Internet firms hold vast amounts of our personal data, but there is little public information about how gardaí access that information in practice. Events this week have provided some transparency, showing significant issues with Irish law.
In a post last Tuesday, X said that it had “informed 10 of its Irish users that it had successfully opposed court orders granting government access to their data, using Section 63 Criminal Justice Act 1994, as amended. In some of these cases, X went to court to ensure that it was not unlawfully forced to disclose user data.”
The right-wing news site Gript was one of those accounts. On Tuesday it posted a copy of the court order seeking all information about their account on X – including all the private direct messages sent to and from the account – for the period April 25th to 28th, 2024. Those dates corresponded to violence in Newtownmountkennedy during protests at a site intended for asylum seekers, including arson, attacks on gardaí and damage to a garda car with an axe. A journalist with Gript had attended the protests, taken videos and posted these to X.
Several prominent Irish far-right accounts have also revealed they were among the 10 X users. For example, one uploaded a court order relating to videos they posted of a protest outside the home of then taoiseach Simon Harris.
Bat conservation: Simple ways you can help these tiny mammals to thrive in your local area
Pamela Anderson: ‘I felt like life was really like death for me’
Jamie Dornan: ‘I lost my mom, and I lost four of my best friends in an accident. I had a difficult few years’
From national journalism and lecturing in TU Dublin to living as a Buddhist priest
What should we make of these cases?
The starting point is that they show a systemic problem with accessing user data. While we don’t know the full details of each case, to have 10 orders made under the same power all set aside means there is a wider problem with the legislation itself, garda practice, or both.
In the case of Gript, we can make an informed guess as to the problem. Under the European Convention on Human Rights, national laws must provide specific protections for journalists’ sources to help ensure media freedom. These must include clear criteria for when an order can be made identifying a source, including whether a less intrusive measure would suffice. Since the Corcoran Supreme Court judgment in 2023 invalidating a search warrant for a journalist’s mobile phone, it has been clear that Irish powers for accessing data fail to meet these standards, and this is presumably why the order against Gript was set aside.
This highlights a wider concern. It has been clear for many years that changes to Irish law are needed to protect journalists’ sources, and in Corcoran the Supreme Court said that “this issue requires the urgent attention of the Oireachtas”. Despite this, there is still no recognition of journalist source protection in any Irish legislation. Remarkably, the Garda Síochána (Powers) Bill published in 2021, which is meant to modernise the law on search warrants, ignores this issue entirely.
A related problem is that Irish law doesn’t require that users be alerted that their communications have been targeted, and they are not given an opportunity to challenge the seizure. If a search warrant had been executed against the Gript office, then it would have known about it; but an order to an internet firm demanding private messages is invisible. This leaves the user dependent on the whim of the firm whether to comply with the order, challenge it or tell the user about it.
In this case X chose to stand up for its users. However, it is probably not a coincidence that the users we know about are all aligned with Elon Musk’s promotion of right-wing/populist causes across Europe. X has been more likely to comply with government demands for user information since the Musk takeover, even in authoritarian countries. Would X take a similar challenge on behalf of pro-democracy groups targeted by the Orban government in Hungary?
To step back from the legal details, this is an unforced error by the Irish State and a propaganda victory for right-wing groups. The narrative is that these investigations show “totalitarian overreach” by the Irish Government, that there is something sinister about using this investigative power against far-right violence, and that the Government is setting out to undermine freedom of expression. Hyperbolic as these claims are, they are given a veneer of credibility by the fact that the law is deficient, does not adequately protect privacy of users and does not adequately protect journalistic sources.
This ties in with wider issues around societal trust. The common feature of many far-right causes such as Covid lockdowns, vaccinations and immigration is distrust in the state. But incidents such as these exacerbate this distrust. Journalists, lawyers and civil rights group have said for years that garda powers to access private communications violate fundamental rights standards and are in urgent need of reform. However, the Department of Justice remains wedded to secret state surveillance without effective oversight. By persisting in this attitude it provides grist for the conspiracy theorist mill.
Will the Irish Government learn from this incident? There will be a temptation to minimise the embarrassment, hide behind the cover of refusing to comment on ongoing investigations, or perhaps treat it as a one-off due to aggressive legal pushback from Musk. But whatever the reasons behind X’s challenge to these orders, it has done us a service by highlighting areas where the law is inadequate. This should prompt systematic reform of Irish law – and, in the meantime, other providers should be ready to challenge these orders.
Dr TJ McIntyre is an associate professor in the UCD Sutherland School of Law, consultant solicitor with FP Logue Solicitors and chairperson of Digital Rights Ireland
