GSOC, the legislative process, and the privacy rights of citizens: what is the law?  

 We are pleased to welcome this Guest Post from Eimear Spain and Shane Kilcommins.

The Garda Siochana Ombudsman Commission is an independent agency established under the 2005 Garda Siochana Act to deal with matters involving possible misconduct by members of the Garda Síochána. Last month it was revealed that it scrutinised the phone records of two journalists. The Minister for Justice and Equality, Frances Fitzgerald, has appointed Mr Justice John Murray to carry out a review of the legislative framework in respect of access to communications data of journalists. In defending the use of such powers, the current GSOC Commissioners pointed out that it was the legislative body of the State which made Garda leaks a serious offence, and it was also the same body which granted powers to access phone records and internet data to GSOC. As the Commissioners noted: “Gsoc must use any lawful means provided by the legislature ‘to ensure that its functions are performed in an efficient and effective manner…’”.

Surveillance Powers

Surveillance powers are provided for under three main pieces of legislation in Ireland: the use of surveillance and tracking devices under the Criminal justice (Surveillance) Act 2009; the interception of postal packets and telephone conversations (phone tapping) under the Postal Packets and Telecommunications Messages (Regulations) Act 1993; and the use of information that has been generated by various service providers arising from the use of mobile phones and landlines under the Communications (Retention of Data) Act 2011. Under the 2011 Act, a request for disclosure of data may be made if a member of An Garda Siochana is satisfied that the data is required for the prevention, detection, investigation or prosecution of a serious offence. It is clear that the legislature made leaking of data by a member of An Garda Siochana is a serious criminal offence under section 62 of the Garda Siochana Act 2005, thus giving power to request data in any such investigation. 

What are GSOC’s surveillance powers?

Upon establishment in 2005, designated officers within GSOC were conferred with all the powers, immunities and privileges conferred on any member of the Garda Síochána under any enactment or common law in existence at that time or enacted subsequently including powers of entry, arrest, charge, summons, search, detention, questioning, and the taking of bodily samples. The only exclusions were contained in section 98(5) of the Garda Siochana Act, 2005 and related to powers under the Offences Against the State Acts and in relation to phone tapping. GSOC were specifically excluded from having powers under the 1993 Act, with members of the legislature submitting that giving GSOC powers to tap telephones would permit them to act ‘as a separate police force’. Michael McDowell, the then Minister for Justice, was even more explicit: “I would not be comfortable giving the Ombudsman Commission the right to tap the telephones of politicians or journalists in pursuit of its criminal investigations’. GSOC were also subsequently specifically excluded from the 2009 Surveillance Act, section 17 of which expressly provides that the powers under the Act, including surveillance and tracking powers, did not apply to them. This provoked considerable debate in the Dail but a proposed amendment to provide them with surveillance powers was not carried (69 against the proposed amendment as opposed to 63 for it).   

However, GSOC were given powers upon establishment in 2005 under the Postal and Telecommunications Act 1983 (as amended) to request information on the use made of telecommunications services. They were also conferred with powers under the Criminal Justice (Terrorist Offences) Act 2005 which compelled a service provider to comply with a request for disclosure of traffic or location data retained for the purposes of the prevention, detection, investigation or prosecution of crime (including but not limited to terrorist offences). This Act was replaced by the Communications (Retention of Data) Act 2011, which was introduced in the dying days of the 30th Dail. Most recently, section 5 of the Garda Síochána (Amendment) Act 2015, permits GSOC to use surveillance and tracking devices, and to intercept postal packets and telephone conversations, powers which were previously unavailable to them.

What are the potential issues with GSOC’s accessing of phone records under the 2011 Act?

The Communications (Retention of Data) Act 2011 provides under section 6 that a member of An Garda Siochana not below the rank of Chief Superintendent, an officer of the Permanent Defence Forces below the rank of Colonel, or an officer not below the rank of principal officer in the Revenue Commissioners could request data from the service providers under the Act. While GSOC was not mentioned in the section 6 access provision, as the Act conferred powers on members of An Garda Síochána, it is reasonable to argue that GSOC had an implied power under the 2011 Act. Nevertheless such an interpretation raises a number of concerns.

When the legislature confers powers on any agency to suspend or qualify the individual rights of citizens it should, where possible, not do so by implication. In order to maintain the integrity of the right in issue, the legislature should expressly provide the agency with the power, and be in a position, particularly at debate stage, to justify that power in the light of the right at issue. This ensures that limitations on the right have been reflected upon and considered, better ensuring that any limitations are proportionate, the least restrictive in the circumstances, and apply only so far as is strictly necessary. Catch-all provisions, such as that provided for under section 98 of the Garda Síochána Act 2005, do not facilitate or promote reflection about the rights of citizens in the Dáil.

