problems regarding guidance as to how production and preservation orders will work. That is a huge issue. What are the impositions on the rights of the individual citizen in Ireland that may be affected by this that are not, in fact, subject to investigation? That is another issue, which Dr. McIntyre dealt with.

There are, therefore, gaps and it is the speed by which the legislation has come out that caused those gaps. However, I think the filling of those gaps has been dealt with effectively by the submissions before the committee to allow members to scrutinise and report on it. Is it in compliance? I would say we are probably approximately 70% of the way there but there are issues. What I see as being one of the major issues is whether production orders, for example, that are done on an emergency basis can be reviewed ex post by a supervisory authority. Currently, what goes on is not supervised by any individual judge or by any authority. There is simply an application made for disclosure and the industry complies with that. Therefore, that is out of compliance.

The other issue, which I think is important for the Garda, is that the legislation effectively contemplates a cliff. In other words, once this is enacted, we change from 24-month telco retention to 12-month telco retention and there are no transitional measures to say what occurred with data in investigations that might be within the two-year window. That exists in the 2011 framework so that is a problem.

Broadly speaking, we have more homework to do. Is it fully compliant? "No" is the answer. Each of the witnesses has given their ten cent in terms of their area and what is in place. I would say there are gaps, therefore, some of which I identified in the queries section of my first submission. One of the biggest issues regarding the telco gaps, which Assistant Commissioner Kenny identified-----

I am conscious of time. Mr Lupton might finish up.

Mr. Ronan Lupton

I will finish on this. There is an issue with IT and the prospective aspect of actually identifying the port, for example, of the IP address and how the technology operates to try to actually assist the law enforcement agencies. There will need to be those meetings about how the technology marries with the legal responsibility and requirement. Therefore, we are back to where we were in 2011 in trying to make this work. That is the answer.

Okay, very good. That might assist with members' later questions. Often, the first question covers a wide range. Deputy Howlin is next to speak.

I thank the Chairman. I will try to be very focused. That was a very helpful first answer.

I want to ask Mr. Lupton specifically about the reference he made regarding the implications for the telecommunication companies. We have received views that the cost and complexity of implementing the technology, controls and safeguards will give effect to considerable process change and cost. If the current law, as published, is enacted, how long will it take for telecommunication companies to actually implement it and what will be the implications in terms of costs?

Mr. Ronan Lupton

I thank Deputy Howlin. The answer to the question is between 12 and 24 months, not 12 and 24 days. A very significant period for IT development needs to happen across every telecommunication company - it is called "service provider" within the Act - that is subject to this particular set of changes and provisions or production and preservation orders and all these mechanics. There need to be staff changes, not just technology. Modifying technological issues on telecommunication networks is an extraordinarily expensive endeavour. The answer to the Deputy's question is between 12 and 24 months.

Mr. Ronan Lupton

It is very difficult to put that in context but I would say we are looking at double-digit millions. We are looking at probably €1 million to €2 million for the developments around production preservation per operator. If we say there are probably 30 to 40 operators or maybe more, and it could be up to 50 operators that would need to get their houses in order to comply with this, we are looking at in or around the €50 million to €100 million mark just to comply with the changes as they are. That is my estimate. It is very difficult to give the Deputy homework on this given that the scheme was only given to us last week. My best guess is around that figure, however.

Okay. I thank Deputy Howlin. Deputy Martin Kenny had his hand up next.

I thank Mr. Lupton. In regard to his opening statement, Mr. Lupton also mentioned that we must have an eye on emerging and developing law across the European Union as things progress. How does he feel this legislation before us, which we assume from talking to everybody could be improved upon, will fit as we look forward? How future-proofed is it? What more needs to be done to ensure that can happen?

Mr. Ronan Lupton

We are playing catch-up here. The Digital Rights Ireland, DRI, case was eight years ago. The Tele2 case was five years ago. We are, therefore, only bringing ourselves into the modern day, effectively, with regard to what way the legislation should work. There has been an impediment, unfortunately, and I am not pointing the finger at the Department of Justice because a Bill was generated in 2017 that was not reached during the lifespan of that Government.

In fact, it went to pre-legislative scrutiny and there were issues with it at that stage. It was taken back from the first set of review. It is difficult not to point the finger at the State for not having done this sooner.

As to whether the Bill is future-proofed, it brings us to where we need to be today. The technologies in this area change all the time. State security measures need to keep up with criminal activity. That is a significant challenge. The question is whether we are bringing it up to date in terms of law. I think we are faithfully trying to do that but it is only being brought up to date, as opposed to future-proofing. It is very difficult to future-proof in the manner suggested in the question.

One of the main criticisms that came from the European Court of Justice related to mass surveillance and the protection of people's right to privacy in this context. The issue here is to try to find the balance between protecting that right and having an effective method that can assist An Garda Síochána or other law enforcement agencies to do their work appropriately and in the right space. Does Mr. Lupton believe this Bill has a distance to go to achieve that balance?

Mr. Ronan Lupton

As the Deputy is aware, there has been a history of subversive and terrorist activity in this country which has required legislation from the 1980s and onwards to deal with the retention of data. The question is what is the correct procedure in that regard. Those kinds of actors have not gone away. I make the point in my written submission that there is a requirement to assist law enforcement. There is no question about the saving of human life, the investigation of offences and the security of the State trumping the right to privacy, for example. The reality, however, is that there are laws and provisions that need to be met. We are getting to that stage. The general scheme of the Bill brings us into that position but there are issues outstanding. Mr. Sunderland has identified particular issues in terms of the gaps relating to the area of data protection. I was quite enthused by his opening statement. I am sure the committee will hear more from him on that issue, so I will redirect that question towards the Data Protection Commission. His submissions comply with mine. I think Dr. McIntyre, too, has views that are similar to mine. There is a requirement but we need to get it right. The effort so far is good but it does not quite get us there. There are issues still for Mr. Kelleher and the Department, in conjunction with the Attorney General, to get 100% correct.

I had intended to ask how long it will take to build the technologies but that question has been answered. Does Mr. Lupton have any comment to make on the remarks of other contributors with regard to justifying exceptions, judicial remedy and the lack of oversight in the heads of Bill that we have seen?

Mr. Ronan Lupton

There is oversight now in the heads of Bill, which is obviously a good development. There is a question mark in my head with regard to whether there should be an independent authority, which might act more quickly than the judicial function. In other words, if it is going to court, a specific court needs to be designated. I know there may be designated courts across the country to assist Assistant Commissioner Kelly and his workforce in terms of getting warrants, production orders or whatever it happens to be. There is that issue. We now are in that space where the supervision will be correct, and that is a good development. I do have a question about ex post review. In other words, where something happens in an emergency, the member of the Garda or whoever requires the information must go back and justify the position and that is all fine. Members will have seen in my submission the issues relating to the Murray report, with which I know Dr. McIntyre will deal. A very significant issue involving journalists' records being procured in the context of a Garda Síochána Ombudsman Commission, GSOC, inquiry gave rise to the Murray report and the effort that went into that. There needs to be a situation where certain categories of citizens have different types of rights. I am really talking about journalists in that regard. That is something that must be front and centre. There must be an ability for a District Court judge, or a High Court judge in the case of State security issues, to be able to convene an inter partes or two-way hearing to seek and hear challenges if challenges can brought in respect of procurement, production and general preservation orders that might arise in the context of this legislation.

