European Commission says Ireland's new data law may be 'inapplicable'
EU members must submit laws that could affect the European single market to the European Commission before they are enacted, in order to reach a consensus among the bloc. Picture: iStock
The European Commission has dismissed Ireland’s new controversial data retention law as possibly “inapplicable and unenforceable”, as it was not submitted to the commission before its enactment.
The new law was rushed through the Oireachtas last summer with minimal scrutiny.
At that time, the Department of Justice was queried as to whether or not the law had been submitted to the European Commission's Technical Regulation Information System (TRIS) process while still in its draft stage, to which the department confirmed it had not been.
EU members must submit laws that could affect the European single market to the European Commission before they are enacted, in order to reach a consensus among the bloc.
Ireland’s previous data retention law, dating from 2011 and ruled illegitimate by the European Court of Justice repeatedly since 2014, has special relevance at present given the ongoing appeal by Graham Dwyer.
The convicted murderer is arguing his case should have been thrown out as the mobile phone records that convicted him were gathered unlawfully. That 2011 act remains the only law governing this area, as the 2022 act has not been commenced.
A spokesperson for the department said in December that it was believed the new law fell under an exception for legislation implementing European Court of Justice decisions.
However, despite that statement, the department subsequently submitted the data retention law to the TRIS procedure a fortnight later.
It has now emerged that the commission responded to that application, noting the law had already been enacted, and asked whether or not the bill was “at a stage where substantial amendments can still be made, for example in case of a detailed opinion issued by a member state or the commission”.
“We would like to remind the Irish authorities,” a legal officer for the EC said, that EU members must “notify their technical regulations in a draft stage, which shall remain in that stage until the end of the standstill period (March 22, 2023, or three months after the law was submitted to TRIS)”.
A spokesperson for the department said its aim remained to commence the new act “at the earliest possible date”, adding it continued to engage “at European level”.
Successive governments have come in for harsh criticism for failing to update the 2011 act for nearly a decade, despite it having been declared unlawful on at least three occasions by European courts.
The Department of Justice’s decision to fast-track the new act as an emergency priority last summer — having failed to act upon it for nearly 10 years — was heavily criticised at the time by privacy experts.
Privacy lawyer Simon McGarr said the “legislation is now automatically ineffective”.
“By truncating the oversight process and rushing the legislation through the Dáil the Government has not achieved its stated aims more quickly but have instead ensured they will have to go back and pass the legislation again with proper scrutiny and oversight from the EU,” he said.
“It is a classic case of more haste, less speed,” Mr McGarr added.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
