Graham Dwyer succeeds in EU challenge to Irish data retention law
Convicted murderer Graham Dwyer has succeeded in his EU court challenge to an Irish data retention law that played a crucial role in his trial and conviction.
The Grand Chamber of the Court of Justice of the European Union (CJEU) held that the “general and indiscriminate” retention of electronic communications data for the purpose of combating serious crime is precluded by EU law.
The CJEU ruling follows a referral by the Irish Supreme Court in February 2020, which was hearing a leapfrog appeal from the State against a High Court ruling in December 2018 which agreed with Mr Dwyer that the Communications (Retention of Data) Act 2011 was incompatible with EU law.
Mr Dwyer, who was sentenced to life imprisonment in March 2015 for the murder of a woman, brought the civil proceedings in support of his ongoing appeal against his conviction, in which he has argued that the trial court had incorrectly admitted traffic and location data relating to phone calls.
However, legal experts have said Mr Dwyer’s success in the CJEU does not necessarily mean he will win his appeal.
The CJEU ruling deals in large part with Directive 2002/58 on privacy and electronic communications, which “enshrines the principle of confidentiality of both electronic communications and the related traffic data and requires inter alia that, in principle, persons other than users be prohibited from storing, without those users’ consent, those communications and data”.
Although Article 15(1) of the directive “permits member states to adopt legislative measures that ‘restrict the scope’ of the rights and obligations laid down inter alia in Articles 5, 6 and 9 of that directive … that provision provides for an exception to the general rule … and must thus, in accordance with settled case law, be the subject of a strict interpretation”.
The court said national legislation requiring the retention of personal data “must always meet objective criteria that establish a connection between the data to be retained and the objective pursued”.
Although the directive does not preclude member states from ordering the retention of data on a time-limited basis with independent oversight for the purposes of safeguarding national security, the court rejected submissions from the European Commission that “particularly serious crime could be treated in the same way as a threat to national security”.
“As regards the objective of combating serious crime, the court held that national legislation providing, for that purpose, for the general and indiscriminate retention of traffic and location data exceeds the limits of what is strictly necessary and cannot be considered to be justified within a democratic society,” the judgment states.
“In view of the sensitive nature of the information that traffic and location data may provide, the confidentiality of those data is essential for the right to respect for private life … it is necessary, within a democratic society, that retention be the exception and not the rule, as provided for in the system established by Directive 2002/58, and that those data should not be retained systematically and continuously.”
Dr David Kenny, a constitutional law expert and an associate professor of law at Trinity College Dublin, told Irish Legal News that the ruling may not be decisive in Mr Dwyer’s criminal appeal as a result of the Supreme Court’s previous ruling in DPP v JC [2015] IESC 31.
He said: “The JC case from the Supreme Court in 2015 held that evidence gathered unconstitutionally/in breach of rights is no longer per se excluded, but its exclusion considered case-by-case. The same rule will likely to apply to breach of EU rights.
“The question in the Dwyer case will likely be if the breach of rights in the gathering of the evidence is ‘conscious and deliberate’, meaning whether the authorities gathering the evidence knew or ought to have known that they were acting in breach of rights.
“If they knew or ought to have known, the evidence should be excluded. If they did not know, the evidence can be allowed even though rights were breached in the gathering of the evidence.
“The State will likely argue that it did not know that the retention and access of data in this case was in breach of EU rights and EU law. The applicant will likely argue that the State knew or ought to have know, by the time of trial at least, that blanket retention regimes were suspect in EU law.”
He added: “On my reading of the facts and the JC case, I think there are good grounds for upholding the conviction on the basis that the breach of rights was not conscious or deliberate.”
In a series of tweets this morning, justice minister Helen McEntee said her department and the Attorney General’s office will consider the Supreme Court’s judgment “when the case is finalised”.
Mrs McEntee said: “I expect that the Supreme Court’s judgment will bring clarity in this important area to inform the necessary legislation, thus supporting to the greatest degree possible the work of An Garda Síochána to tackle crime and carry out effective investigations.
“This legislation will need to take account of the outcome of the Supreme Court’s referral to the Court of Justice of the European Union, and the judgment of the Supreme Court.”