I have lots of general questions but I will follow up on them with the witnesses afterwards. One of the concerns I have, in addition to those relating to some of the questions already asked, relates to legal frailty. If this legislation is ignoring the Corcoran decision, as well as CJEU and European Court of Human Rights, ECHR, jurisprudence, if the current form is not compliant and if we have not really complied with the mandatory consultation with the DPC in the context of the general data protection regulation, GDPR, are we simply setting ourselves up to be in the exact same place in a few years' time? Will this legislation be thrown out by the CJEU in the context of another high-profile case? Will convictions or investigations conducted on foot of this legislation be at risk?

Mr. Ronan Lupton

The answer to that lies in the fact that the Department of Justice is already working on the communications retention and disclosure Bill. I would like to see that consulted on widely rather than this general scheme come in but there is an imperative to comply and to fix the issues. The question is for how long. My concern is that this proposed Bill, the communications (retention of data) (amendment) Bill 2022 might survive for longer than it should. In other words, the priority here should be the new arrangement in terms of retention and disclosure and the significant draws or lines between what is before us in the general scheme of this Bill and what will be proposed in future. Deputy Costello is right; there could be legal challenges and other issues here. If the committee is reporting on it, my submissions - I am not complimenting myself here - in conjunction with the other submissions that have been made are all sensible in the sense that this is what needs to happen to assist Mr. Kelleher and the Department to get it right or get it slightly better and pay attention to the national legal norms, such as in the Corcoran decision, for example. It is not just that decision; there are other issues that need to be considered. We need an overhaul on this and it needs to happen quickly. I hope that addresses Deputy Costello's question. I am happy to speak to him after the meeting if he needs anything clarified.

I know Mr. Lupton is under time pressure, so I will release him at this point with thanks for the statement he provided at the weekend and the further statement he provided ahead of the meeting.

Mr. Ronan Lupton

I am obliged to the committee. I apologise to the other witnesses for going ahead of them. I appreciate their allowing me to do so. I thank the committee again.

I have a broad question. I thank the witnesses for their contributions. We seem to be running to try to rectify a situation based on the CJEU ruling and, from the contributions I have heard this morning, it seems that everyone is doing their best to run fast to fill that space. Realistically, however, while everyone wants to do it as best we can, how much time would we need to get it as correct as possible?

I think Mr. Lupton has closed his connection. He told us he had to finish at 10.15 a.m., so he may have had to leave us. I will come to the Senator in the next round, which we are about to kick off.

As one of the witnesses had to leave, we took him first. That was a practical way of doing things. If members wish a particular witness to answer their questions, they should feel free to mention that, but the witnesses should feel free to come in on any question on which they wish to make a point.

My first question is for Assistant Commissioner Kelly. He mentioned in his opening statement a concern I have. From my understanding of the proposed legislation, it includes the 90-day retention window that has been described in some correspondence as a fast freeze. We are aware that in many of the more high-profile investigations, the suspect will not be identified until beyond 90 days, particularly in the case of mobile phone data. I can think of at least two cases - there are probably multiple other such cases that may have received less attention - in which the suspect is not known to the investigating gardaí or anyone else until after 90 days. The data on Mr. X, who may be an innocent bystander, may be frozen on day one. After 90 days expire, that person is exonerated, hopefully, but meanwhile Mr. Y, who was a culpable party and may be the murderer or wrongdoer has effectively escaped scot-free because the 90-day window did not start in time. Is that a concern? Is it an issue with which the Garda will have to grapple?

Mr. Justin Kelly

Absolutely. The Chairman makes a good point in respect of the forward-facing nature of the 90-day period.

That is one of the major concerns for us in these very serious criminal investigations. In my experience of dealing with those types of investigations, the traffic and location data are often central to pointing us in the right direction and helping us to gather evidence. In many of these major investigations, we have no idea who the culprit is at the start of the investigation. The significance of a telephone number or address will not be apparent to us at the start. It will only be after some time that we identify a number that might be relevant and will lead us towards evidence. Not being able to access the data retrospectively, as the Chairman rightly pointed out, is a major concern for us.

I do not want Mr. Kelly to prejudice any ongoing investigations and I understand he may have to be circumspect in how he responds to my next question. Is the Garda in a situation where it may have data sets at the moment that it will be compelled to delete after the enactment of this Bill?

Mr. Justin Kelly

The conversations around that with our legal team are still ongoing. I am not really in a position to give the committee an answer at the moment. I am sure the Chairman can appreciate that we only received the material on this relatively recently. It is something on which we can come back to the committee.

We all appreciate that. This issue is arising out of obligations under European law and decisions of the European Court of Justice and other bodies. There is not a degree of flexibility insofar as the Oireachtas is concerned. Having said that, it appears the Bill will impair the Garda's ability to investigate crime. Is that a fair comment?

Mr. Justin Kelly

Absolutely. As I pointed out in my opening address, there are some very positive aspects of it, especially in regard to subscriber details, cell site analysis and the whole area of missing persons and threats to life. For us as investigators, there is stuff that is helpful around kidnappings, tiger kidnappings and child abductions. There are some aspects that really clarify issues for us. As I also referred to, there is provision in the whole area around judicial authorisations. We absolutely welcome that and it reflects what we do in a lot of areas, particularly around search warrants. We certainly welcome those provisions but there absolutely is a concern in regard to the non-retrospective aspect.

I thank Mr. Kelly. My next question is to Mr. Kelleher. I put the same question to him at the meeting on Monday but I am afraid I must ask it again in public session. It is a concern to the committee and to me, as Chairman, that the legislation was presented to us with only a couple of days to go prior to its enactment. There was a pre-legislative scrutiny waiver request, which the committee refused and, hence, we are here today. I am thankful to everybody in the room for making this happen.

In his opening statement, Mr. Kelleher stated that the Government approved the drafting of the general scheme of the Bill on 31 May. We know the data retention directive was annulled in 2014, arising from the 2011 legislation. We know that in January 2019, a decision of the High Court led to an appeal relating to the legislation. We know a preliminary opinion was delivered a year ago and the final, official opinion of the European Court of Justice came in April. Despite all of that, it was not until 31 May, some two months after the final decision, that we got approval to start drafting legislation. It strikes me that we would not be in this sort of whirlwind, end-of-term race to get this over the line had we started at any stage prior to that. As some of the witnesses suggested in their opening statements, the information has been out there for some time. I have outlined the timeline and others made the point that the need for action was not unexpected. How are we in a situation in which we are dealing with the legislation in this manner?

Mr. Dan Kelleher

As the Chairman noted, he and I engaged on this point the other day. For the benefit of everyone, I will try to recap our response as best as I can. The view in the Department, sanctioned by the Ministers of the day, was that this was an area of the law that was continuing to evolve and we had to see how the case law would evolve. As the Chairman and some of the witnesses rightly said, it has been evolving for quite a few years.

