The Communications (Retention of Data) (Amendment) Act 2022: ignore the warnings, legislate in haste, repent at leisure
The headline in the Irish Examiner is stark: “European Commission says Ireland’s new data law may be ‘inapplicable’.” Cianan Brennan reports that the European Commission “has dismissed Ireland’s new controversial data retention law as possibly ‘inapplicable and unenforceable’, as it was not submitted to the commission before its enactment”. The legislation in question is the Communications (Retention of Data) (Amendment) Act 2022; and it was, as Brennan says, rushed through the Oireachtas last summer with minimal scrutiny.
It is worth pausing for a moment to see where the Act came from, and to consider why it was so rushed. The Department of Justice repeatedly failed to take the right path, even as it has had plenty of opportunity to do so. When it finally did something, it acted hastily; and it now seems that the hasty solution hasn’t worked.
The legal story starts on 27 March 2015, when Graham Dwyer was convicted of murdering Elaine O’Hara in 2012. Much of the evidence had been gathered pursuant to Section 6(1) of the Communications (Retention of Data) Act 2011 (also here), which provides:
A member of the Garda Síochána not below the rank of chief superintendent may request a service provider to disclose to that member data retained by the service provider in accordance with section 3 where that member is satisfied that the data are required for—
(a) the prevention, detection, investigation or prosecution of a serious offence, …
That Act had been introduced to implement the Data Retention Directive (Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC (OJ 2006 L 105, 13.4.2006, p.…