Readers like you keep news free for everyone.

More than 5,000 readers have already pitched in to keep free access to The Journal.

For the price of one cup of coffee each week you can help keep paywalls away.

Support us today
Not now
Wednesday 4 October 2023 Dublin: 12°C
Laura Hutton/Photocall Ireland Graham Dwyer after being charged in 2013.
# court of justice
EU court rules in favour of Graham Dwyer in privacy case, paving way for murder conviction appeal
Dwyer claims that data gathered from his phone should not have been used at his trial.

LAST UPDATE | Apr 5th 2022, 11:08 AM

THE COURT OF Justice of the EU (CJEU) has ruled that EU law does not support holding data of electronic communications indiscriminately for the purpose of combating serious crime in a case taken by convicted murderer Graham Dwyer today.

Dwyer can use the Supreme Court’s ruling in an appeal against his conviction.

In its ruling, the CJEU confirmed that EU law precludes the general and indiscriminate retention of traffic and location data relating to electronic communications for the purposes of combating serious crime.

It found that Ireland’s Communications Act 2011 is inconsistent with EU law. 

Graham Dwyer pleaded not guilty to the murder of childcare worker Elaine O’Hara in August 2012, but was convicted following a lengthy trial in March 2015 and subsequently sentenced to life in prison.

He then launched a case against the Garda Commissioner and the Minister for Communications claiming that data gathered from his phone should not have been used at his trial.

The metadata, which was generated by Dwyer’s work phone, placed the device at specific places at particular times and dates, and was crucial to his conviction of Elaine O’Hara’s murder.

The use of the data, Dwyer claimed, was unconstitutional and breached his rights under the EU Charter and the European Convention on Human Rights, including his right to privacy.

Dwyer successfully challenged the law under which his data was retained and seized in the High Court in 2018, an outcome the State appealed to the Supreme Court.

The Supreme Court then referred the State’s appeal to the European court.

The Supreme Court was obliged to refer a number of questions to the European court because the case relates to European law, specifically data retention.  

Six questions, which are each quite technical, were referred by the Supreme Court to the CJEU. 

They included whether a system of universal retention of certain types of metadata for a fixed period of time is never permissible irrespective of how robust any regime for allowing access to such data may be.

The CJEU also considered the issue of the proportionality of any such retention system.

In a press release, the Court outlined that the EU’s privacy and electronic communications directive “does not merely create a framework for access to such data through safeguards to prevent abuse, but enshrines, in particular, the principle of the prohibition of the storage of traffic and location data”.

“The retention of traffic and location data thus constitutes, in itself, first, a derogation from the prohibition of the storage of those data, and, second, an interference with the fundamental rights to the respect for private life and the protection of personal data, enshrined in Articles 7 and 8 of the Charter,” it said.

Advisory opinion

Last November, the court’s Advocate General Campos Sánchez-Bordona delivered an advisory opinion with regard to the case. 

In his opinion, Sánchez-Bordona argued that the storage of electronic communications data must be targeted, because of the serious risk entailed by their general storage.

He said that “in any event, access to that data entails a serious interference with fundamental rights to private and family life and the protection of personal data, irrespective of the duration of the period for which access to those data is requested”.

“By permitting, for reasons going beyond those inherent in the protection of national security, the preventive, general and indiscriminate retention of traffic and location data of all subscribers for a period of two years, Irish legislation does not therefore comply with the Directive on privacy and electronic communications,” he stated in his opinion.

Moreover, access by the competent national authorities to retained data does not appear to be subject to prior review by a court or an independent authority, as required by the case-law of the court, but to the discretion of a police officer of a certain rank.

The ruling of the CJEU will have to be accepted by the Supreme Court and could have an impact on criminal convictions both here and elsewhere in the EU.

Dwyer can use the Supreme Court’s ruling in his appeal against his conviction, which is currently before the Court of Appeal, to argue that evidence obtained from this data should not have been allowed to enter into evidence.

The Court of Appeal must then decide whether or not his conviction was dependent on the phone evidence.

Irish legislation inconsistent with EU law 

The relevant Irish law to the ruling is the Communications Act 2011, which covers retention of data that was generated or processed via publicly available electronic communications services.

The CEUJ ruling found that the 2011 Act is inconsistent with EU law.

It will be up to the Irish court system now, not the EU, to decide how it will use that information to determine whether the evidence was admissible.

In a press briefing following the judgment, a spokesperson for the CEUJ told reporters that it “is understood that admissibility of evidence is something that is part of the procedural autonomy of a member state”.

“That is, what the court is saying is it is up to the member states to regulate what is admissible and what is not,” the spokesperson said.

“We cannot, therefore, because the EU law does not, tell a member state, ‘that is admissible, that is not’.

“This judgement is an interpretation upon request of the Supreme Court.

In its questions to the CEUJ, the Irish Supreme Court “stated it recognises that the question of admissibility of evidence in a criminal trial is a matter of national law” but that “the exclusion of evidence in a trial is a matter for the court of trial and the criminal appellate process”.

The CEUJ spokesperson said:

The main crux of this case is that the Irish Act of 2011 is inconsistent with EU law.
We are telling the Supreme Court, yes, the High Court was correct when it said that the Act of 2011 is inconsistent with EU law.Now, what consequences to draw from that it’s up to the Supreme Court.”

Additionally, the CEUJ outlined instances where it is possible to retain data to fight serious crime.

“It gave a hand, let us say, to investigative authorities and national laws that assist
investigative authorities by specifying what you can do at law to retain certain data, when you can do it and how you can do it,” the spokesperson said.

“That is a development on what we have had before.”

Those circumstances are:

  • the targeted retention of traffic and location data which is limited, according to the categories of persons concerned or using a geographical criterion
  • the general and indiscriminate retention of IP addresses assigned to the source of an internet connection
  • the general and indiscriminate retention of data relating to the civil identity of users of electronic communications systems
  • and the expedited retention (quick freeze) of traffic and location data in the possession of those service providers.

Additional reporting by Lauren Boland