Personal data shared 92,000 times to State agencies by phone and internet firms

More than 50 disclosures of private communication data were provided every day, on average, to gardaí and agencies over the last five years, figures show.

The Irish Examiner can reveal that more than 92,000 disclosures were made to State agencies by phone and internet firms from 2013 to 2017 — around 18,450 on average per year.

On the back of Thursday’s High Court ruling in the Graham Dwyer case — that Irish legislation on accessing mobile phone data breached EU law — the previously unseen statistics highlight the scale of use of the power.

Operation of the powers granted to five State agencies under the Communications (Retention of Data) Act 2011 has been traditionally shrouded in secrecy.

Communication data has been described as a “vast store of private information” of people’s use (apart from content) of phones and digital devices. Mobile phone data was a key part of the case against Dwyer, who will now use the High Court ruling in his murder appeal.

Statistics released to the Irish Examiner by the Department of Justice for last five years reveal:

92,200 disclosures of communication data (mobile, landline and internet) between 2013 and 2017;

90,200 of these disclosures were to the Garda (98% of all data provided);

Disclosures rose from almost 18,900 in 2013 to 20,500 in 2015, dropping to 17,700 in 2016 and 16,000 in 2015;

Garda disclosures mirrored that pattern, rising from 18,300 in 2013 to 20,300 in 2015, down to 17,200 in 2016 and 15,600 in 2017;

Defence Forces are the next biggest user, with almost 1,380 disclosures over the five years, jumping from 180 in 2013 to 430 in 2016, falling to 300 in 2017;

GSOC received 440 disclosures over the five years; Revenue 150 disclosures.

The statistics were provided following requests to the department, including a Freedom of Information appeal, and after all but one of the State agencies refused to disclose its data.

A department statement said access to communication data was “an important tool used by law enforcement agencies the world over to prevent and detect serious crime”. The figures show usage after the 2014 and December 2016 rulings of the European Court of Justice and the Murray report of April 2017. The records show around half of Garda disclosures were for subscriber data — the name and address of the subscriber/user. The remaining data relate to call data (numbers called, type and frequency of contact and location information) and internet data (IP address, email, web history, etc).

Gardaí could seek records on all three grounds in the 2011 act: Investigation of serious crime, safeguarding state security and saving of human life. The Defence Forces can only seek data for state security. GSOC and Revenue can seek the data for serious crime. In his ruling last Thursday, Mr Justice Tony O’Connor said he was only concerned with the investigation of serious crime and mobile phone data.

The judgement has raised questions over some convictions and gardaí and DPP are examining any impact on current prosecutions.

Senior gardaí have said that their pressing concern was how, in the future, they could access this data for the investigation of serious crime.

Elizabeth Farries of the Irish Council for Civil Liberties said the figures “show a scale of retention and disclosure requests that appear largely unabated” despite the Murray review, the European Court of Justice rulings and draft laws.

She said this data can draw a “broad portrait of an individual’s activities, friendships, opinions, and private life” just as effectively as content itself.

“Therefore, the ongoing indiscriminate access depicted here, by the gardaí in particular, is a clear breach of our enshrined privacy rights under EU and international law,” she said.

Mike PalmerComment