EU: Rights groups say new data laws would treat everyone as a potential suspect in crime, reports Karlin Lillington
Under pressure from international law enforcement agencies, the Republic has become one of the first EU nations to draft controversial legislation that could allow personal data to be retained for up to four years.
Under secret Department of Justice proposals, detailed personal data on every Irish citizen's phone and mobile calls, faxes, and email and Internet usage, would be stored in huge databases.
"We have serious concerns that this [Bill] is treating everybody as a potential suspect in a crime," said Mr Malachy Murphy, e-rights convener for the Irish Council for Civil Liberties. "This would also appear to go against the European Convention on Human Rights, which has explicit protections for citizen privacy."
Under current data-protection laws, data may only be retained for a short period, exclusively for billing purposes - generally three to six months - and then must be destroyed.
But after the terrorist attacks of September 11th, American and British law enforcement and surveillance agencies are known to have increased pressure on EU states to relax data protection legislation and allow for increased surveillance of citizens.
Britain and the Republic are the first nations to try to introduce laws that would allow for personal information to be held for up to 15 times longer than existing legislation. Britain already allows for increased access to personal data through its two-year-old Regulation of Investigatory Powers Act (RIP). But proposed British legislation on data retention was scuppered in the wake of a major public outcry.
"The RIP Act was incredibly controversial when passed, but that was nothing compared to the opposition to data retention," said Mr Ian Brown, director of Britain's Foundation for Information Policy Research.
"Creating a huge database that is lying there for years is a huge invitation for government misuse, much less for hackers, blackmailers, criminals and others." He also believes that data retention laws "treat everyone as a suspect".
The European Parliament opened the door for data retention laws after a surprise vote in its favour last summer. Although it had rejected such proposals in the past, the Parliament apparently was swayed by law enforcement arguments that increased access to personal data was needed in the "war against terrorism".
Although the motion ran contrary to existing Irish e-commerce and data protection laws, all attending Irish MEPs voted for the proposal, excepting Green MEP Ms Nuala Ahern.
European data protection commissioners were so concerned by the vote - and by indications since that most EU member nations will issue data retention laws - that they issued a strongly-worded warning last September. In a statement, they expressed "grave doubt as to the legitimacy and legality of such broad measures". Only Germany and Austria have revealed reservations about introducing data retention legislation.
In the United States, the Department of Defence has proposed a massive database that would create individual data dossiers on every American citizen. The so-called "Total Information Awareness" database would collate all digital data gathered from public government bodies - such as tax returns, driver's licence applications, and social security information - with consumer data drawn from private companies, including mortgage, shopping and flight ticket information.
The type of data pinpointed by the proposed Irish legislation can be revealing: 3G mobile-phone networks, with phones that regularly broadcast their location back to the network, will provide information on where a person is to within a few metres, whenever the phone is switched on. The Irish legislation could also demand that Internet service providers store information on all the individual web pages that a subscriber has visited.
In contrast to the open, public consultation approach taken with RIP, it is understood that Department of Justice officials failed to consult any organisation other than the Garda Síochána in preparing the legislation. Mr Murphy said he was gravely concerned by this lack of transparency and hoped a wide range of organisations, including privacy and citizens' groups, Internet service providers, and telephone network operators, would be consulted in future.
The Irish proposals are also understood to deal only with the general area of data retention, and fail to clarify important issues of how the data would be stored, who would be responsible for managing it, and who would be able to access it.
The Department of Justice did not respond to a call asking about the Bill's details.