An opinion published by an adviser to Europe's top court has boosted the case taken by convicted murderer Graham Dwyer over the retention and accessing of his mobile phone data.
If the Court of Justice of the European Union (CJEU) follows the opinion published by a Spanish advocate general it could have serious implications for the investigation of serious crime across Europe.
It would also mean a High Court ruling that the State breached EU law in the way it retained and accessed Dwyer's data would be upheld by the Supreme Court.
The opinion, published this morning, makes it clear that existing European case law does not allow a general and indiscriminate retention of mobile phone metadata.
The opinion by the Advocate General reiterates that such retention is permitted only in the event of a threat to national security and not for the investigation of crime.
The questions to the Court of Justice were referred by the Supreme Court in an appeal taken by the State against a High Court decision that the legislation used to retain and access mobile phone data in Dwyer's prosecution breached EU law.
The State argued the existing European law was unclear. But the Advocate General today said the answers to all the questions are already in the court's case law or can be inferred from them without difficulty.
In his opinion, the Advocate General said the general and indiscriminate retention of such data is justified only by the protection of national security and does not include the prosecution of serious offences.
The Irish legislation which allowed for data to be retained for two years, did not comply with EU law he said.
And he said access to such data was not subject to prior review by a court or independent authority as required by EU law.
In a further blow to the arguments put forward by the State, the Advocate General also expressed the view that a national court cannot decide to limit the effect of a declaration that domestic legislation breaches EU law to future cases only.
This means the breach would have retrospective effect, a point that would be of assistance to Dwyer in his appeal against his conviction.
In his opinion on a linked case referred by the German courts, the Advocate General decided that even imposing a strict limit on the amount of time data can be held for, did not deal with the issue. He said the storage of such data must be targeted.
This opinion is non-binding although legal sources say the court tends to follow it, in the majority of cases.
A full decision of the court is not expected until next year. It will then be sent back to the Supreme Court to make a final ruling on the Dwyer case.
It will ultimately be up to the Court of Appeal to hear arguments and decide if the mobile phone data should have been admitted in Dwyer's trial. It remains to be seen what impact if any this will have on his murder conviction.
Dwyer was convicted in 2015 of the murder of Elaine O'Hara in August 2012.
Mobile phone metadata retained by service providers and accessed by gardaí played a significant role in the trial. The data allowed the prosecution to show where Dwyer's phone was at certain crucial times and who he was in contact with.
Gardaí were able to access this information under laws brought in, in 2011, on foot of a European Directive.
That directive was struck down in 2014 by the CJEU following a case led by the privacy campaign group Digital Rights Ireland.
Dwyer argued the evidence gleaned from the data should not have been admissible at his trial.
In 2018, he won a significant victory in the High Court which ruled the legislation breached EU law, as it allowed for general and indiscriminate retention of data and there was no independent oversight of the system of accessing it.
The State appealed and the Supreme Court provisionally found that a system of universal retention of data was not necessarily incompatible with EU law. But it held the Irish regime for accessing the data was not robust enough.
The Supreme Court also expressed the view that these findings should be applied only from the date of the High Court decision and not retrospectively.
However, it referred these issues to the European Court for clarity on the position under EU law. Lawyers for the State had argued that the court's current position was not clear.
The Supreme Court asked the Court of Justice to clarify whether a general regime of data retention is incompatible with EU law, even where there are stringent restrictions on access.
It also asked if a national court has to declare national legislation invalid, if it finds such legislation necessary to combat serious crime. And it asked if a national court could decide not to make such a finding retrospective if it would lead to chaos and damage to the public interest to do so.
At a hearing before a grand chamber of 13 judges of the court in Luxembourg in September, lawyers for the State argued that the ability of law enforcement agencies to use retained data was essential to upholding the values of justice and the rule of law.
Attorney General Paul Gallagher argued that the mobile phone metadata in the Dwyer case played a key role in identifying Dwyer as a suspect and establishing his guilt beyond a reasonable doubt.
He also pointed out that telecommunications were often used to groom vulnerable victims of crime, including children, before an offence took place.
If authorities were restricted in their use of such metadata they would be frustrated to the point of impossibility he argued.
Lawyers for Dwyer said the gardaí had used Dwyer's phone and another phone attributed to him as personal tracking devices. Senior Counsel Remy Farrell argued the Irish legislation in place at the time of the investigation into the murder, allowing data to be retained for two years, was "extreme" and breached EU law.
He also told the European Court that if there was an attempt to remove the retrospective nature of the High Court ruling in his favour, this would essentially amount to permission to allow domestic courts to ignore EU charter rights and act with impunity.
The balancing of privacy rights with the ability of member states to retain data and access it to investigate crime has become a sensitive one in EU law. Fourteen member states and the European Commission as well as the European Data Protection Supervisor made submissions on the case.
The Dwyer case was joined to a case referred by the German court relating to the internet services provider, SpaceNet AG, which has argued it cannot be obliged to store the data of its customers.
The court's final judgment will be binding on all EU member states and will go back to the Supreme Court which will have to take account of it in its ultimate ruling on the matter.
The Supreme Court's decision on the retention and accessing of Graham Dwyer's data will play a part in his appeal against his conviction, which almost seven years on, has yet to be heard.
But it will be up to the Court of Appeal to hear arguments and make a final decision on whether or not the mobile phone data should have been admitted in Dwyer's trial and whether the issue will have any effect on his murder conviction.
