Legalize
Legalize / Ireland / Act

Communications (Retention of Data) Act 2011

Type Act
Publication 2011-01-26
State In force
Source Irish Statute Book
Reform history JSON API
1. Interpretation.

1.— (1) In this Act—

“Act of 1993” means the Interception of Postal Packets and Telecommunications Messages (Regulation) Act 1993;

F1["authorising judge" means a judge of the District Court designated undersection 12J(1);]

“cell ID” means the identity of the cell from which a mobile telephony call originated or in which it terminated;

F2["competition offence" means an offence under section 6 of theCompetition Act 2002, that is an offence involving an agreement, decision or concerted practice to which subsection (2) of that section applies;]

“data” means traffic data or location data and the related data necessary to identify the subscriber or user;

F3[…]

F1["disclosure requirement" means a requirement made of a service provider undersection 6, 6F, 7Cor7D;

"electronic communications network" means transmission systems and, where applicable—

(a) switching equipment or routing equipment, and

(b) other resources,including network elements which are not active, which permit the conveyance of signals by wire, by radio, by optical or by other electromagnetic means, and such conveyance includes the use of—

(i) satellite networks,

(ii) fixed terrestrial networks (both circuit-switched and packet-switched, including internet),

(iii) mobile terrestrial networks,

(iv) electricity cable systems to the extent that they are used for the purpose of transmitting signals,

(v) networks used for either or both radio and television broadcasting, and

(vi) cable television networks,

irrespective of the type of information conveyed;

"electronic communications service" means a service normally provided for remuneration which consists wholly or mainly in the conveyance of signals on electronic communications networks, including telecommunications services, publicly available telephone services and transmission services in networks used for broadcasting, but does not include—

(a) services providing, or exercising editorial control over, content transmitted using electronic communications networks and services, and

(b) information society services within the meaning of Article 1 (inserted by Directive 98/48/EC of 20 July 1998^1) of Directive 98/34/EC of 22 June 1998^2which do not consist wholly or mainly in the conveyance of signals on electronic communications networks;]

F4[…]

“Garda Commissioner” means the Commissioner of the Garda Síochána;

F1["internet source data" means the following data necessary to trace and identify the source of a communication by internet access, internet email or internet telephony:

(a) the Internet Protocol (IP) address, whether dynamic or static, allocated by the service provider to the source of a communication;

(b) the name and address of the subscriber or registered user to whom an Internet Protocol (IP) address was allocated at the time of the communication;]

“Minister” means the Minister for Justice, Equality and Law Reform;

“processing” has the same meaning as in the Data Protection Act 1988;

“Referee” means the holder of the office of Complaints Referee under the Act of 1993;

“revenue offence” means an offence under any of the following provisions that is a serious offence:

(a) section 186 of the Customs Consolidation Act 1876;

(b) section 1078 of the Taxes Consolidation Act 1997;

(c) section 102 of the Finance Act 1999;

(d) section 119 of the Finance Act 2001;

(e) section 79 (inserted by section 62 of the Finance Act 2005) of the Finance Act 2003;

(f) section 78 of the Finance Act 2005;

F1["Schedule 2 data" means the categories of data specified inParts 1and2ofSchedule 2;]

“serious offence” means an offence punishable by imprisonment for a term of 5 years or more, and an offence listed in Schedule 1 is deemed to be a serious offence;

“service provider” means a person who is engaged in the provision of a publicly available electronic communications service or a public communications network by means of fixed line or mobile telephones or the Internet;

F1["superior officer" means—

(a) in relation to a member of the Garda Síochána, a member of the Garda Síochána not below the rank of superintendent;

(b) in relation to a member of the Permanent Defence Force, a member of the Permanent Defence Force not below the rank of lieutenant colonel;

(c) in relation to an officer of the Revenue Commissioners, an officer of the Revenue Commissioners not below the rank of principal officer;]

F5[(d) in relation to an officer of the Competition and Consumer ProtectionF6[Commission], an officer of the Competition and Consumer ProtectionF6[Commission]not below the rank of principal officer;]

“telephone service” means calls (including voice, voicemail, conference and data calls), supplementary services (including call forwarding and call transfer) and messaging and multimedia services (including short message services, enhanced media services and multi-media services);

“unsuccessful call attempt” means a communication where a telephone call or an Internet telephony call has been successfully connected but not answered or there has been a network management intervention;

F7["user" means a person who is using an electronic communications service or other means of electronic communication, for private or other purposes—

(a) whether or not that electronic communications service or other means of electronic communication is publicly available, and

(b) whether or not that person has subscribed to the service;]

F1["user data" means the following types of data and any other types of data set out in technical specification ETSI TS 103 280 "Lawful Interception (LI): dictionary for common parameters" issued by the European Telecommunications Standards Institute that are relevant to these data:

(a) the name of the user;

(b) the address of the user;

(c) where applicable, the following data in respect of the user:

(i) the mobile telephony number;

(ii) the fixed network telephony number;

(iii) the International Mobile Subscriber Identifier (IMSI);

(iv) the International Mobile Equipment Identity (IMEI);

(v) the Internet Protocol (IP) address, whether dynamic or static, allocated by the internet access service to the communication;

(vi) the user ID;

(vii) the date and time of initial activation of an electronic communications service or other means of communication;

(viii) the date and time of the last outgoing mobile telephony or fixed network telephony communication;]

“user ID” means a unique identifier allocated to a person when they subscribe to or register with an Internet access service or Internet communications service.

