There had been much anticipation of yesterday's Court of Justice of the European Union's (CJEU) hearing of the appeal by Graham Dwyer in relation to his conviction for murder in 2015.
The key question out of the CJEU’s eventual ruling, which will likely take at least three months to be delivered, is not whether or not the court will rule in Dwyer’s favour. It would be very surprising if it does not, on foot of its own decisions in previous cases.
The real issue will be whether or not the Irish Supreme Court, which requested the CJEU review in the first place, is told that the ruling should be applied retrospectively. Should that turn out to be the case, the Irish court must then decide if that means the Dwyer conviction itself should be overturned.
The former architect is one of Ireland’s most infamous criminals, having murdered 36-year-old Elaine O’Hara, a woman with a history of mental health problems, in cold blood in August 2012.
While his crime is notorious, the methods by which he was convicted, while ingenious, is now under the microscope.
All evidence against him was circumstantial — with the State building a forensic case tying Dwyer’s whereabouts on specific dates to a mobile phone which had been used to contact O’Hara thousands of times.
However, that relied upon the use by investigating gardaí of historical phone data, provided by the mobile phone companies.
This is where things get tricky for the State. The law in Ireland governing the use of such phone records is the 2011 Data Retention Act, which mandates that phone records should be retained for up to two years. This is the piece of legislation used to convict Graham Dwyer.
However, in 2014 — after Elaine O’Hara’s murder, but prior to Dwyer’s conviction — the CJEU delivered a judgement which in effect rendered the Irish 2011 Act invalid, on foot of a case taken by advocacy group Digital Rights Ireland. The court ruled that Irish law surrounding the retention of phone records and other personal data amounted to mass State surveillance.
That European ruling has since been reaffirmed on at least three occasions by the CJEU in other judgements concerning privacy complaints from across Europe.
Indeed, the Supreme Court was reportedly informed in November of last year that any referral to the CJEU regarding the Dwyer case would likely result in his case being upheld.
The Supreme Court elected to do so given the issue is one of European law. The Irish courts have already upheld Dwyer’s appeal that his conviction had been obtained by unlawful means.
The referral to Europe concerns three specific points of law — whether or not the universal retention of data, such as phone call and location data, is allowable; whether or not a police force can legally intervene in order to make the acquisition of such data legal; and whether or not historic convictions should be affected by the final Supreme Court decision.
The CJEU ruling will only serve to advise the Supreme Court on the aforementioned points of law — it will then be up to the Irish court to decide upon the appeal.
Whether or not Dwyer’s conviction will be overturned will not be known for some time, though legal sources are largely of the opinion that it will not be affected — with the precedent for its exemption likely to be the Supreme Court having previously ruled that unconstitutional evidence should be admitted if the prosecution had been unaware it was doing anything inadmissible.
However, while following that precedent would preserve the Dwyer conviction — which was largely investigated prior to the 2014 DRI decision — the same cannot necessarily be said for many thousands of similar convictions arrived at in recent years via mobile phone evidence being disclosed to the State.
Whatever the ruling will be, one thing which will certainly happen in the near future is the publication of an updated data retention bill, which has been in the works for five years, with the Department of Justice previously stating it would wait on the ruling of the CJEU before finalising the bill.
Meanwhile, the fact that Ireland’s prevailing data retention law is itself not lawful has largely, finally, been taken on board by the Irish bodies which had primarily made use of it — the Defence Forces, Revenue, and the gardaí.
Disclosures of communication data to State agencies dropped by 63% between 2018, when Dwyer’s High Court appeal succeeded, and 2020.