Internal legal advice has been obtained at every stage. The most significant recent development probably was the judgment in 2016. A year later, as some of the witnesses mentioned, a general scheme was published by the former Minister, Deputy Flanagan. Drafting work was carried out on that scheme. I can only honestly, in transparency, advise the committee that a judgment call was made while that general scheme was progressing - it went up to a ninth draft, as we call it in the drafting trade, under the Parliamentary Counsel - that it would be unwise to publish that Bill when the ongoing litigation in the case we alluded to earlier was ongoing in the High Court, then the Supreme Court and then the European Court of Justice.

If anyone were to read the Supreme Court's referral of the Dwyer case to the European Court of Justice, it is very illustrative of the complexities of this area. Clearly, if the Supreme Court felt the law was sufficiently settled, it would not have felt the need to refer the case to the European Court of Justice. It would simply have drawn down the case law based on its expertise and applied that in the Dwyer case. When one reads the Supreme Court referral, one sees a particularly important fact highlighted, which is that the Dwyer case was the first case the court was aware of in which expert witness evidence was obtained from An Garda Síochána and, as I understand it, from a telecommunications industry analyst. Obviously, it was a case with the most graphic of circumstances imaginable. The court felt these factors needed to be considered by the European Court of Justice.

There is another factor, which is that there was a judgment, which I alluded to in my appearance before the committee earlier in the week, called La Quadrature du Net, of October 2020. That was the first case in which the European Court of Justice acknowledged at all that there could even be general and indiscriminate retention of traffic and location data. As members will be aware, however, the court made a very clear distinction as to general and indiscriminate retention of data for national and state security reasons, allowing for that in certain circumstances, which we did not know before. If we had legislated prior to then, that opportunity would not have been there. The court went on to say there could not be general and indiscriminate retention of data for the investigation of serious crime purposes. In both the La Quadrature du Net judgment of October 2020 and the Dwyer judgment of April this year, the court went on to explain further the other countermeasures that may be taken and will go some way towards mitigating the loss of general and indiscriminate retention of data. In the case of the accelerated or expedited retention of data in individual cases, which the Chairman correctly mentioned, the court explained and fleshed out its thinking in this regard in both the La Quadrature du Net and the Dwyer judgments.

I probably am going on too long about this. There has been a lot going on in this space. The decision that has been made internally at my end is that we need to legislate now because, at a very minimum, we need to start the clock running again on lawful retention of data in order that national security requirements and law enforcement requirements can recommence, as it were, in regard to accessing data lawfully. One of the witnesses mentioned the lack of transitional provisions in the Bill. That is a matter on which we remain in contact with the Attorney General. It is one of the matters we were not able to box off in the scheme of the Bill as approved by the Government during the week. It is one of the supplementary issues that will be addressed in the Bill as published.

I should mention the other issues that, unfortunately, I did not allude to in my presentation earlier, that are in the Bill to be published. They include extensive provisions for statutory guidance on how all of these provisions will operate in the form of secondary legislation. The secondary legislation is issued to the Oireachtas for 21 days and it can accept it or revoke it. That is probably too long an answer.

I thank Mr. Kelleher. It was a little over time, but it is of interest to all the members. I think it is important that we have that question answered. The guidance will certainly be welcome, because a code of conduct has been mentioned a number of times, and a working group or some kind of industry engagement body.

I have another question for Assistant Commissioner Kelly. Probably one of the ways to deal with this is to look at scenarios. We all remember the Joe O'Reilly case in north County Dublin. His wife was murdered, and CCTV and telecommunications were part of the method that was used at that time to investigate the case. If a similar situation arises after this legislation comes in, a victim is found somewhere and the Garda has identified a potential suspect or perhaps more than one, in that case, can they go to a judge and seek to get telecommunications data to identify the movement of the person using existing technology or does it have to be an issue relating to State security? In such a case, it would clearly not be the latter: it would be a criminal issue. What is the situation, or would the Garda feel they were hampered?

Mr. Justin Kelly

One point that it is important to understand is that telephone analysis would be one element in any of these major criminal investigations. As Deputy Kenny correctly points out, there could also be something like CCTV. He is correct that if national security is at stake, we can look backwards and retrieve the data, but our understanding following the European ruling is that we cannot go backwards to retrieve telephone data for serious crime. I do not want to discuss the particular case the Deputy mentions, but he is correct that, in general for a homicide case, we could not go backwards and retrieve the data unless there was a national security element to it. As I said in my opening remarks, that would be a difficulty for us but phone analysis would be one element of a major investigation and we would obviously have all the other elements open to us. It would very much depend on the individual case and how important an element the telephone analysis is. I hope that is useful.

Yes, that is the real issue I have with it in respect of a serious situation like that.

What would happen if we had a situation where the Garda did have access to a piece of data and in examining it another crime came to light, which had not been the subject of the judicial application to examine the data? Could the information be used, or would the Garda be prohibited from using it? For instance, if there was an issue of national security, and a phone or other device was examined and something unrelated such as child pornography came up, would the Garda be inhibited from using the information because it would be in the realm of criminal activity and the judicial go-ahead had not been secured in respect of it?

Mr. Justin Kelly

At the moment, a scenario such as the one the Deputy poses would not be unusual, in that in the course of investigating one type of crime another type of crime could come to our attention. We would obviously proceed and investigate the second-----

I am sorry, but Mr. Kelly broke up a little bit. Did he say he would not be able to proceed?

Mr. Justin Kelly

I apologise for the connection. As I was saying, that would not be an usual situation. Currently, we could be involved in one investigation and another type of crime could come to the fore. We are obviously obliged to investigate that as well. In regard to the data, as I said to the Chair, in terms of the new situation we find ourselves in, we are still examining all the options with our legal people. I am not in a position to give a full answer in regard to that at the moment.

That is fair enough. Perhaps Mr. Kelleher could enlighten us some little bit in that regard. I know the Minister has indicated that other legislation is coming later in the year. Is the Department's position that future legislation will hopefully fill some of the gaps that we see in this Bill? Is that the intention?

Mr. Dan Kelleher

If I understand the question correctly, it is if the Garda is investigating one scenario, be it for national security or law enforcement, and comes across what we might call indicators of another crime being committed, whether it can use that to pursue the crime. It is very difficult to prescribe specific scenarios, but if we could just take it back to first principles, the general and indiscriminate retention of data in the future will only be for a national security purpose. The data will be in a box, as it were, and to get into the box we must be able to show that there is a national security angle to the request. Let us assume that if we go into the box for a national security reason and when we get the data we have indicators of criminal activity, we cannot un-ring the bell. We have seen the information and I suspect that we would have to go off and do a separate investigation, but we cannot forget that we have come across that information. Were we to have sought that information in the first place for a law enforcement reason, we would not have received the information.

The second plank of my reply relates to what Deputy Kenny asked could be done if online child abuse material was discovered. I apologise to my colleague from An Garda Síochána because he would not have seen the latest versions of the text. The Bill to be published next week will allow for retention of IP source data, as I mentioned earlier, and that data will generally be retained and access to it will be permitted, subject to judicial authorisation, as the CJEU has acknowledged is allowed, for both national security purposes or for serious crime purposes. We have been made aware that it is a particularly important power for the investigation of online child abuse scenarios. This is complex, so that is the best answer I can give at this moment in time.

