T.J. McIntyre writes:
Ronan Lupton (barrister and also chair of Irish telecom industry body ALTO) has written a particularly useful and well informed analysis of the impact of the new Data Retention Act on Irish law and has been kind enough to allow me to mirror it here.
Read his analysis of the Communications (Retention of Data) Act 2011 on IT Law in Ireland.
As an American, I found it to be very informative to see how data retention and disclosure requests are handled elsewhere. What I don’t see in the act or analysis of it is judicial oversight for disclosure requests. As long as the state agent (from the Garda Síochána, the Permanent Defence Force, or the Office of Revenue Commissioners) is above the specified required rank and asserts that the data are needed for certain purposes, it seems that the providers must (“shall”) disclose the data in short order, with no notice to the customer or any opportunity for the individual or customer to attempt to quash a request for their non-content information.
By way of contrast, in the U.S., such disclosure requests can be handled without notice to the consumer/customer under certain conditions (such as notifying them would have an “adverse result” on an investigation or might lead to destruction of data, etc.), but as the Twitter Records case demonstrates, many Americans do not want companies just disclosing even non-content records without some showing on the requestor’s part of “specific and articulable” facts that demonstrate that the records are really relevant and material to an investigation or legitimate government function. On paper, then, it might seem that American laws embody more privacy protections than the new Irish data retention law, but of course, that doesn’t mean that the requests really play out that way.