Data retention, in the context of telecommunications, defines the process whereby telecommunication service providers (CSPs) record and hold information related to telephone and internet communications processed on their networks. The Communications (Retention of Data) Act 2011 (the 2011 Act) places an obligation on CSPs to retain certain categories of data and allows senior officers in designated law enforcement agencies to access such data in defined circumstances. The 2011 act transposed an EU Directive (2006/24) which obliged member states to legislate for the retention of and access to such data. The data in question is often referred to as 'traffic data' or 'metadata' which comprises information about communications (not content) including information to identify the source, destination (phone numbers and subscriber details), timing of commencement and termination of a call, geographical location (cell site) and details of the device equipment used (IMEI and IMSI).

Telecommunications data analysis has been used extensively over the years by An Garda Síochána (Irish police force) in the protection of life and the investigation of serious crime and terrorism. The data has also been a critical component in the prosecution of serious criminal offences.

Over the past number of years, the data retention and access regime in Ireland has been subjected to greater scrutiny, mainly due to ECJ (European Court of Justice) judgements concerning issues related to the protection of privacy and human rights. These judgements – one in 2014 and the other in 2016 - have led to an increase in legal challenges in criminal trials in Ireland, on the admissibility of telecommunications related data, which has been retained and accessed under the provisions of the 2011 Act.

The Key Judgements

In 2014 the European Court of Justice (ECJ) declared Directive 2006/24 to be invalid, fundamentally because it failed to make express provision for sufficient safeguards for the protection of the fundamental rights of citizens as guaranteed by the European Charter of Fundamental Rights. In a related judgement in December 2016, the ECJ delivered a judgement (‘Tele2’) which stated that EU law prohibited national laws in member states authorising general and indiscriminate retention of traffic and location data. The ECJ also held that procedural safeguards such as prior review by an independent body were essential, in relation to accessing such data.

In 2017, former Chief Justice John Murray completed a review of Ireland’s data retention laws with respect to communications data. Judge Murray’s report identified a number of frailties with the 2011 Act which echoed many of the issues raised in the ECJ judgements of 2014 and 2016. At the same time as publishing the ‘Murray report’, the Minister for Justice and Equality also published the General Scheme of the Communications (Retention of Data) Bill 2017, which is intended to replace the 2011 Act and address issues which were identified in the ECJ judgements and also in the Murray report.

In addition to the foregoing, an Irish Supreme Court judgement is awaited in the case of Graham Dwyer, concerning a challenge to the use of mobile phone records in his trial for murder in 2015. Dwyer’s legal team claims that certain provisions of the 2011 Act breached his rights to privacy under the Constitution, the European Convention on Human Rights and the Charter of Fundamental Rights of the European Union. This Supreme Court case involves an appeal by the state against a High Court judgement in 2018 which found in favour of Mr. Dwyer.

The effect on evidence in criminal trials

The practical operation of the Irish criminal justice system means that there is often a significant time lag between a criminal investigation and court hearings where prosecutions are directed by the DPP. Currently, there are cases at trial involving evidence relating to disclosure requests for telecommunications data which were made in the period 2013 – 2017. This spans the period before, during and after significant court judgements and other important developments and leaves open to challenge, the legal status of individual requests for data which were made during this period. In adjudicating on the admissibility of such evidence, Judges have been exercising their discretion (as provided for in the 'JC' Supreme Court judgement, 2015) to examine the individual circumstances of each request for communications data.

It is inevitable that defence counsel in criminal trials will continue to argue strongly against the admittance of telecommunications data on the basis that it was obtained on foot of legalisation that was invalid. The prosecution will argue that the Judge has discretion as to whether or not such evidence can be admitted. In this regard, the prosecution will have to present evidence on issues such as the timing of the request relative to ECJ decisions, Murray report, the mind-set of the Chief Superintendent at the time of making the request and other related matters.

For more information on any of our industry insights please contact our expert team at info@itrustethics.ie