The final point I would make is that if information is initially being sought for a criminal investigation purpose, in the guise of what we call a preservation order or production order, for law enforcement, those orders will be forward going in time because we cannot get around the fact that general retention is for national security purposes only.

I will make a very quick reference for the aid of the committee. In the Dwyer judgment online in the CJEU, I think it is paragraph 90 to 100 of the judgment, the Danish Government asked the CJEU if it could make use of information it had obtained for a national security purpose for another law enforcement purpose and, unfortunately, from my Department's perspective, the CJEU said it could not because that would undermine the rationale that we are only retaining it in the first place for a national security purpose. It is quite a challenging set of drafting instructions that we are dealing with at the moment.

It certainly is. I just want to tease it out slightly before I move on to the next questioner. The new provisions in the Bill, in the updated text, allow the IP source data to be accessed, but the data that have been transmitted from those IP ranges are not accessible. We know the postbox, but we do not know what was in it. Is that right?

Mr. Dan Kelleher

This Bill will only deal with the IP data.

It will not deal with the content of communications.

Jurisprudence has said it is permissible to retain the data indiscriminately for national security. We understand that is the exception that has been carved out. We understood from Monday's session there was no exception for serious crime, but apparently there is for IP ranges only. Is that right?

Mr. Dan Kelleher

It is for what the technologists call IP source data.

Is that data any good without knowing what is being transmitted through it?

Mr. Dan Kelleher

The purpose of this data, as I understand it, is if law enforcement comes across unlawful online content, it can seek the IP source data that linked to it and follow the breadcrumbs to see what IP address accessed it so it can pursue its investigation of someone who accessed unlawful content and potentially committed a criminal offence. It can work backwards from the unlawful content to see who accessed it. I hope that is clear but perhaps not. I know it is difficult. It is difficult for me too.

We might return to it.

Mr. Justin Kelly

I might be able to add clarification around IP addresses and child abuse material. As the previous speaker referred to, IP addresses are key to those investigations. Currently, a tech company would report child abuse material and be able to tell us an IP address. For us, it is imperative to understand who the subscriber of the IP address is. We find out who the subscriber is. We do not get the content, as was just referred to, but the detail of where the person lives. That, with the various checks we have to go through, can allow us to apply to court for a search warrant to recover evidence. We will still be able, in the new situation, to get subscriber details from those IP addresses, so the investigation of child abuse material should continue as it is done now. I hope that adds clarification around the child abuse investigations referred to.

The conversation has been extremely helpful to date and shows that we need an awful lot more of it. I will make an observation and ask three questions.

The observation is as follows. In response to the Chair's question to Mr. Kelleher, I think, having been here a long time, that Departments sometimes feel they are the legislators and we are here simply to rubber stamp. An evolving situation should involve us, as the Oireachtas, and the general public, so we are all party to the development of something that will impact on every citizen's life. It is an invidious situation that, at the end of a long process involving nine drafts of a Bill that nobody here ever saw, we are expected, as the Legislature, to simply accept all the complexities of the evolution. I hope, in general terms, we might have better engagement from an earlier stage in these things.

It goes to the point Deputy Costello made. Our concern is to make sure we have robust legislation enacted that gets the balance right between European Court-mandated rights of citizens and ensuring the gardaí have the best possible capacity to fight crime. We do not want a serious investigation to be undermined at some future date by a repetition of a court case. That would be very worrying.

On the requirement for consultation with the DPC, the deputy commissioner has said he received the general scheme eight days ago and the updated Bill 24 hours ago. Does Mr. Kelleher think that is adequate? That is my first question. I have a related question on complying with Article 35 of the general directive on data protection. There is a requirement under that for a data protection impact assessment. Has that been complied with in the presentation of this Bill?

My third question relates to a question asked previously. Overarching legislation is being developed which will be more intricate and complex. Is it Mr. Kelleher's view that it would be appropriate, in these circumstances and given all the concerns raised by the people who have given submissions to us to date, that this legislation should have a sunset clause enacted and be overtaken by the more comprehensive legislation when we have time to introduce it?

Deputy Martin Kenny took the Chair.

Mr. Dan Kelleher

On the consultation with the DPC, I will give a straight answer to a straight question. It is not adequate and it would be invidious of me to argue otherwise, given the time constraints. However, there is a context, given that this is emergency legislation. I will not rehearse the arguments for emergency legislation I gave earlier.

It is an emergency seven years in brewing.

Mr. Dan Kelleher

According to views expressed here, yes, and I have answered that with the corresponding argument. I respect the point made there. That is the first answer.

On the data protection impact assessment, I am not certain which Article 35 the Deputy referred to. In any event, take it as read that it is there. I know what a data protection impact assessment is. It is clearly prescribed in the Data Protection Act 2018 and the GDPR. In specific form, we have not had the time to carry out a written, formal data protection impact assessment in line with such assessments seen in the past.

Does Mr. Kelleher think it is a legal requirement to do that?

Mr. Dan Kelleher

I am not clear on the specific section as to whether it is mandatory. I can certainly check that. In substance, we have analysed the impact of the legislation on individuals. The clearest impact is on privacy. The Court of Justice judgments, which I am sure the Deputy has seen, deal at length with privacy rights and the impact thereof, which are grounded in the Charter of Fundamental Rights. The privacy rights prescribed in Court of Justice rulings are incorporated into the Bill. Were one to have done a data protection impact assessment, one would probably have concluded that the legislation requires objective verification of requests for information. That is provided for in the Bill.

The Deputy's third question was whether, in my view, there should be a sunset clause in the legislation. My opinions are not as important as those of the Minister and Government but I can undertake to bring that back to my hierarchy. I do not think it is feasible for me to offer a view on that but I fully understand the point the Deputy is making.

I have one or two questions for Mr. Kelleher. I share the concerns about the rushed nature of this. Section 6(1)(a) was struck down and the new proposal is for the amendment of section 6 by introducing a new one. Section 6(1)(a) stated a chief superintendent may require the service provider to disclose user data in relation to what that Act defined as a "serious offence".

This new proposal refers to "A member of the Garda Síochána, not below the rank of Inspector" and relates to a person whom the member suspects of having committed an offence. This type of offence does not seem to be defined in the proposed legislation, however. Perhaps I am reading the general scheme wrong, but I do not see a definition of "an offence". What type of offence would this be? Would it involve a five-year definition as well? Is it proposed that this will be in the eventual Bill? I ask because there is no reference to a serious offence in the context of this proposed change.

My other question is for Assistant Commissioner Kelly, who believes wider consultation is necessary. Who does he think that wider consultation should be with? Can he think of any specific types of cases in this regard? He mentioned tiger kidnappings and child abduction. Is he saying that if this new legislation is not introduced in this expedited manner that the hands of the Garda will be tied in respect of a tiger kidnapping, for example, if that happened between now and October, when the other Bill is due to be proposed?

Deputy James Lawless resumed the Chair

Were those questions posed to anyone in particular?

My first question was to Mr. Kelleher and the second was for the assistant commissioner.

Mr. Dan Kelleher

I will step forward for the first one. There were two planks to the Deputy’s questions to me. As I understand it, the first aspect concerned whether there is a modification of the legal definition of "a serious offence” in the 2011 Act. As will be recalled, we are not replacing this Act, but doing running repairs to it and adding elements where we think it necessary. No change is proposed to the legal definition of "a serious crime" in this proposed draft amending Bill.

