Legalize
Legalize / Ireland / Act

Communications (Retention of Data) (Amendment) Act 2022

Type Act
Publication 2022-07-21
State In force
Source Irish Statute Book
Reform history JSON API
1. Definition

1. In this Act, “Principal Act” means the Communications (Retention of Data) Act 2011.

2. Amendment of section 1(1) of Principal Act

2. Section 1(1) of the Principal Act is amended—

(a) by the substitution of the following definition for the definition of “user”:

“‘user’ means a person who is using an electronic communications service or other means of electronic communication, for private or other purposes—

(a) whether or not that electronic communications service or other means of electronic communication is publicly available, and

(b) whether or not that person has subscribed to the service;”,

and

(b) by the deletion of the definition of “disclosure request”; and

(c) by the insertion of the following definitions:

“‘authorising judge’ means a judge of the District Court designated under section 12J(1);

‘disclosure requirement’ means a requirement made of a service provider under section 6, 6F, 7C or 7D;

‘electronic communications network’ means transmission systems and, where applicable—

(a) switching equipment or routing equipment, and

(b) other resources,

including network elements which are not active, which permit the conveyance of signals by wire, by radio, by optical or by other electromagnetic means, and such conveyance includes the use of—

(i) satellite networks,

(ii) fixed terrestrial networks (both circuit-switched and packet-switched, including internet),

(iii) mobile terrestrial networks,

(iv) electricity cable systems to the extent that they are used for the purpose of transmitting signals,

(v) networks used for either or both radio and television broadcasting, and

(vi) cable television networks,

irrespective of the type of information conveyed;

‘electronic communications service’ means a service normally provided for remuneration which consists wholly or mainly in the conveyance of signals on electronic communications networks, including telecommunications services, publicly available telephone services and transmission services in networks used for broadcasting, but does not include—

(a) services providing, or exercising editorial control over, content transmitted using electronic communications networks and services, and

(b) information society services within the meaning of Article 1 (inserted by Directive 98/48/EC of 20 July 1998[^1]) of Directive 98/34/EC of 22 June 1998[^2] which do not consist wholly or mainly in the conveyance of signals on electronic communications networks;

‘internet source data’ means the following data necessary to trace and identify the source of a communication by internet access, internet email or internet telephony:

(a) the Internet Protocol (IP) address, whether dynamic or static, allocated by the service provider to the source of a communication;

(b) the name and address of the subscriber or registered user to whom an Internet Protocol (IP) address was allocated at the time of the communication;

‘Schedule 2 data’ means the categories of data specified in Parts 1 and 2 of Schedule 2;

‘superior officer’ means—

(a) in relation to a member of the Garda Síochána, a member of the Garda Síochána not below the rank of superintendent;

(b) in relation to a member of the Permanent Defence Force, a member of the Permanent Defence Force not below the rank of lieutenant colonel;

(c) in relation to an officer of the Revenue Commissioners, an officer of the Revenue Commissioners not below the rank of principal officer;

(d) in relation to an officer of the Competition and Consumer Protection Authority, an officer of the Competition and Consumer Protection Authority not below the rank of principal officer;

‘user data’ means the following types of data and any other types of data set out in technical specification ETSI TS 103 280 ‘Lawful Interception (LI): dictionary for common parameters’ issued by the European Telecommunications Standards Institute that are relevant to these data:

(a) the name of the user;

(b) the address of the user;

(c) where applicable, the following data in respect of the user:

(i) the mobile telephony number;

(ii) the fixed network telephony number;

(iii) the International Mobile Subscriber Identifier (IMSI);

(iv) the International Mobile Equipment Identity (IMEI);

(v) the Internet Protocol (IP) address, whether dynamic or static, allocated by the internet access service to the communication;

(vi) the user ID;

(vii) the date and time of initial activation of an electronic communications service or other means of communication;

(viii) the date and time of the last outgoing mobile telephony or fixed network telephony communication;”.

3. Amendment of section 3 of Principal Act

3. The Principal Act is amended by the substitution of the following section for section 3—

“Obligation to retain user data

3. (1) A service provider shall retain, in accordance with section 12D, user data for a period of one year, or such period as may be prescribed in accordance with subsection (2), from the date on which the data were first processed by the service provider concerned.

(2) The Minister may, for the purposes of subsection (1), prescribe such period (which may be less than one year, and which shall not exceed two years) as he or she considers necessary for, and proportionate to, the purposes of—

(a) preventing, detecting, investigating or prosecuting offences, including revenue offences and competition offences,

(b) achieving the objectives specified in section 6(1)(b).

(3) The Minister may, in prescribing a period under subsection (2), prescribe different periods for different types of data specified in the definition of ‘user data’ in this Act.”.

4. Insertion of sections 3A and 3B in Principal Act

4. The Principal Act is amended by the insertion of the following sections after section 3—

“Obligation to retain Schedule 2 data

3A. (1) The Minister may, where he or she is satisfied that there exists a serious and genuine, present or foreseeable threat to the security of the State, make, in accordance with this section, an application to a relevant judge for an order under this section.

