“The freedom of the just man is worth little to him if he

can be preyed upon by the murderer or the thief"

(Lord Alfred Denning, 1980)

The opening words of the Universal Declaration of Human Rights state that recognition of the inherent dignity and of the equal and inalienable rights of all members of the human family is the foundation of freedom, justice and peace in the world.

In practice, however, there can at times be a tension between these competing rights and between individual rights and social duty, as a consequence, a balancing of rights may have to be undertaken. The Charter of Fundamental Rights of the European Union, for example, recognises that the enjoyment of these rights brings with it responsibilities and duties with regard to society, the human community and future generations.

In the field of telecommunications and electronic communications, an individual’s right to privacy and data protection is fundamental and has to be respected and protected by Government in a democratic society.

At the same time, Government also has a clear duty to ensure the safety and well-being of its citizens. A tension can arise between these duties of government and a delicate balance must be struck in protecting rights which while fundamental, are not absolute.

Striking the Balance

Rights such as privacy and data protection are subject to some limitations in well known international legal instruments on human rights. For example, Article 8 of the European Convention on Human Rights, which lays down the right to respect for private life, allows for the possibility of interference by a public authority in limited, defined circumstances. Such interference is prohibited, except where it is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

Article 52 of the EU Charter of Fundamental Rights also envisages limitations of the rights it enshrines, specifying that the exercise of the rights and freedoms recognised by the Charter must be provided for by law. Subject to the principle of proportionality, limitations may be made only if they are necessary and genuinely meet objectives of general interest recognised by the European Union or the need to protect the rights and freedoms of others.

The international legal instruments on human rights recognise that it is inherent in the nature of these rights that their exercise may carry with it responsibilities, that there is a balance between individual freedoms and social duty, that individual rights may have internal limits and that one kind of right or freedom often needs to be balanced against another.

Enjoyment of rights such as freedom and security, for example, can often give rise to tension and reconciling them may require a delicate balance to be struck.

In difficult cases, there will be no magic formula for deciding where exactly the balance should be struck but principles such as legality, necessity and proportionality, and whether appropriate standards and safeguards exist, are factors that are considered in striking the balance.

The Legal Debate

Legislation to regulate areas of activity that impinge on fundamental rights will usually involve such a balancing. For example, legislation on lawful interception of communications or on the retention of electronic communications data and its disclosure for the purpose of protecting national security or fighting crime will seek to achieve a balance between the right to privacy of the individual and the public interest objective of protecting the security of the individual and the State against the threat of terrorism and criminality.

The balance struck in legislation is, of course, subject to review by the courts in the interpretation and application of legislation in individual cases and may have to be revisited in the future if found to be inadequate. For example, in relation to retention of electronic communications data and its potential disclosure for the purpose of fighting crime, an EC Directive was declared invalid by the European Court as constituting a disproportionate interference with the fundamental rights guaranteed by the European Charter of Fundamental Rights (notably the right to privacy and the right to protection of personal data) because it lacked sufficient safeguards protecting those rights.

The Irish Example

Balancing of rights can also arise at the stage of implementation and operation of legislation. Measures which lay down standards to be observed and safeguards to be provided can play an important role in this regard. Such measures have been taken in Ireland, for example, in the implementation and operation of legislation on retention and disclosure of communications data. In this sphere, the relevant state agencies, notably the Garda Síochána (Irish police force), and the service providers are the central actors.

A common understanding of what the legislation requires and close cooperation between them to deliver what is required are essential to ensure that the legislation and the necessary safeguards are implemented effectively. When the 2011 legislation on retention of data was introduced, a Memorandum of Understanding was put in place to flesh out a common understanding and promote close cooperation between the state agencies and the service providers, to foster best practice.

Furthermore, a number of practices and protocols were instituted by the Gardai in implementing the legislation that was designed to ensure that the system of requests for disclosure of retained data operates in a way that maximizes protection of data and minimizes intrusion on personal rights.

While the legislation allows a request for disclosure to be made by any officer of or above the rank of Chief Superintendent, in practice a dedicated unit, headed by a Chief Superintendent, has exclusive responsibility for processing and submitting disclosure requests to service providers.

Applications must also include details of the relevance to the investigation in question of the data requested and they must have regard to other issues of relevance, necessity and proportionality.

Having a single point of decision-making and an agreed set of guidelines of this nature makes for greater consistency and coherence and safeguards against the risk of unwarranted or inappropriate access.

The role of Service Providers

A properly regulated system of communications retention and disclosure is dependent on service providers for security and integrity in its operation. Their internal systems, processes and their management of practices for retaining, accessing and disclosing data are key to ensuring that security and integrity.

The 2011 Irish legislation, echoing the relevant EC Directive, requires service providers to adopt security measures in relation to communications data retained by them in accordance with the legislation. It requires that retained data shall be subject to appropriate technical and organisational measures to prevent accidental or unlawful destruction, or unauthorised or unlawful storage, access or disclosure. Service providers adopted a range of security measures for this purpose .

All of these internal arrangements and measures taken by the Gardai and the service providers are designed to provide additional safeguards for privacy and data protection, and further balancing, in the way the retention and disclosure system operates in practice.

Future Legislative Framework

The existing statutory framework for the regulation of retention and disclosure of retained communications data is under serious challenge in the light of the judgments of the ECJ in Digital Rights Ireland and Tele 2 and subsequent cases in the Irish and European courts. In 2018, the High Court found in the Graham Dwyer case that the relevant provisions of the 2011 legislation giving effect to the 2006 EC Directive contravene EU law and the ECHR. That decision has since been appealed to the country’s Supreme Court, whose judgment is awaited.

Mr Justice Murray’s comprehensive review of the law in this area, published in 2017, contained a number of specific recommendations for statutory amendments to provide increased balancing of rights and improved safeguards. A Bill providing for a new statutory framework is being progressed.

In relation to lawful interception, the Government has announced its intention to bring forward a revised legislative framework, among other things to cover communications services delivered over the internet.

Whatever the outcome of these proposed legislative moves may be, it is certain that the content of any new legislation and of any implementing measures taken to give effect to it will be informed by enhancement of the balancing of rights.

Expertise in the effective delivery of such an approach in the practical operation of systems and procedures will be as relevant as ever to law enforcement and service providers in implementing any new legislative framework.

For more information on any of our industry insights please contact our expert team at info@itrustethics.ie