Matheson


News and Insights

Print this page

Search News & Insights


New Data Retention Law Implements EU Directive

AUTHOR(S):
PRACTICE AREA GROUP: Technology and Commercial Contracts
DATE: 28.02.2011

New Data Retention Law Implements EU Directive

The Communications (Retention of Data) Act 2011 (the ‘‘Act’’) came into effect on January 26, 2011. The Act implements EU Directive 2006/24/EC on the retention of data generated or processed by or in connection with the provision of publicly available electronic communications services or of public communications networks, and repeals Part 7 of the Criminal Justice (Terrorist Offences) Act 2005 (the ‘‘CJA 2005’’),Ireland’s pre-existing data retention legislation.

Main Provisions of the Act

The Act has provisions dealing with the following:

  • the obligation to retain data;
  • security measures to be applied to the data;
    access to the data — disclosure requests by the Irish police, army and taxation authorities;
  • reports and statistics to be prepared by members of the Irish police, army and taxation authorities;
  • the complaints procedure; and
  • review of the Act by a High Court judge and the duties of the judge.

What the Act Does

The Act requires ‘‘service providers’’ (persons engaged in the provision of a publicly available electronic communications service or a public communications network by means of a fixed line, mobile telephones or the internet) to retain specified data for specified  periods (as set out below) and to make it available to the Irish police, Irish army and Irish taxation authorities in specified circumstances, by way of a ‘‘disclosure request’’:

Fixed Network Telephony and Mobile Telephony Data

The period of data retention is two years from the date on which the data was first processed (reduced from three years under the CJA 2005).

Data to be retained includes data necessary:

  • to trace and identify the source of a communication (calling telephone number, name and address of the subscriber or registered user);
  • to identify the destination of a communication (number dialled, name and address of the subscriber or registered user);
  • to identify the date and time of the start and end of a communication;
  • to identify the type of communication (telephone service used);
  • to identify the equipment used (calling and called telephone number, the International Mobile Subscriber Identifier (‘‘IMSI’’) and the International Mobile Equipment Identity (‘‘IMEI’’) of called and calling parties, and the date and time of the initial activation of a pre-paid anonymous service and cell ID from which it was activated); and
  • to identify the location of mobile communication equipment (cell ID at the start of the communication and data identifying the location of cells by reference to their cell ID during the period in which the communication is retained).

Internet Access, Internet E-mail and Internet Telephony Data

The period of data retention is one year from the date on which the data was first processed.

Data to be retained includes data necessary:

  • to trace and identify the source of a communication (user ID, telephone number, name and address of the subscriber or registered user to whom an internet protocol (‘‘IP’’) address, user ID or telephone number was allocated);
    to identify the destination of a communication (user ID or telephone number of the recipient of an internet telephony call as well as the name and address of the recipient of a communication);
  • to identify the date, time and duration of the communication (date and time of the log-in and log-off of the internet access service, together with the IP address and user ID of the subscriber or registered user, as well as the date and time of the log-in and log-off of the e-mail service or internet telephony service);
  • to identify the type of communication (the internet service used); and
  • to identify the equipment used (the telephone number for dial-up access and the digital subscriber line (‘‘DSL’’) or other end point of the originator of the
    communication).

The Act does not apply to the content of communications transmitted by means of fixed network telephony, mobile telephony, internet access, internet e-mail or internet
telephony.

Conclusion

The Act brings Irish law into line with EU directives on the matter and seeks to strengthen the digital hand of law enforcement agencies with respect to crime, whilst also more clearly delineating the circumstances in which a disclosure may occur.

This article first appeared in World Data Protection Report (February 2011).

 

BACK TO LISTING

Matheson Snapshot


About cookies on our website

Following a revised EU directive on website cookies, each company based, or doing business, in the EU is required to notify users about the cookies used on their website.

Our site uses cookies to improve your experience of certain areas of the site and to allow the use of specific functionality like social media page sharing. You may delete and block all cookies from this site, but as a result parts of the site may not work as intended.

To find out more about what cookies are, which cookies we use on this website and how to delete and block cookies, please see our Which cookies we use page.

Click on the button below to accept the use of cookies on this website (this will prevent the dialogue box from appearing on future visits)