(2) Before making an application under subsection (1), the Minister shall assess the threat to the security of the State and, in doing so shall have regard to the necessity and proportionality of the retention of Schedule 2 data pursuant to an order under this section, taking into account the impact of such retention on the fundamental rights of individuals.

(3) An application under subsection (1) shall—

(a) be made ex parte,

(b) be upon information on oath specifying the grounds on which the order is sought, which information shall include the assessment under subsection (2) concerned,

(c) specify the period of time for which retention of Schedule 2 data by service providers is, in the view of the Minister, having regard to his or her assessment under subsection (2), required for the purposes of safeguarding the security of the State, and

(d) be heard otherwise than in public.

(4) A relevant judge, as respects an application under subsection (1), may make an order under subsection (5) only if satisfied that the making of such an order is necessary for, and proportionate to, the purposes for which the application was made.

(5) An order under this subsection shall require all service providers to retain Schedule 2 data, or such Schedule 2 data as are specified in the order—

(a) for a period of 12 months from the date on which the data were first processed by the service provider concerned,

(b) in accordance with section 12D, and

(c) subject to such conditions and directions as the relevant judge may specify in the order.

(6) Where a relevant judge makes an order under subsection (5), the Minister shall, without delay arrange for—

(a) the order to be publicised in the national media,

(b) the order to be notified, in so far as practicable, to service providers, and

(c) a notice of the making of the order to be published in Iris Oifigiúil.

(7) A service provider shall comply with an order under subsection (5).

(8) The data to which this section applies include data relating to unsuccessful call attempts that, in the case of data specified in Part 1 of Schedule 2 data, are stored in the State, or in the case of data specified in Part 2 of Schedule 2 data, are logged in the State.

(9) An order under this section shall not require a service provider to retain aggregated data, data that have been made anonymous or data relating to unconnected calls.

(10) The President of the High Court shall at the request of the Minister, designate a judge or judges of the High Court to perform the functions of a relevant judge under this section, and a reference in this section to a ‘relevant judge’ shall be construed as a reference to a judge so designated.

(11) In this section, ‘aggregated data’ means data that cannot be related to individual users.

Obligation to retain internet source data.

3B. (1) A service provider shall retain, in accordance with section 12D, internet source data for a period of one year, or such period as may be prescribed in accordance with subsection (2), from the date on which the data were first processed by the service provider concerned.

(2) The Minister may, for the purposes of subsection (1), prescribe such period (which may be less than one year, and which shall not exceed two years) as he or she considers necessary for, and proportionate to, the purposes of safeguarding the security of the State or achieving the objectives specified in section 6C(1)(b).”.

5. Amendment of section 6 of Principal Act

5. The Principal Act is amended by the substitution of the following section for section 6—

“Requirement to disclose user data

6. (1) A member of the Garda Síochána not below the rank of superintendent may require a service provider to disclose to that member user data in the possession or control of the service provider—

(a) where the member believes that the data relate to a person whom the member suspects, on reasonable grounds of—

(i) having committed an offence, or

(ii) presenting an actual or potential threat to the security of the State,

or

(b) where the member has reasonable grounds for believing that the data are otherwise required for the purpose of—

(i) preventing, detecting, investigating or prosecuting offences,

(ii) safeguarding the security of the State,

(iii) protecting the life or personal safety of a person, in circumstances where the member believes that there is a serious risk to the life or personal safety of the person, or

(iv) determining the whereabouts of a missing person.

(2) A member of the Permanent Defence Force not below the rank of lieutenant colonel may require a service provider to disclose to that member user data in the possession or control of the service provider—

(a) where the member believes that the data relate to a person whom the member suspects, on reasonable grounds, of presenting an actual or potential threat to the security of the State, or

(b) where the member has reasonable grounds for believing that the data are otherwise required for the purpose of safeguarding the security of the State.

(3) An officer of the Revenue Commissioners not below the rank of principal officer may require a service provider to disclose to that officer user data in the possession or control of the service provider—

(a) where the member believes that the data relate to a person whom the officer suspects, on reasonable grounds, of having committed a revenue offence, or

(b) where the officer has reasonable grounds for believing that the data are otherwise required for the purpose of preventing, detecting, investigating or prosecuting a revenue offence.

(4) An officer of the Competition and Consumer Protection Commission not below the rank of principal officer may require a service provider to disclose to that officer user data in the possession or control of the service provider—

(a) where the member believes that the data relate to a person whom the officer suspects, on reasonable grounds, of having committed a competition offence, or

(b) where the officer has reasonable grounds for believing that the data are otherwise required for the purpose of preventing, detecting, investigating or prosecuting a competition offence.

(5) Subject to subsection (6), a requirement under this section shall be given to a service provider by notice in writing.

(6) If the member or officer concerned considers that the circumstances that warrant the making of a requirement under this section are of exceptional urgency, he or she may make such a requirement other than in writing.

