ICS IT Law Blog Part of the ICS Blogs Network

Retention of Data – Strengthening the Hand of Law Enforcement?

Thursday, April 14, 2011 · Posted in Data Protection, General, Uncategorized

The Communications (Retention of Data) Act 2011 (the “Act”) , came into effect on 26 January 2011. The Act implements Directive 2006/24/EC on the retention of data generated or processed by or in connection with the provision of publicly available electronic communications services or of public communications networks and repeals Part 7 of the Criminal Justice (Terrorist Offences) Act 2005 (the “CJA 2005”), Ireland’s pre-existing data retention legislation.

The text of the Act has not yet been published, however, the note proceeds on the assumption that no material changes from the Act as amended in the Select Committee on Justice, Equality, Defence and Women’s Rights in Dáil Éireann have subsequently been made.

What does the Act do?

The Act requires “service providers” (persons engaged in the provision of a publicly available electronic communications service or a public communications network by means of a fixed line, mobile telephones or the Internet) to retain specified data for specified periods (as set out below) and to make it available to the Irish police, Irish army and Irish taxation authorities in specified circumstances, by way of a “disclosure request”.

The period of retention for data and the retention requirements will depend on the type of data:

Data Type: Fixed network telephony and mobile telephony data.

Period of Retention: 2 years from the date on which the data was first processed (reduced from 3 years under the CJA 2005)
Retention Requirements: Data to be retained includes data necessary:

  1. to trace and identify the source of a communication (calling telephone number, name and address of subscriber or registered user);
  2. to identify the destination of a communication (number dialled, name and address of subscriber or registered user);
  3. to identify the date and time of the start and end of a communication;
  4. to identify the type of communication (telephone service used);
  5. to identify the equipment used (calling and called telephone number, the International Mobile Subscriber Identifier (“IMSI”) and the International Mobile Equipment Identity (“IMEI”) of called and calling parties, and date and time of the initial activation of a pre-paid anonymous service and cell ID from which it was activated); and
  6. to identify the location of mobile communication equipment (cell ID at the start of the communication and data identifying the location of cells by reference to their cell ID during the period in which the communication is retained).

Data Type:Internet access, internet email and internet telephony data

Period of Retention: 1 year from the date on which the data was first processed
Retention Requirements: Data to be retained includes data necessary:

  1. to trace and identify the source of a communication (user ID, telephone number, name and address of the subscriber or registered user to whom an Internet Protocol (“IP”) address, user ID or telephone number was allocated);
  2. to identify the destination of a communication (user ID or telephone number of recipient of an Internet telephony call as well as the name and address of the recipient of a communication)
  3. to identify the date, time and duration of the communication (date and time of the log-in and log-off of the Internet access service, together with the IP address and user ID of the subscriber or registered user as well as the date and time of the log-in and log-off of the e-mail service or Internet telephony service);
  4. to identify the type of communication (the Internet service used); and
  5. to identify the equipment used (the telephone number for dial-up access and the digital subscriber line (“DSL”) or other end point of the originator of the communication).

The Act does not apply to the content of communications transmitted by means of fixed network telephony, mobile telephony, internet access, internet e-mail or internet telephony.

Main Provisions of the Act

The Act has provisions dealing with the following:

  • the obligation to retain data;
  • security measures to be applied to the data;
  • access to the data – disclosure requests by the Irish police, army and taxation authorities;
  • reports and statistics to be prepared by members of the Irish police, army and taxation authorities;
  • the complaints procedure; and
  • review of the Act by a High Court judge and the duties of the judge.

Conclusion

The Act brings Irish law into line with EU directives on the matter and seeks to strengthen the digital hand of law enforcement agencies with respect to crime, whilst also more clearly delineating the circumstances in which a disclosure may occur.

Leave a Reply