The second concern relates to clarity around the existence of GSOC’s powers to access data under the 2011 Act. Given the value placed by society on the autonomy of the individual, it follows that our laws should be predictable and certain so as to ensure that each citizen has fair opportunity to know the rules and how they will be applied. While it may be implied that the powers conferred upon An Garda Síochána by section 6 were also conferred upon GSOC, it is significant in this regard that section 12 of the Act, which provides for judicial oversight of compliance by the various agencies with powers under the Act, makes no reference to GSOC as one of the bodies subject to review. The Garda Siochana, the Defence Forces, the Revenue Commissioners and, since 2014, the Competition and Consumer Protection Commission are specifically mentioned. If the legislature intended to confer the relevant powers on GSOC, why did it not specifically reference it in the review provision under section 12 given that it did so with the other agencies? Furthermore, legal commentaries on the 2011 Act in the Annotated Statutes and Bar Review did not refer to GSOC in their interpretations of the agencies conferred with powers under section 6 of the 2011 Act. Such gaps do little to enhance comprehension or conceptual consistency; if lawyers are unsure, how does this sit with the ‘fundamental value’ that citizens “should know, or at least be able to find out, with some considerable measure of certainty, what precisely is prohibited and what is lawful”? 

Given such ambiguity, one wonders whether GSOC sought clarification on its interpretation of s.6 of the 2011 Act, particularly in the light of the rights at stake and its absence from the provision for review under section 12. This requirement of certainty takes on an added resonance when the rules in question provide powers to lawfully curtail the individual rights of citizens. Power conferring laws that suspend or qualify rights should – in order to maintain the integrity of the right in issue – be expressly provided for and justified in each instance, rather than included by in a catch-all provision under the 2005 Act which offers a rather imperfect mandate. The European Court of Human Rights has, for example, noted as far back as 1984 that because the implementation in practice of measures of secret surveillance of communications is not open to scrutiny by the individuals concerned or the public at large, ‘the  substantive  law  itself…must indicate the scope and manner of exercise of any such discretion with sufficient clarity, having regard to the legitimate aim of the measure in question, to give the individual adequate protection against arbitrary interference’. More recently in Shimovolos v Russia (2011), the European Court of Human Rights held that

‘because of the lack of public scrutiny and the risk of abuse intrinsic to any system of secret surveillance, the following minimum safeguards should be set out in statute law to avoid abuses: the nature, scope and duration of the possible measures, the grounds required for ordering them, the authorities competent to permit, carry out and supervise them, and the kind of remedy provided by the national law’.

In addition to promoting clarity, this demand for positive express legislative authorisation, review and justification can serve the important didactic purpose of reminding the power bearer of how seriously the State takes the rights of its citizens.

The third issue relates to legality, and in particular whether the designated judge has jurisdiction to review the exercise of powers by GSOC under the 2011 Act. It is important to note here that the 2005 Act confers the powers, immunities and privileges of membersof An Garda Siochana on designated officers of GSOC. While the 2005 Act specifically equates personnel within the two organisations, at no point in the 2005 Act is GSOC equated with An Garda Síochána. Section 12 can therefore not be read as providing for a review of compliance by GSOC with the terms of the Act by the designated High Court judge. This is significant, and raises issues about the actual existence of an express legal framework for reviewing GSOC’s practices, together with the lawful authority of an overseer to do so.

Aside from the difficulties relating to the protection of rights, clarity and legality, there are also questions to be addressed in relation to the oversight process between 2011 and 2014. It is not clear what oversight existed in relation to the 2011 Act until 2014. The designated judge under section 12 of the 2011Act makes no reference to GSOC in his 2011, 2012 or 2013 reports. It is only in the 2014 report that the designated judge mentions for the first time that he ‘attended the Office of An Garda Síochána Ombudsman Commission’. The report of 2015 also mentions that GSOC was visited. The legitimate question this begs is whether GSOC was using its perceived powers under the 2011 Act prior to 2014, and, if so, what independent oversight was in place in that period. If it was using its powers under the Act between 2011 and 2014, but was not subject to oversight, does this have consequences for information gathered by GSOC during that period?

If, as seems to be the case, powers to access data records were also exercised by GSOC between 2005-2011, the question of whether there was any oversight of the exercise of those powers also looms large. Again there is no reference to oversight of compliance by GSOC in any publically available reports by the designated judge under the 1993 and 2005 Acts in the relevant period. Such practices would also have to be measured against ECHR jurisprudence, which demands at a minimum that oversight mechanisms in respect of surveillance ‘must be vested with sufficient powers and competence to exercise an effective and continuous control over the surveillance’.  In Klass v Germany the ECtHR noted that “[t]he Court must be satisfied that, whatever system is adopted, there exist adequate and effective guarantees against abuse.”

Conclusion

The right to privacy is viewed as a fundamental right that promotes autonomy and human dignity whilst also ensuring democratic freedom of association and expression. If the essence of such a right is to be protected and valued in a society, it requires that any limitations on its exercise should be justified, laid down in clear laws, apply only so far as is strictly necessary, and have robust, continuous, and effective statutory oversight mechanisms. Even from a simple analysis of the legislative process through which powers of surveillance have been conferred on GSOC, it is not clear that the legislature is taking such rights very seriously in Ireland.

Professor Shane Kilcommins and Dr Eimear Spain lecture at the School of Law at the University of Limerick.

GSOC, the legislative process, and the privacy rights of citizens: what is the law?  

Leave a Reply

Your email address will not be published. Required fields are marked *