(7) A member or officer who makes a requirement under this section in accordance with subsection (6) shall, not later than 2 days after the making of the requirement, give to the service provider of whom the requirement was made a notice in writing—

(a) specifying the requirement, and

(b) certifying that the requirement was made other than in writing due to the existence of circumstances of exceptional urgency.

(8) A service provider shall, as soon as practicable after a notice under subsection (5) is given to him or her or, where applicable, a requirement is made of him or her under subsection (6), comply with the requirement concerned.”.

6. Insertion of sections 6A to 6F in Principal Act

6. The Principal Act is amended by the insertion of the following section after section 6A:

“Authorisation to require disclosure of Schedule 2 data

6A. (1) A member of the Garda Síochána not below the rank of inspector may apply to an authorising judge for an authorisation under this section where the member is of the belief that the Schedule 2 data in respect of which the application is made—

(a) relate to a person whom the member suspects, upon reasonable grounds, of presenting an actual or potential threat to the security of the State, or

(b) are otherwise required for the purpose of safeguarding the security of the State.

(2) A member of the Permanent Defence Force not below the rank of commandant may apply to an authorising judge for an authorisation under this section where the member is of the belief that the Schedule 2 data in respect of which the application is made—

(a) relate to a person whom the member suspects, upon reasonable grounds, of presenting an actual or potential threat to the security of the State, or

(b) are otherwise required for the purpose of safeguarding the security of the State.

(3) An application for an authorisation under this section shall—

(a) be made ex parte,

(b) be upon information on oath, specifying the grounds on which the order is sought,

(c) specify, by reference to the criteria specified in subsection (6), the terms of the authorisation sought, and

(d) be heard otherwise than in public.

(4) An authorising judge, as respects an application for an authorisation under this section, may issue an authorisation only if satisfied that—

(a) paragraph (a) or (b) of subsection (1) or, as the case may be, subsection (2), applies in respect of the application, and

(b) the issuing of the authorisation is necessary for, and proportionate to, the purposes for which the application is made.

(5) An authorisation under this section shall authorise the applicant concerned, at any time in the period during which the authorisation has effect, to require the service provider specified in the authorisation to disclose to that applicant Schedule 2 data in the service provider’s possession or control—

(a) of such class or classes as are specified in the authorisation, and

(b) subject to such conditions and directions as may be specified in the authorisation.

(6) For the purposes of subsection (5)(a), an authorising judge may specify a class or classes of Schedule 2 data by reference to one or more of the following:

(a) a particular location or locations;

(b) a particular geographical area or areas;

(c) a particular period of time;

(d) a particular means of communication;

(e) a particular person or particular persons;

(f) such other matter or feature as the authorising judge considers appropriate.

(7) This section shall apply to Schedule 2 data irrespective of whether an order under section 3A is in effect in relation to such data.

Authorisation to require disclosure of Schedule 2 data in case of urgency

6B. (1) Subject to subsection (13), a member of the Garda Síochána not below the rank of inspector may apply to a superior officer for an authorisation under this section where the member believes on reasonable grounds that—

(a) paragraph (a) or (b) of section 6A(1) applies to the Schedule 2 data in respect of which the application is made, and

(b) it is likely that, before the Schedule 2 data could be obtained pursuant to an authorisation under section 6A—

(i) the data would be wholly or partly destroyed or otherwise rendered unavailable, or

(ii) the security of the State would be compromised.

(2) Subject to subsection (13), a member of the Permanent Defence Force not below the rank of commandant may apply to a superior officer for an authorisation under this section where the member believes on reasonable grounds that—

(a) paragraph (a) or (b) of section 6A(2) applies to the Schedule 2 data in respect of which the application is made, and

(b) it is likely that, before the Schedule 2 data could be obtained pursuant to an authorisation under section 6A—

(i) the data would be wholly or partly destroyed or otherwise rendered unavailable, or

(ii) the security of the State would be likely to be compromised.

(3) A superior officer to whom an application under subsection (1) or (2) is made shall issue an authorisation under this section only if satisfied that—

(a) paragraphs (a) and (b) of the subsection concerned apply in respect of the Schedule 2 data concerned, and

(b) the issuing of the authorisation is necessary for, and proportionate to, the purposes for which the application is made.

(4) An authorisation under this section shall authorise the applicant concerned, at any time in the period during which the authorisation has effect, to require the service provider specified in the authorisation to disclose to the applicant Schedule 2 data—

(a) of such class or classes as are specified in the authorisation and in the service provider’s possession or control, and

(b) subject to such conditions and directions as may be specified in the authorisation.

(5) For the purposes of subsection (4)(a), a superior officer may specify a class or classes of Schedule 2 data by reference to one or more of the following:

(a) a particular location or locations;

(b) a particular geographical area or areas;

This document does not substitute the official text published in the Irish Statute Book. We accept no responsibility for any inaccuracies arising from the transcription of the original into this format.