Help Support Cork Safety Alerts – Donate the price of a coffee here via Stripe:

  • Proposed legislation will allow Ireland to fulfil commitments under Budapest Convention, EU E-evidence Regulation and EU Terrorist Content Online Regulation
  • Modernised legislative basis for Gardaí to seize potential digital evidence, subject to privacy safeguards

Minister for Justice Helen McEntee and Minister of State James Browne have secured Government approval for the drafting of new legislation which will permit Gardaí to swiftly access criminal evidence in digital form.

Government have today approved the General Scheme of the Criminal Justice (Protection, Preservation and Access to Data on Information Systems) Bill 2024, which will allow law enforcement authorities like An Garda Síochána to request the preservation and production of data being held on IT systems controlled by internet service providers in order to investigate and tackle crime. The General Scheme will now be referred to the Joint Oireachtas Committee on Justice for pre-legislative scrutiny.

Making the point that “preservation and production orders” provide a modern law enforcement tool more suitable for obtaining digital evidence than traditional search and seizure measures, Minister McEntee said:

“The Criminal Justice (Protection, Preservation and Access to Data on Information Systems) Bill 2024 will mark a significant step forward in tackling crime that operates in the online space. Traditional search and seize legislation was drafted to target physical spaces and objects. It pre-dates the technological evolution seen in recent years where much of human, and in turn criminal, activity is taking place in the virtual space and with the footprints of this activity accessible often only on private cloud infrastructures.

The measures in the Bill provide comprehensive, modern tools for law enforcement agencies like An Garda Siochana to access online evidence easily and efficiently while ensuring individuals’ privacy rights are respected. The Bill will also be a key element of the Government’s vision for a modern, cohesive and well – resourced regulatory system for the digital economy.

The proposed legislation will give effect to a range of measures contained in international agreements Ireland is party to, all relating to tackling crime with an online element. These include the Council of Europe Budapest Convention on Cybercrime, the EU E-evidence Regulation [(EU) 2023/1543] and the EU Terrorist Content Online Regulation [(EU) 2021/784].

Giving reassurance that the measures proposed will be subject to the necessary privacy safeguards including judicial authorisation, Minister James Browne said:

“I am very pleased that the Government has supported the general approach to the preparation of this important legislation which will ensure An Garda Síochána has the requisite tools to police in the digital age.

Ireland is uniquely positioned as the EU base of a significant number of internet service providers. This means that we have a key role in terms of our enforcement of EU measures aimed at tackling crime and terrorism that online services can facilitate. This Bill displays our commitment to implementing these measures and cooperating with authorities throughout the EU in pursuit of those aims. It will also ensure we continue to meet our international obligations and support the goal of Ireland being a centre of regulatory excellence for the digital economy, which is a key Government objective.”

The proposed Bill will expand on the State’s current domestic production/preservation order regime to cover a broader range of data categories and will contain appropriate jurisdictional provisions to deal with material held in the Cloud.

It also provides measures to help facilitate the EU-wide system envisioned by the aforementioned E-evidence Regulation, whereby Irish authorities can request data controlled by internet service providers based in other EU states and authorities in other EU states can do the same with respect to data controlled by Irish-based service providers.

The scheme will designate District Court judges as the Irish issuing authority for outgoing Irish orders.

The legislation will also give Coimisiún na Meán powers to sanction service providers for non-compliance with the EU Terrorist Content Online Regulation, which provides an EU wide mechanism for the rapid removal of online terrorist content.

Notes for editors

The Bill will address implementation of certain measures arising from the:

  • The 2001 Council of Europe Budapest Convention on Cybercrime (the Budapest Convention)
  • Regulation (EU) 2023/1543 of 12 July 2023 on European Production and Preservation Orders for electronic evidence in criminal proceedings and for the executionof custodial sentences following criminal proceedings (the E.U. E-evidence Regulation)
  • Regulation (EU) 2021/784 on addressing the dissemination of terrorist content online (the TCO Regulation)

Part 1 (Heads 1-3) deals with standard legislative provisions.

Part 2 (Heads 4-11) gives effect to certain provisions of the 2001 Budapest Convention. A significant number of requirements of the Convention have already been met by the Criminal Justice (Offences Relating to Information Systems) Act 2017. The General Scheme aims to give effect to remaining Articles of the Convention, other than 4 Articles relating to interception powers which will be addressed in other legislation being prepared by the Department. The provisions involve the expansion of Ireland’s regime of “preservation orders” and “production orders”, whereby Irish law enforcement authorities can request a court to approve data being held on IT systems controlled by Irish-based internet service providers.

Part 3 (Head 12) relates to one aspect of the EU E-evidence Regulation which will have direct effect in Irish law from August 2026. It identities the Irish authority (District Court judges) that will issue what are referred to as European Production Orders and European Preservation Orders – orders issuing from one member state requiring the preservation and/or the production of data being held on IT systems controlled by internet service providers based in another EU member state.

Part 4 (Head 13) deals with one aspect of the EU TCO Regulation which came into effect on 7 June 2022. This Regulation provides a mechanism for the issuing of EU – wide orders requiring service providers to remove terrorist content within a very short timeframe. The Regulation requires the imposition of sanctions on service providers who do not comply, and designation of a national body to oversee the imposition of these sanctions. Primary legislation is required to give necessary powers to a national body to issue financial penalties. It has been agreed that Coimisiún na Meán should be designated as the body to do this, and this Head amends the Online Safety and Media Regulation Act 2022 to provide it with the necessary powers.