Regarding the second aspect concerning the Deputy’s query about the grade of Garda officer who can seek disclosure in the context of the new section 6(1)(a), which I think the Deputy mentioned, that refers to " A member ... not below the rank of Inspector", this is a policy drafting decision we have made. We have put in the phrase “not below the rank of Inspector”, and that is a floor and not a ceiling. It will be a matter for the Garda authorities to determine how they wish to pitch that operationally. When I was dealing with and engaging on this question the other day, I also mentioned that part of the thinking behind it - and it is not in this provision, which deals with subscriber data, but it is there for the other category of data, which is traffic and location data - was that it is not the inspector making the decision to access traffic and location data. He or she is authorised to ask the court to permit access to the traffic and location data. This is what drove the decision to put in the phrase “not below the rank of Inspector”. As a result, the Garda will have a degree of operational discretion in how it deploys this power in respect of its grades of staff.

The Garda will be free to use an inspector at any time.

Mr. Dan Kelleher

Yes, the force certainly would be.

The definition in the proposed new section 6(1)(a) refers to "having committed an offence". Is this offence defined somewhere? The previous section referred to a serious offence, which was defined as an offence which could carry a five-year sentence. Of course, stealing something from a shop could fall under that category. Is what constitutes an offence more widely defined or is it defined somewhere? I just do not see it in the draft Bill.

Mr. Dan Kelleher

I am looking at the general scheme. Are we looking at the same document?

I am looking at the new proposed section 6(1) of the draft Bill that was circulated

Mr. Dan Kelleher

I beg the Deputy’s pardon. That does indeed refer to a crime and not a serious crime. The reason for this difference is that the Court of Justice of the European Union has indicated that there does not have to be a serious crime involved for there to be access to this type of subscriber data. It will be called user data in the eventual Bill, but it is substantially similar. Therefore, it can be any type of criminal offence. Regarding traffic and location data, a serious offence will have to be involved, the definition of which is unchanged. Therefore, the Deputy’s reading of this is correct. An officer not below the rank of inspector will be able to seek access to user data in respect of a criminal offence and not a serious criminal offence and such access does not require judicial authorisation, based on our understanding of the court's rulings.

For a public order offence, then, such as being drunk in a public place, would it be possible to seek this type of data?

Mr. Dan Kelleher

Yes, but I would see the words “not below the rank of Inspector” as particularly relevant in such a case. The Garda has discretion in how it deploys this provision.

My second question was for Assistant Commissioner Kelly.

Mr. Justin Kelly

I will take the second part of the question first. On location data, every year we make a substantial number of applications for this type of data. It is commonly known as cell site analysis. As I said, this could be in cases such as tiger kidnappings, child abductions and missing persons. We will continue to be able to do that. Section 6(1)(b) includes provisions relating to protecting the life or personal safety of a person and in respect of missing persons cases. We will be able to continue to do that.

Moving to the Deputy’s reference to inspectors, as was rightly pointed out, that is the minimum rank. From a practical point of view, it is envisaged that the Garda would probably centralise this aspect. Designated inspectors would be undertaking this activity or it would be centralised at Garda headquarters. This would be similar to what we do in the context of various other types of applications. Therefore, that would be a protection that would be in place in this regard. We have not finalised the technical details of how we will undertake this, but there will be protections in this context. I hope this is useful to the Deputy.

Yes. The suggestion in this proposed amendment of reducing the rank concerned from that of chief superintendent to inspector came from An Garda Síochána. Is that the case?

Mr. Justin Kelly

I am not aware of where this proposal came from first. It will be seen that a superior officer is referred to in the section concerned with a preservation order. This is a member of An Garda Síochána not below officer rank, which would be superintendent or chief superintendent. Therefore, there are two separate elements here. Inspectors are referred to in some sections and then are references to superior officers in other sections. As I said, from our perspective, regarding the mechanics of how this will work, it will probably be centralised and we will probably have specialised inspectors whose role it will be solely to act in these situations.

Regarding the final part of my question, the assistant commissioner mentioned that he feels wider consultation is necessary. With whom does he think that should be undertaken?

Mr. Justin Kelly

Similar to some of the previous speakers, this would be with the communications service providers on the transition period and similar concerns raised earlier. It was those providers I was referring to in my opening statement.

I thank the assistant commissioner.

I call Deputy Pringle.

I welcome this opportunity. Before I start, I will let the meeting know that we have been informed the closing time for submitting amendments in respect of this proposed legislation is two minutes from now, that Second Stage will be taken next Tuesday and that Committee Stage will be taken on Wednesday. The final version of the Bill has not even been published yet, but we are supposed to submit amendments within the next two minutes. The whole process calls the point of this meeting into question. Unfortunately, this committee is, sadly, contributing to this situation because we are engaging with this process. This is because we are trying to do the right thing. The Department has foisted this fiasco on us. I seriously wonder about the point of even asking questions in this context. I say that sadly, because I think this is an interesting and useful undertaking and it could contribute to the process of producing good legislation if it were dealt with properly. The situation we have now is solely down to the Department. It may be a ministerial position, but it is definitely down to the Department. This is a sad reflection.

The Department has wasted the time of everyone who is present and those contributing via the video call.

On that point, I will give the Deputy extra time. I am taking advice on the matter because I was not aware of it either.

Neither was I until five minutes ago.

It would be disappointing if that were the case.

It is beyond disappointing. It is unacceptable.

Yes. We are trying to find out whether that is the position. I have asked the clerk to make some inquiries - they are being made at the moment - to see whether that is correct. The purpose of this exercise is to inform and assist the finalisation of the Bill-----

And the drafting of amendments.

We will suspend for a moment while we take some advice. It is an important issue.

Sitting suspended at 11.01 a.m. and resumed at 11.11 a.m.

I welcome members and witnesses back in the room and thank them for bearing with us as we took some advices. A point of information had arisen which was of great concern. I can advise the meeting that it has been addressed. I spoke to the Government Chief Whip and the clerk has spoken to the Bills Office to be sure to be sure. A concern was raised very legitimately, and it was of significant concern to the committee, that the Bill might have been out the gap, so to speak, and had been published. However, I am told that it has not been published and will not be published until we have completed our scrutiny which was planned for today. The intended timeline is that the Bill would be published tomorrow or possibly late this evening but that there would be a reasonable time for amendments to be tabled. A reasonable period is not defined but I take it to be a minimum of 24 hours. I also understand that the Ceann Comhairle has discretion to allow windows. I am told that we will not end up in a situation where amendments are closed before the meeting has concluded. There will be a period following the meeting in which amendments can be tabled. I am also advised that the Bill has not been published and will not be published until we conclude at least this session. It is our intention to produce a report, albeit an expedited report, this afternoon or this evening following this session. I thank Deputy Pringle for raising the point. I think that it has been addressed. I do not know what was happening but I am told that it is not happening now anyway.

