Government’s mass surveillance plan unlikely to hold up to EU scrutiny
It was revealed this week that justice minister Helen McEntee secured a High Court order requiring mobile phone service providers to retain users’ data for 12 months for the purpose of “safeguarding the security of the State”.
Civil rights organisation Digital Rights Ireland (DRI) reacted by describing the move as “mass surveillance of Ireland’s entire population [being] secretly approved by the High Court”. As the Irish Examiner reports, the application was held behind closed doors under the Communications (Retention of Data) Act 2011.
Noting that such collection and retention of data is “a form of mass surveillance which allows for the mapping of the private activities of virtually every person in Ireland”, DRI has said that both the High Court order and the lack of transparency surrounding it were “gravely concerning”.
A key fact that DRI and others have noted is that the order is also likely to be contrary to Court of Justice of the European Union (CJEU) case law. Put simply, the move to hoard data is likely to prove illegal.
As a result, it is not only calling individuals’ rights into question, it could result in future criminal trials collapsing or judgements being overturned if such data was used to secure a prosecution. This is especially important given that the proximate cause of the change appears to be just such a case: in 2022 the European Court of Justice (ECJ) ruled that “criminal behaviour, even of a particularly serious nature, cannot be treated in the same way as a threat to national security”.
Europe’s data island
Michele Neylon, chief executive of hosting provider and ISP Blacknight Solutions, says data retention is nothing new, and it can be legitimate, but it needs to be transparent. In fact, a serious overhaul of the law would be more welcome than endless modifications, he says.
“Data retention legislation has been on the books for years and has been modified and updated. While the focus is on mobile phones it’s actually pretty broad in scope, covering ISP connections, e-mail and, depending on how you interpret it, it could cover a very broad swathe of data. That’s the core issue,” he said.
Neylon says the problem with what has now been proposed is that there is no way to understand it.
“We don’t know what argument was presented [and] we don’t know what evidence was presented, which is hugely problematic. There is no issue with retaining data, but it has to be specific, and it has to be proportionate,” he said.
This, it should be noted, is happening in a country that is already in danger of angering its EU peers: Ireland, which is home to the EU outposts of most of the tech and social media giants, has a reputation for allowing businesses to play fast and loose with data. It is also now being claimed that the country is attempting to silence critics of Ireland’s data protection regime.
So, on the one hand, Ireland has a reputation for having light-touch regulation of data handling by business, particularly the foreign direct investment sector, but at the same time seems happy to enact tough data collection legislation directed at the general population.
It sounds like a contradiction, but perhaps it isn’t. Perhaps Ireland’s approach to data is simply fundamentally closer to that of the US than it is to the rest of the EU: your data belongs to everyone but you. However, in an era when data is more important, and valuable, than ever, it seems only right that individuals have a real right to ownership of, and control over, the data they create.
Subscribers 0
Fans 0
Followers 0
Followers