An Garda Síochána has defended its practice of retaining files on people who have been cleared of producing or sharing child sexual abuse material.

The Irish Council for Civil Liberties (ICCL) had accused gardaí of unlawfully retaining data such as email addresses and screen names even after the people involved had been cleared of any wrongdoing.

The US National Center for Missing and Exploited Children (NCMEC) forwards information about suspected child sexual abuse material, and the people who share it, to law enforcement agencies around the world, including An Garda Síochána.

Between 2017 and 2021, gardaí received more than 21,000 referrals from NCMEC.

The ICCL said that of the reports sent by NCMEC to Ireland in 2020, gardaí verified that more than 11% of them, 471 referrals, were not child sex abuse material and may have been something innocent like a picture of a child on a beach.

The ICCL said that despite clearing the people concerned, An Garda Síochána did not delete their data.

In a statement to RTÉ News, An Garda Síochána said that data from NCMEC is held in a segregated database only accessible to a specialist unit within the Garda National Protective Services Bureau (GNPSB) tasked with assessing the referrals.

"In cases where no criminal offence is identified following a review of material referred to An Garda Síochána for investigation, no crime incident records are created," according to the statement.

"This means there is no impact on any person referenced in that data, and no references to them as suspects or victims."

Gardaí say there is a rationale for the continued segregated retention of the original referral data.

The reasons cited include quality assurance and accountability for the actions taken and decisions made by the investigating members in respect of the referral.

Gardaí say the data is also retained as reference and intelligence material in respect of future investigations in the event that additional information is referred to An Garda Síochána concerning the data subjects.

Gardaí say they also have to comply with the provisions of other legislation, including but not limited to the National Archives Act.

The ICCL said the practice is leading to innocent people being kept in a net of surveillance and suspicion with no cause.

"This has implications for people's right to privacy, data protection and presumption of innocence," said Olga Cronin of the ICCL.

"An Garda Síochána is retaining the personal data of people incorrectly flagged as suspects, in some situations for merely taking pictures of their kids on a beach. This is at odds with data protection law," Ms Cronin said.

NCMEC refers suspected child sexual abuse material to law enforcement agencies after receiving reports from providers, such as Facebook or Google, who currently scan messages and emails on a voluntary basis.

The ICCL is releasing these figures as part of a position paper from the European Digital Rights (EDRi) network which expresses concerns about a newly-proposed EU law aimed at combating child sexual abuse.

Privacy rights campaigners say the proposed rules would mandate the monitoring of public and private digital communications.

Speaking on RTÉ's Morning Ireland, ICCL Executive Director Liam Herrick said there are concerns that "false positives" are being caused as a result of information exchange between An Garda Síochána and the US National Center for Missing and Exploited Children.

He said the ICCL wrote to An Garda Síochána last year and was told the force received more than 4,000 referrals in in 2020 and 11% of that information was categorised as "completely innocent".

Mr Herrick said the question is what happens these innocent referrals afterwards, adding that "it would seem" that gardaí retain that information.

"Obviously, everybody wants to take the strongest possible measures to deal with child sexual abuse material but the concerns have been raised, that there might be false positives, material might be flagged as child sexual abuse material that's innocent," he said.

Mr Herrick added that there is no indication that anyone would be contacted if their information falls into the innocent category, which throws up a number of serious questions.

"First of all, there seems to be a really serious problem with false positives under this international system. And that indicates it's an inefficient system carrying a whole lot of risks," he said.