Cell Phone Data Retention Practices Used to Convict Dwyer in Violation of EU Law – ECJ Advisor
The data retention practices of the cellphones used to convict Graham Dwyer did not comply with European Union law, a senior legal adviser at the European Court of Justice (ECJ) has said.
The opinion issued by the Advocate General, an official court adviser, will help judges deliver a verdict expected next year in the high-profile appeal that will determine how police collect evidence through the European Union.
Cell phone data was key to Dwyer’s conviction for the murder of childcare worker Elaine O’Hara, and the ECJ ruling is likely to have implications for his separate appeal in course against his conviction in Ireland. Dwyer was convicted in 2015 for the murder of Ms O’Hara in August 2012.
The case came to the CJEU after Dwyer challenged Irish law which allowed gardaí to retain his data as contrary to EU law. Following an appeal from the Irish government, the Supreme Court asked the ECJ to clarify certain questions of EU law.
The ECJ has also been invited to rule on similar issues by French and German courts, and the three cases are all considered together.
In his opinion, Advocate General Manuel Campos Sánchez-Bordona argued that the indiscriminate retention of mobile phone traffic and location data “is only permitted in the event of a serious threat to national security”, according to one court press release.
The matter has already been settled by previous court rulings, wrote Campos Sánchez-Bordona, highlighting a 2020 ruling that general retention of electronic communications data is only permitted in very limited circumstances.
The authorities must endeavor to counter a serious and specific threat to national security, and data may only be kept for a period strictly necessary, according to the court’s prior decision.
Judgment of the Advocate General of the CJEC
These circumstances do not include “the prosecution of offenses, including serious offenses”, such as murder cases, according to the attorney general.
‘By permitting, for reasons beyond those inherent in the protection of national security, the preventive, general and indiscriminate retention of traffic and location data of all subscribers for a period of two years, Irish law therefore does not comply with the privacy and electronic communications directive, ”reads a press release from the court.
In addition, Mr. Campos Sánchez-Bordona underlined that, in the case of Ireland, decisions regarding access to stored data were taken “at the discretion of a police officer of a certain rank”. It also runs counter to previous EU case law, which requires decisions on access to data to be “subject to prior review by a court or independent authority,” he said.
There are also concerns about whether the ECJ ruling could have a wider effect and lead to more challenges to criminal convictions.
The Irish Supreme Court asked whether it was possible, in order to avoid “chaos and damage to the public interest”, to set time limits for the effect of an ECJ ruling (so as to ensure that it only applies to future convictions).
The Advocate General rejected this idea, again relying on previous case-law according to which “the referring court cannot apply a provision of national law allowing it to limit the effects over time of a declaration of illegality”.
The opinion goes against the hopes of several EU governments who have joined Ireland in calling on judges to allow less restrictive rules on data retention.
At a September hearing in the case, legal teams from a range of EU member states argued that too many privacy limitations would hamper the day-to-day work of the police and would give the advantage to criminals.
Irish Attorney General Paul Gallagher argued that the Dwyer case demonstrated the “critical role” of data retention and access in law enforcement, as the murder could not be solved without that.
But Dwyer’s lawyer, Remy Farrell SC, told the Chamber of 15 that Irish law which allowed records to be kept for two years was “extreme” and allowed anyone’s cell phones to be used as “handheld devices.” personal follow-up “.
Privacy activists have long been concerned about the risks of massive data retention, and the outcome of the case is attracting great interest across Europe.
Irish law in force at the time of the Dwyer inquiry, Section 6 of the Communications (Retention of Data) Act 2011, was based on a 2006 EU Data Retention Directive.
This earlier directive was overturned by the ECJ in 2014 on the grounds that the universal and blind retention of cell phone and internet data violated privacy and data protection rights.