(2) A word or expression used in this Act and also in Directive 2002/58/EC has the same meaning in this Act as in that Directive.

2. Non-application of Act.

2.— This Act does not apply to the content of communications transmitted by means of fixed network telephony, mobile telephony, Internet access, Internet e-mail or Internet telephony.

3. F8[Obligation to retain data

3.—(1) A service provider shall retain, in accordance withsection 12D, user data for a period of one year, or such period as may be prescribed in accordance withsubsection (2), from the date on which the data were first processed by the service provider concerned.

(2) The Minister may, for the purposes ofsubsection (1), prescribe such period (which may be less than one year, and which shall not exceed two years) as he or she considers necessary for, and proportionate to, the purposes of—

(a) preventing, detecting, investigating or prosecuting offences, including revenue offences and competition offences,

(b) achieving the objectives specified insection 6(1)(b).

(3) The Minister may, in prescribing a period undersubsection (2), prescribe different periods for different types of data specified in the definition of "user data" in this Act.]

3A. F9[Obligation to retain Schedule 2 data

3A.—(1) The Minister may, where he or she is satisfied that there exists a serious and genuine, present or foreseeable threat to the security of the State, make, in accordance with this section, an application to a relevant judge for an order under this section.

(2) Before making an application undersubsection (1), the Minister shall assess the threat to the security of the State and, in doing so shall have regard to the necessity and proportionality of the retention ofSchedule 2data pursuant to an order under this section, taking into account the impact of such retention on the fundamental rights of individuals.

(3) An application undersubsection (1)shall—

(a) be madeex parte,

(b) be upon information on oath specifying the grounds on which the order is sought, which information shall include the assessment undersubsection (2)concerned,

(c) specify the period of time for which retention of Schedule 2 data by service providers is, in the view of the Minister, having regard to his or her assessment undersubsection (2), required for the purposes of safeguarding the security of the State, and

(d) be heard otherwise than in public.

(4) A relevant judge, as respects an application undersubsection (1), may make an order undersubsection (5)only if satisfied that the making of such an order is necessary for, and proportionate to, the purposes for which the application was made.

(5) An order under this subsection shall require all service providers to retainSchedule 2data, or suchSchedule 2data as are specified in the order—

(a) for a period of 12 months from the date on which the data were first processed by the service provider concerned,

(b) in accordance withsection 12D, and

(c) subject to such conditions and directions as the relevant judge may specify in the order.

(6) Where a relevant judge makes an order undersubsection (5), the Minister shall, without delay arrange for—

(a) the order to be publicised in the national media,

(b) the order to be notified, in so far as practicable, to service providers, and

(c) a notice of the making of the order to be published inIris Oifigiúil.

(7) A service provider shall comply with an order undersubsection (5).

(8) The data to which this section applies include data relating to unsuccessful call attempts that, in the case of data specified inPart 1ofF10[Schedule 2], are stored in the State, or in the case of data specified inPart 2ofF10[Schedule 2], are logged in the State.

(9) An order under this section shall not require a service provider to retain aggregated data, data that have been made anonymous or data relating to unconnected calls.

(10) The President of the High Court shall at the request of the Minister, designate a judge or judges of the High Court to perform the functions of a relevant judge under this section, and a reference in this section to a "relevant judge" shall be construed as a reference to a judge so designated.

(11) In this section, "aggregated data" means data that cannot be related to individual users.]

3B. F11[Obligation to retain internet source data.

3B.—(1) A service provider shall retain, in accordance withsection 12D, internet source data for a period of one year, or such period as may be prescribed in accordance withsubsection (2), from the date on which the data were first processed by the service provider concerned.

(2) The Minister may, for the purposes ofsubsection (1), prescribe such period (which may be less than one year, and which shall not exceed two years) as he or she considers necessary for, and proportionate to, the purposes of safeguarding the security of the State or achieving the objectives specified insection 6C(1)(b).]

