DATA RETENTION - the storage of revealing citizen phone, mobile, e-mail and internet usage records - is a fraught and contentious area, pitting the right to privacy against the fight against crime. The problem lies in finding a judicious balance between personal privacy and public safety.
Few believe that law enforcement agencies should be denied access to records that can help prosecute serious crime but neither should ordinary citizens, including children, have their phone and e-mail accounts under constant, long-term scrutiny.
The Government has already mandated that call data - information on the numbers, the time and duration of phone and mobile calls - be held for three years. This long period of data retention has drawn criticism from privacy advocacy groups, including London's Privacy International and the Electronic Privacy Information Centre in Washington, DC. Irish privacy advocacy group Digital Rights Ireland is challenging the Government in the High Court over the issue.
The Government has now introduced legislation to also retain e-mail and internet data, based on a contentious EU directive. The Government failed to opt for a derogation to prepare primary legislation, so the directive will be implemented via a statutory instrument (SI) requiring neither Dáil debate nor approval. This draft legislation is deeply worrying. First, as with call data legislation, it goes far beyond the original intention of accessing such sensitive data only to investigate the most heinous crimes. Alarmingly, the Government has redefined "serious offences" in the SI to mean any offence carrying up to a six-month sentence. The current legal definition is any crime with a minimum five-year sentence. And while the SI would reduce the retention period to 12 months (from an EU-allowed period of two years), the legislation so broadly defines "service providers" that it could apply to a large employer like Google, online forums like Boards.ie or a personal weblog. Customers may rightly worry about the security of their private call and internet data stored in numerous places.
Combined, these elements mean thousands of requests for data would be made on service providers. The costs will lie with the service providers, sharply increasing internet access costs for business and consumers. Meanwhile, the Government struggles to improve our poor broadband record and calls for an information-led "knowledge economy". Yet an onerous data retention regime will stifle growth in exactly this area, stunting inward investment and domestic growth.
Irish data retention legislation continues to err too far on the side of the law, under the assumption that all citizens are potential suspects and any crime, no matter how trivial, justifies a level of digital surveillance that would not be tolerated in the "real world". The storage period and use of retained data must be proportionate, carefully balanced against the widely recognised right to privacy, and the assumption - basic to open democracy - that the majority of people are honest citizens. The Government needs to rethink all legislation in this sensitive area.