The Business Committee meeting is going on at the moment where it is being scheduled. While on paper, it addresses the issue, in fact it does not because this process will not have any influence on the legislation unless the Department can tell us now that it will redraft and include anything that comes out of this meeting today in the legislation that will be published later this evening. If that is the case, good luck to them. They will be fairly busy. It still calls the whole process into question and how the Department looks at it. What the Chair says allows us to be able to submit amendments if we see the legislation in time, that is all that it does. It does not do anything about the robustness of the legislation or the process. That is important.

Absolutely. The Deputy's concerns are well aired and grounded. We as a committee can do our job which is to scrutinise, make recommendations and issue reports and members can table amendments as, indeed, can the Minister, after our discussion. I understand the Business Committee is discussing the scheduling requirements for next week and it is intended that this will be on the schedule next week. As I say, it has not been published yet. I am not in the Department and I do not know its inner workings. I know that Mr. Kelleher is a busy man and he may be even busier this afternoon. I appreciate the concerns. As far as we can, the matter has been addressed for now.

Does Deputy Pringle want to put some points to the witnesses?

While I have the floor, I will return to the sunset clause. Deputy Howlin raised it earlier. The reply was that it is a matter for Minister whether one is included. Will a sunset clause be included between now and this afternoon? I doubt it very much.

Mr. Dan Kelleher

As I indicated to Deputy Howlin, I will accurately report back to the Minister what the suggestion was around the sunset clause and take instructions from there. That will happen subsequent to this meeting.

So between now, 12 noon, and this afternoon.

Mr. Dan Kelleher

Sorry, to interrupt, but I should add for factual information that the Bill as currently drafted does not include a sunset clause. It is probably important that I confirm that factually.

Would it be possible given the European ruling to include the sunset clause?

Mr. Dan Kelleher

I suspect that it would be but it would be something on which I would have to seek advice from the Office of the Attorney General. I could not speak to that myself but I can certainly seek advice on it were I instructed to do so.

I think that it would be urgent that there would be a sunset clause on this given that the legislation is being dressed up as a temporary measure while we were waiting for the fuller legislation to come on board. It would be interesting to see how temporary it will be.

Is there a risk that this Bill could be an attempt to determine another case already before the courts which saw the Sinn Féin Funds Act 1947 struck down as unconstitutional. That is Digital Rights Ireland v. The Minister for Communications and others. What impact is this legislation intended to have on that case?

Mr. Dan Kelleher

I am not familiar with the case. Perhaps I should be. The purpose of the legislation is to address issues raised in the Court of Justice judgments. That is the sole focus of the Bill. How it would be applied in an case post-enactment would be a matter to be adjudicated on by the courts, one would assume.

I raised this during private session on Monday and I will raise it again today. The Bill refers continuously to the security of the State as being the rationale for much of this stuff happening. There is no definition of what the security of the State entails in terms of the Bill although one might appear between now and 4 p.m. The explanation then was that it goes back to the Offences against the State Act and that there is no definition of the security of the State in that either and therefore it was not felt as thought there was a need to insert a definition. I wonder if that is a way of circumventing the issue of whether these relate to the security of the State or ordinary criminal investigations. Is that why there is no definition there?

That sounds like the Danish case that we heard about earlier. I had the same thought myself..

Mr. Dan Kelleher

With apologies to the Deputy for repeating my answer from the other day, there is no definition for the security of the State in this Bill. It is a standard drafting and policy approach not to define the security of the State. The long-standing rationale for that is that it is a concept so tied in to the concept of the State and the Constitution that the application of the concept is a matter left to how the courts interpret the phrase. It has always been the policy view that such a definition would not be included in legislation. There are no plans to define the security of the State in the Bill.

Therefore it could be left to the Minister for Justice or someone in the Department to define what is the security of the State depending on the circumstances. That is what it seems to be.

It would be by a judge ultimately.

Ultimately. If you are lucky to get that far.

Is Senator Gallagher online? I know he tried to come in earlier but we had to cut him short. Is the Senator in a position to speak now?

May we allow some of our guests to come in?

Yes, we can certainly do that. I just want to make sure that any members who have not yet contributed are given the opportunity if they want to do so. Has Deputy Costello contributed to this round?

Me may do so now.

I want to start by making some general remarks. If we are going to quote the Sinn Féin funds case and Supreme Court judgments, we should all have concern - in the words of Chief Justice Ó Dálaigh - for the contingencies of "an improbable but not-to-be-overlooked future". I came across those words in Mr. Justice Hardiman's decision in DPP v. JC. His introduction to that judgment is very apt now. He was concerned about the force publique and the need to actively protect fundamental freedoms. That is ultimately the background to what we are considering today. The legislation was struck down on the grounds that it did not sit with the EU Charter of Fundamental Rights. That is the context within which the Bill should be considered and weighed in the balance. Like others, I also have concerns about the process, but I will skip over those briefly.

I will pick out some general themes on the basis of what the witnesses have stated. Several of them mentioned the protection of sources, judicial authorisation and oversight and independent oversight. I am concerned that we are not living up to the importance of protecting those fundamental rights of EU citizens. We could end up - partly because of the rushed legislation and the failure to recognise these issues - in the same situation where this and even the next legislation will be thrown out, possibly in the context of a horrendous case, invalidating a swathe of criminal investigations. Good work by An Garda Síochána could be thrown out because of these procedural failings.

By way of another general observation, much reference is made about senior Garda officers being able to issue their own warrants and approve their own search requests. While we are focused on senior officers, I have voiced concern about that in other pre-legislative scrutiny debates, so I feel I should say it again here.

What do Mr. McIntyre and the DPC consider to be the effect of the mandatory consultation periods and the lack of a data protection impact assessment, DPIA? How much of a legal frailty does it introduce and could the legislation be left open to challenge? We are rushing this proposed legislation. It is complex in terms of its subject matter and needs to be taken slowly so that we do not get it wrong. Rushed legislation has a habit of being wrong. We have these two risks combined, which is quite concerning. Are we introducing a fatal legal frailty into the proposed Bill?

Mr. Kelleher spoke about the background to the general scheme. The timeline in his submission seems to start quite late. It does not mention the Tele2 case, the Digital Rights Ireland case or the Murray report. It does not really mention the previous pre-legislative scrutiny. Why were the issues raised in the Murray report and the previous pre-legislative scrutiny ignored when drafting the Bill?

One of my concerns might be addressed by the assistant Garda commissioner. While I have spoken generally about restraining the force publique - to quote Mr. Justice Hardiman again - I am conscious of the Blazejewicz case, which involves Garda access to web data. I appreciate that this is an ongoing case, so I will not say more. There was a previous case involving a member of An Garda Síochána using surveillance technology to trace and check in on a former partner. We have seen the treatment of whistleblowers and journalist sources. In light of the new and extensive powers gardaí will get without independent oversight or the possibility of an ex post facto review, as raised by others, is the assistant Garda commissioner happy that there is ample internal oversight to prevent abuse of these powers by individual gardaí?

Deputy Costello has taken up with time with questions, but I will allow time for answers because they directed at a few people. I am also mindful that Dr. McIntyre and Mr. Sunderland have not had the chance to get in as much yet. It is important to get around the room in these session. The Deputy's first question was for Dr. McIntyre and the DPC. His other questions are for Mr. Kelleher and the assistant Garda commissioner. We will take Dr. McIntyre's response first followed by the DPC.