4. Data security.

4.— (1) A service provider who F12[retains or preserves] data under F13[section 3(1),3A(5),3B(1),7A(11)or7B(10)] shall take the following security measures in relation to the retained data:

(a) the data shall be of the same quality and subject to the same security and protection as those data relating to the publicly available electronic communications service or to the public communications network, as the case may be;

(b) the data shall be subject to appropriate technical and organisational measures to protect the data against accidental or unlawful destruction, accidental loss or alteration, or unauthorised or unlawful storage, processing, access or disclosure;

(c) the data shall be subject to appropriate technical and organisational measures to ensure that they can be accessed by authorised personnel only;

F13[(d) the data, except those that have been accessed and preserved, shall be destroyed by the service provider in such manner, and within such period (which shall not exceed 2 years and one month) as may be prescribed.]

(2) The Data Protection Commissioner is hereby designated as the national supervisory authority for the purposes of this Act and Directive No. 2006/24/EC of the European Parliament and of the Council.

5. Access to data.

5.— A service provider shall not access data retained in accordance with section 3 except—

(a) at the request and with the consent of a person to whom the data relate,

(b) for the purpose of complying with a F14[disclosure requirement],

(c) in accordance with a court order, or

(d) as may be authorised by the Data Protection Commissioner.

6. F15[Requirement to disclose user data

6.—(1) A member of the Garda Síochána not below the rank of superintendent may require a service provider to disclose to that member user data in the possession or control of the service provider—

(a) where the member believes that the data relate to a person whom the member suspects, on reasonable grounds of—

(i) having committed an offence, or

(ii) presenting an actual or potential threat to the security of the State,

or

(b) where the member has reasonable grounds for believing that the data are otherwise required for the purpose of—

(i) preventing, detecting, investigating or prosecuting offences,

(ii) safeguarding the security of the State,

(iii) protecting the life or personal safety of a person, in circumstances where the member believes that there is a serious risk to the life or personal safety of the person, or

(iv) determining the whereabouts of a missing person.

(2) A member of the Permanent Defence Force not below the rank of lieutenant colonel may require a service provider to disclose to that member user data in the possession or control of the service provider—

(a) where the member believes that the data relate to a person whom the member suspects, on reasonable grounds, of presenting an actual or potential threat to the security of the State, or

(b) where the member has reasonable grounds for believing that the data are otherwise required for the purpose of safeguarding the security of the State.

F16[(3) An officer of the Revenue Commissioners not below the rank of principal officer may require a service provider to disclose to that officer user data in the possession or control of the service provider—

(a) where theF17[officer]believes that the data relate to a person whom the officer suspects, on reasonable grounds, of having committed a revenue offence, or

(b) where the officer has reasonable grounds for believing that the data are otherwise required for the purpose of preventing, detecting, investigating or prosecuting a revenue offence.

(4) An officer of the Competition and Consumer Protection Commission not below the rank of principal officer may require a service provider to disclose to that officer user data in the possession or control of the service provider—

(a) where theF17[officer]believes that the data relate to a person whom the officer suspects, on reasonable grounds, of having committed a competition offence, or

(b) where the officer has reasonable grounds for believing that the data are otherwise required for the purpose of preventing, detecting, investigating or prosecuting a competition offence.]

(5) Subject tosubsection (6), a requirement under this section shall be given to a service provider by notice in writing.

(6) If the member or officer concerned considers that the circumstances that warrant the making of a requirement under this section are of exceptional urgency, he or she may make such a requirement other than in writing.

(7) A member or officer who makes a requirement under this section in accordance withsubsection (6)shall, not later than 2 days after the making of the requirement, give to the service provider of whom the requirement was made a notice in writing—

(a) specifying the requirement, and

(b) certifying that the requirement was made other than in writing due to the existence of circumstances of exceptional urgency.

(8) A service provider shall, as soon as practicable after a notice undersubsection (5)is given to him or her or, where applicable, a requirement is made of him or her undersubsection (6), comply with the requirement concerned.]

6A. F18[Authorisation to require disclosure of Schedule 2 data

6A.—(1) A member of the Garda Síochána not below the rank of inspector may apply to an authorising judge for an authorisation under this section where the member is of the belief that theSchedule 2data in respect of which the application is made—

(a) relate to a person whom the member suspects, upon reasonable grounds, of presenting an actual or potential threat to the security of the State, or

(b) are otherwise required for the purpose of safeguarding the security of the State.

(2) A member of the Permanent Defence Force not below the rank of commandant may apply to an authorising judge for an authorisation under this section where the member is of the belief that theSchedule 2data in respect of which the application is made—

(a) relate to a person whom the member suspects, upon reasonable grounds, of presenting an actual or potential threat to the security of the State, or

(b) are otherwise required for the purpose of safeguarding the security of the State.

(3) An application for an authorisation under this section shall—

(a) be madeex parte,

This document does not substitute the official text published in the Irish Statute Book. We accept no responsibility for any inaccuracies arising from the transcription of the original into this format.