Lawyers for convicted murderer Graham Dwyer have argued at Europe's highest court that Ireland's legal regime for using the mobile phone data used in his conviction had minimal protections and was contrary to the EU's Charter of Fundamental Rights.
Remy Farrell SC told the European Court of Justice (ECJ) that the general and indiscriminate retention of private mobile phone data in order to prosecute crimes had been deemed impermissible under the Charter.
However, Ireland's Attorney General Paul Gallagher SC argued that the defence of data privacy would end up as a shield against the detection and investigation of the most serious crimes.
He told the general chamber of the ECJ that the ability of law enforcement agencies to use retained data was essential to upholding the values of justice and the rule of law.
This remained the core responsibility of member states, he said, and the inability of the state to fairly discharge its functions would "corrode public faith in our justice system".
Graham Dwyer was convicted in 2015 of the murder of childcare worker Elaine O'Hara in August 2012.
Mobile phone metadata, retained by service providers and accessed by gardaí, played a significant role in his successful prosecution. The data allowed the prosecution to show where Dwyer's mobile phone was at certain crucial times, and which numbers it was in contact with.
The Irish legislation under which the metadata was held was based on a 2006 EU directive on data retention.
However, that directive was struck down in 2014 by the ECJ following a case led by the privacy campaign group Digital Rights Ireland.
The ECJ held that the universal and indiscriminate retention of mobile phone and internet data was a breach of the EU's Charter of Fundamental Rights.
Graham Dwyer then successfully sued the state in the Irish High Court in 2018 on the basis that section 6 of the Telecommunications (Retention of Data) Act 2011, which had been based on the 2006 directive, breached EU law in light of the 2014 ECJ ruling.
His lawyers argued that allowing indiscriminate data retention without adequate safeguards, including prior independent overview of access requests, was contrary to the Charter's fundamental right to privacy.
Elaine O'Hara in August 2012
Last year the state appealed the High Court's decision to the Supreme Court.
The Supreme Court expressed the view that a system of universal, limited, retention of data was not necessarily incompatible with EU law, but that the Irish regime for accessing such a system was not robust enough.
The Supreme Court also held that the High Court ruling in favour of Dwyer should be applied only from the date of the ruling, ie, 2018, and not retrospectively.
That meant that Dwyer would not have been entitled to use the High Court ruling to overturn his murder conviction.
However, the Supreme Court decided to refer this, and other questions, to the ECJ, to see if they were compatible with EU law.
The hearing in that referral got under way today.
The Dwyer case has been joined to a case referred by the German courts relating to the internet services provider SpaceNet AG.
The company has argued that EU data privacy law means it cannot be obliged under German law to store telecommunications traffic data of its internet customers.
The issue is a highly sensitive one for member states and privacy campaigners alike. Fourteen member states, including Ireland, and the European Commission have made submissions in writing.
In this morning's hearing before 13 judges, Remy Farrell SC, representing Dwyer, argued that ECJ case law created the well established idea that general and indiscriminate retention of private mobile phone data should not be permissible as evidence.
In Ireland, the law had meant that the only scrutiny governing garda access to data was by An Garda Síochána themselves, rather than by a judge.
This, he said, was the "most minimal protection possible…" and described the Irish time limit of two years for holding on to metadata as "extreme" and the "outer limit" of what was possible.
Mr Farrell said the Irish police had used Graham Dwyer’s mobile phone, and another phone attributed to him, as "personal tracking devices".
The data showed who he was in contact with and with whom he was in an intimate relationship. Such metadata, he said, can be extremely revealing, even more so that the content of such mobile phone interactions.
He said that late night texts could lead to obvious conclusions, and if a person responded immediately, this could lead to further conclusions. This frequency, he said, can be telling; text messages could "accurately describe the course of a relationship".
Mr Farrell said that while there had been a legitimate distinction between metadata and actual content, content was not necessarily more invasive. Metadata, he said, was more readily amenable to automated analysis.
Mr Farrell told the Luxembourg court: "The act of retention of data is not neutral. Retained data is not inert. Apart from the chilling effect, its very existence invites use."
He said the Irish legislation under which Dwyer was convicted involved the general and indiscriminate use of data, which ECJ case law had shown was incompatible with the Charter of Fundamental Rights.
He argued that Dwyer had not been under any suspicion until after facts came to light through mobile phone data, and that specific conclusions were made about his life.
Mr Farrell argued that any attempt to remove the retrospective nature of the 2018 High Court ruling that the 2011 act was invalid - meaning Dwyer would not be able to use it to overturn his conviction - would essentially amount to permission to allow domestic courts to wholly ignore EU Charter rights, and therefore to act with impunity.
However, the Attorney General Paul Gallagher DG insisted that member states had a duty to protect the life and security of citizens through the judicial use of metadata.
He told the court that Dwyer had cultivated an abusive relationship with Elaine O'Hara through the use of mobile phones, none of which were registered to him.
When she disappeared, so too did the mobile phones, he told the court via video link from Dublin.
He described Dwyer as a "professional family man with no previous convictions". He had done everything in his power to avoid detection, including disposing of the mobile phones.
Mr Gallagher SC told the court that on 13 September 2013 two of the phones used in the relationship had been recovered.
He said the breakthrough in the investigation had been made possible by the availability of retained traffic and location data. Police were able to identify Dwyer as a suspect.
"This metadata played a key role in identifying him and in establishing his guilt beyond a reasonable doubt," Mr Gallagher told the court.
He said it was so often the case in crimes against children and adults that telecommunications were used to groom victims prior to the offence taking place.
He said if the authorities were restricted in their use of such metadata they would be frustrated to the point of impossibility.
Mr Gallagher argued that any attempt to restrict the use of metadata so that it could only be used with targeted groups in mind a priori, or restricted to certain geographical areas, would be impractical, ineffective and discriminatory.
Serious criminals would place themselves beyond the reach of criminal justice, he said.
A Spanish advocate-general of the court who is attending today's hearing will provide a non-binding and independent opinion on the case in a number of months’ time.
Following that, the general court will give the full judgement.