Dr. T.J. McIntyre

On the first part of the question, the Deputy is absolutely right that this kind of measure requires a DPIA under Article 35 of the GDPR. In addition, it requires prior consultation with the DPC under Article 36. On top of that, there are extra obligations under the law enforcement directive that was implemented into Irish law by section 84(12) of the Data Protection Act 2018, which also requires prior consultation. As we have seen, none of these requirements have been met and in fact Digital Rights Ireland has already written to the DPC about that.

I turn to a second point touched on by Deputy Costello, and raised previously by Deputy Pringle, regarding the Sinn Féin funds case principle and the issues this legislation raises in that regard. Committee members will recall that the Sinn Féin funds case concerned the question of interference by the Legislature in ongoing civil litigation and the extent to which that was permissible. In this context, Digital Rights Ireland is the party to some of that litigation. Therefore, I will not say much about this case, except to note that it is very unlikely that this legislation will retrospectively legitimise the retention of data that has already been retained. That ship sailed quite some time ago. It will be very unlikely, be it in the context of litigation such as the Digital Rights Ireland case or future challenges to the admissibility of criminal legislation, that the adoption of this legislation will retrospectively validate what happened before it. In that sense, one can take it that such a problem cannot be retrospectively fixed. This point was expressly made by the European Court of Justice in the Dwyer case, which stated that member states cannot limit the retrospective effect of findings of illegality under European law. If one tried to apply what is being proposed retrospectively, one would be doing it in a way that would contravene the principle outlined in the Dwyer case. Hopefully that answered Deputy Costello's question as it was addressed to me.

We might bring Mr. McIntyre back in for a general observation. He has not had as much floor time because of the way the questions have rolled.

Mr. Dale Sunderland

I addressed the issue of prior consultation in my opening remarks. It is a mandatory requirement and it is in the process of the legislative measure that the mandatory consultation takes place. Therefore, we have been consulted in far from ideal circumstances, which I have mentioned and which the Department has accepted. There is a process underway now. What is important for us in the DPC is that we complete our substantive review, which we are doing as a matter of urgency on the revised text of the Bill. We hope to be in a position to provide substantive observations to the Department very shortly.

I refer to Deputy Costello's question on internal oversight of the powers of An Garda Síochána.

The DPC conducted a number of audits a number of years ago in respect of the operation of the 2011 Act. We concluded that the strict assessment criteria were deployed by centralised liaison units in each of the State agencies and, in particular, An Garda Síochána. We noted the attention given by the liaison units, when working with the investigation units on the ground, to ensure that the scope of disclosure requests were narrowed down and refined to the minimum at all times. Our audit team found that the principles of proportionality in assessing relevance were applied in all of the disclosure requests examined and, in all cases, were reviewed, signed and approved at the required level on a case-by-case basis. That was in the context of the 2011 Act. Of course, things have changed as regards the broader principles around what the Court of Justice of the EU has stated regarding retention of data. If it gives the Deputy any comfort, the DPC's assessment at the time was that the internal operations and processes within An Garda Síochána were working properly.

I welcome what departmental officials have said about the implementation of statutory instruments to regulate or to provide guidance on how this new Act should function. That will be absolutely essential. There will be a requirement for each of the bodies involved and associated with operating the Act to look again at all their procedures to ensure that, even from a first principles data protection point of view, all the necessary safeguards are implemented, and especially that principles are being adhered to.

The audit reports I referred to are summarised in our 2016 and 2017 annual reports, which we can provide to the committee if that is helpful.

Deputy Costello's time is up, but I will allow his questions to be completed. He had questions for the assistant commissioner and Mr. Kelleher. Does Deputy Costello need to recap his question his question to the assistant commissioner very briefly?

It is about the issue that was just raised. Given that there is a history of breaches of data protection and so on, and we are handing over such extensive new powers, is the assistant commissioner satisfied there is sufficient internal oversight to prevent misuse of these powers?

Mr. Justin Kelly

Mr. Sunderland has encapsulated the recent review quite well so I will not go back over that. On obtaining national security data, as we have seen, that has to go before an authorising judge, so there are obviously strong safeguards in respect of that. The Deputy raised the issue of obtaining data relating to national security where there is a case of urgency. There are also significant safeguards relating to that. A data request has to come from a superior officer who is a member at superintendent level or above and there are quite a narrow set of terms. There has to an imminent threat to State security or a threat to destroy data. In addition, when that is invoked, that superior officer must make a report on it to an officer of An Garda Síochána who is not below the rank of assistant commissioner. That superior officer must also make a report to the authorising judge. As we have seen, if that authorising judge has concerns, there is a separate process that was referred to involving a referee who can conduct an investigation if he or she is not satisfied that the procedures were adhered to properly. In my opinion, strong safeguards are in place. I hope that brings some comfort to the Deputy.

I will move on to the next questioner. I know Deputy Costello has a question for Mr. Kelleher but we have gone over time and other people want to get in. Senator Ward has indicated. I also welcome Deputy Farrell, who is participating remotely, to the committee. I understand he has joined the committee and will attend in lieu of Deputy Creed, who was formerly a member of the committee but has been discharged from it. Deputy Farrell is very welcome to his first meeting. If he wants to ask a question, I will come to him shortly. I gave him that heads-up so he is not caught off guard if I come to him. It is good to have him with us today and from now on.

My professional background is that of a criminal defence barrister. It would make my job a great deal easier if the measures in this proposed Bill went much further, or were eliminated entirely, so there was none of the data retention the State is asking for. Having said that, I have a different role when I sit in this chair. As was referred to earlier, we have to look at the protection of the security of the State. We could spend all day looking at potential misuse, for example. That question has been answered by the assistant commissioner and the DPC representatives. Of course, people can abuse their powers but it is unlawful to do so. That is a matter of putting structures in place to ensure people are not able to do that. In a personal capacity, I have many issues with PULSE, the information that is retained on it and, often, its accuracy, but that is not the subject of this proposed Bill. It may be a discussion for another day. What is very important are the structures that are maintained in place to ensure that people do not abuse their position. We cannot approach the general scheme with one eye on how things might be done illegally. We have to look at the framework of legal activity and whether it is proportionate in the context of what is required.

I agree with contributors who have criticised the lack of notice rather than the swiftness. I do not think swiftness is a problem. In fact, more swiftness would generally be a good thing for the way we do business throughout the State. There is a difficulty, however, with the lack of notice that has been afforded to members. I say that as a Member of the Seanad, which will see this proposed Bill after the Dáil has finished with it, so we will get even less notice and less opportunity, in many respects, to have our say on it. I see that as problematic. I am frequently critical of the notion of Bills coming before the Houses in a very swift fashion without the requisite notice.

I have some concerns about the suggestion Deputy Pringle made that somehow the swiftness of this calls into question the pre-legislative scrutiny process. Ultimately, the place to amend the eventual Bill is in the Dáil and Seanad. There will be an opportunity for Members of both Houses to do that. This has been a fairly robust discussion. People have had a chance to validly criticise the aspects of the proposed Bill about which they have concerns. I do not have any doubts about the validity or efficacy of this process. It is very important the Department hears what has been said here and takes it on board. It is also important to remember the Department can hear what is said here, take it on board and disagree with it. That is also a legitimate approach for the Department to take, however unhappy we might be about aspects of that.

