Jack Murphy* was suspicious. His ex-girlfriend, Eve Doherty, seemed to know a lot about who he was calling.
His suspicions were merited. Doherty had been using her job in the Irish police force to access his phone records, an investigation by the local judiciary revealed. Doherty was disciplined and transferred in 2011.
Three years later, in 2014, the European Court of Justice (CJEU) ruled that the Irish law that forced telcos and internet service providers to hang on to traffic and location data was contrary to EU law, and so was the EU directive it was based on. The data retention regime allowed government agencies to access citizens’ data in ways that violated their privacy — like what Doherty was doing when she accessed those phone records of her ex-boyfriend.
And yet, the risk of similar cases — of police officers overstepping their powers to access phone records — still lingers today.
The landmark 2014 ruling was followed by a bevy of subsequent judgments from the EU’s highest court that reinforced its message to stop blanket data retention. But it didn’t stop Ireland from keeping its mass surveillance of phone and internet data, including who you call and where you are, largely intact.
“In Ireland, we’ve been in a period of lawlessness, at least since 2001,” said TJ McIntyre, chair of Digital Rights Ireland, the non-profit organization whose legal complaint brought down the EU Data Retention Directive in the landmark 2014 case.