Search News & Insights
Hold on Tight – New Data Retention Laws Pending
PRACTICE AREA GROUP: Telecommunications
Under current Irish law, the Criminal Justice (Terrorist Offences) Act 2005 (the “Criminal Justice Act”) obliges telecommunications service providers to retain telecommunications data for a period of three years. The Communications (Retention of Data) Bill 2009 (the “Bill”) proposes extending this retention requirement to oblige service providers to retain information concerning internet access, internet e-mail and internet telephony for a period of twelve months.
The broad objective of the Directive 2006/24/EC (the “Directive”) is to harmonise data retention rules for providers of publicly available electronic communications services and of public communications networks across all Member States. The Directive provides for the retention not only of data relating to fixed and mobile telephony services but also of information relating to internet access, internet e-mail and internet telephony for a period of not less than six months and not more than two years from the date of the communication. Ireland, along with other EU Member States was required to fully implement the Directive by 15 March 2009. The directive has been implemented in the UK through the Data Retention (EC Directive) Regulations 2009 which came into force on 6 April 2009.
The wording of the Bill has yet to be made officially available to the public by the Department of Justice, Equality and Law Reform. A draft of the Bill was circulated to the telecommunications industry for comment and it was this draft of the Bill that was made available online. Having made enquiries of the Department, we understand that the Bill is to be published imminently.
Retention of Internet Data
The Bill introduces the obligation on service providers to retain data concerning internet access, internet e-mail and internet telephony for a period of one year. The data that must be retained includes the data necessary:
(a) to trace and identify the source of a communication.
(b) to identify the destination of a communication.
(c) to identify the date, time and duration of a communication.
(d) to identify the type of communication; and
(e) to identify the users’ communication equipment.
More specifically, for internet communications data to trace and identify the source of a communication, the name and address of the subscriber or registered user to whom an internet protocol (IP) address, user identification or telephone number was allocated at the time of the communication must be retained. This would mean that information to be retained may include which websites people have visited or attempted to visit, the sender, recipient, date and time of emails and the maker and recipient of internet telephone calls.
Subject to certain exceptions, the data retained can only be accessed by a member of the Garda Siochana, not below the rank of Chief Superintendent and officers of the Defence Forces not below the rank of colonel, and only for the purposes prescribed in the Bill, namely the prevention, detection, investigation or prosecution of a serious offence, safeguarding the security of the State or for the purpose of saving human life where such life is at risk.
Unlike under the corresponding regulations in the UK, no provision is made in the Bill to reimburse any expenses incurred by the service providers in complying with the provisions of the Directive.
Retention of Telecoms Data
Part 7 of the Criminal Justice Act provides that the Garda Commissioner may request a service provider to retain for a period of three years, traffic data or location data or both (but not the content of such communications) for the purposes of the prevention, detection, investigation or prosecution of crime or the safeguarding of the security of the State. If a member of the Garda Siochana, not below the rank of Chief Superintendent, is satisfied that access to any data retained by a service provider is required for the purpose of preventing, detecting, investigating or prosecuting of an offence, or for safeguarding the security of the State, that member of the Gardaí may request the service provider to disclose the data. The current draft of the Bill proposes reducing this retention period to two years in respect of fixed network telephony and mobile telephony and expands on the definition of the types of data to be retained.