This is a standard thing I say about all legislation; amending legislation is a bad way to start. For any citizen coming to read what these heads of Bill will become, it is impenetrable. When someone opens the first page and sees there are 20-odd sections amending an Act that is not present in this proposed Bill, it is very difficult for ordinary citizens, and those of us who are lawyers, to penetrate what is actually in the legislation. I very much favour the idea that we repeal and consolidate legislation before we amend. It is a much more straightforward way of allowing people to access what the law states.

All of that said, and taking cognisance of all the criticisms that have been made, I also recognise the two major obligations of the Department in this regard. The first is to protect us all and to protect the security of the State. I do not have a difficulty with the lack of a definition of "security of the State" because it is not defined in many other of the Acts that use the term and which have been approved by the courts in many challenges. I do not have a difficulty with that. In fact, to define the term "security of the State" is to invite problems from my colleagues in the Law Library, who will see a term and decide to pick it apart in a way it was never intended to be. I do not have a difficulty with that term, although I understand where Deputy Pringle is coming from. Of course, we should have clarity on what this term means but it is also important there be an opportunity for it to be parsed on a case-by-case basis, as appropriate. I am happy for the courts to take a responsible view when applying that.

It is also incredibly important to apply the judgment of the Court of Justice of the EU in the Dwyer case. It would be remiss to do otherwise. For that reason, it is entirely appropriate that the Department has reacted swiftly. However uncomfortable I or any other member might be with the contents of this proposed Bill, we all have to agree that it is necessary. It is something we should be moving on and seeking to amend, if that is what we want to do, as it goes through both Houses after this committee's scrutiny.

I completely agree with repealing and consolidating legislation. It is much more readable and user-friendly. Perhaps when this proposed Bill is revisited later in the year, which the Department has undertaken to do, that might be the approach to take. That would be much cleaner all around.

I call on Deputy Farrell to make his maiden speech as a member of the committee. I welcome him again. As he will probably have seen already, the way we normally operate is to allow each member five minutes, to include both questions and answers. We give a little bit of latitude.

For the information of the Chair, I was a member of the Joint Committee on Justice, Defence and Equality in the Thirty-first Dáil and a member of the Joint Committee on Justice and Equality in the Thirty-second Dáil for one year. I was reappointed two days ago. I just wanted to put that out there.

In light of the fact that the briefing documentation was only forwarded to me yesterday and that, because of my own technical ineptitude, I was only able to access it during this meeting, I will not pose any questions. However, like the Chair, I firmly agree with Senator Ward's remarks regarding the repeal and consolidation of legislation to make it more user-friendly for Departments, as is the case in this context, and practitioners in the Four Courts and beyond. I will leave it at that for this morning. I look forward to working with the Chair and the other members of the committee.

We have been around the table a few times and have heard various questions from members. Perhaps the witnesses would like to make some remarks off their own bat. They are welcome to do so. Those who wish to speak might indicate or I can take them in order if they like. That might be helpful at this stage because we have had quite a few questions and the witnesses may want to respond to some of the points that have been made if they have not had a chance to do so already. Perhaps we will start with Dr. McIntyre and then work our way around. I will give him three minutes. Is that okay? We will take some views at this stage.

Dr. T.J. McIntyre

A number of members referred to the Murray report. I want to elaborate on some points in that regard. Some members spoke about particular aspects such as authorisation, oversight and the lack of any definition of national security, which is, incidentally, required by the European Court of Human Rights. In the case of Zakharov v. Russia, it is made clear that surveillance measures must be associated with a definition of national security so that the circumstances in which surveillance measures may be used is foreseeable. While members referred to individual aspects of the Murray report that are not reflected in this legislation, rather than look at the details, it may be useful to step back a little bit and consider the overall position. The Murray report made in excess of 50 individual recommendations as to changes to the existing scheme which were necessary for compliance with European fundamental rights standards. These were not changes that were nice to have or just desirable but changes the former Chief Justice saw as essential. By my count, only one of these recommendations has been met in this proposal, that is, the adoption of independent judicial authorisation for access to data. No other recommendation has been addressed. Similarly, judging from a quick scan of the report of this committee's predecessor from 2018 in the limited time available, again, only the requirement for independent judicial authorisation has been addressed. As other speakers have already pointed out, there has been no attempt to address subsequent developments such as the very recent judgment of the Court of Appeal requiring additional protection for access to journalists' sources. Ultimately, it seems there is a fundamental disrespect on the part of the Department for the work done by the predecessor to this committee in its pre-legislative scrutiny and for the work of the former Chief Justice. To my mind, no legislation in this area should be adopted without these recommendations and the essential requirements that have been identified being taken into account.

I thank Dr. McIntyre. I know he has significant experience in this area having been a party to some of these cases and also as an academic. His views are therefore always important to get. We will go to Mr. Sunderland next if he wishes to make some observations or concluding remarks.

Mr. Dale Sunderland

I thank the Chair. At this point, I really have nothing to add to my opening statement and my subsequent comments to the committee. As I have said, our focus is now on reviewing the latest version of the proposed Bill, which we received just yesterday. As I have also said, we are carrying out a detailed examination and will revert to the Department as soon as possible with our detailed observations. That is really all I can say at this stage. I thank the Chair and the committee for the opportunity to appear at this meeting this morning.

Mr. Sunderland stated that the DPC is a statutory notice party and that there was some consultation at an earlier stage, within the past week or so. Is that right?

Mr. Dale Sunderland

Yes, that is correct.

Does the assistant commissioner want to make any remarks? He can take a couple of minutes to address any points that have been raised.

Mr. Justin Kelly

I have nothing to add. I thank the committee.

I again thank Mr. Kelly for being with us at short notice. We appreciate him making himself available. Mr. Lupton has had to leave. Has anything been left hanging that Mr. Kelleher wants to address?

Mr. Dan Kelleher

There was one outstanding question about the Murray report from Deputy Costello. There are two answers to it. They may or may not be acceptable but I will give them to address the Deputy's point. As I mentioned earlier, the key issue we are attempting to address is the principle of applying Court of Justice of the EU case law and, most importantly, the requirement for independent verification by a court or independent body in respect of disclosure requests. It is accepted that this is not everything that needs to be done in this area and we do not present it as such. As we see it, this is an urgent Bill that seeks to put retention of data on a more secure legal footing. When the Minister announced her general approach on 31 May, she restated her intention to bring forward wider reforms in this area, particularly a repeal and consolidation of all of the legal framework in this area. That remains her intention. I have nothing else to add. I thank the Chairman and the committee.

I thank all of the witnesses for their attendance. This has been a very useful engagement. Again, I appreciate the fact that they all made themselves available at short notice, some for the second time this week. I particularly thank those external witnesses who came in today and those who made written submissions. It was all very helpful to the work of the committee. That concludes our public session. I ask members to stay with us for a few moments because we have a bit of private business to conduct. We will suspend for a brief interval while the witnesses withdraw. The members will reconvene in five minutes.

The joint committee suspended at 11.48 a.m., resumed in private session at 11.54 a.m. and adjourned at 12.45 p.m. until 3 p.m. on Tuesday, 12 July 2022.
Barr
Roinn