Advocate General Manuel Campos Sánchez-Bordona said the indiscriminate retention of mobile phone data could only be justified in cases involving national security and could not be justified for the prosecution of offences.
He also signalled that any decision by Ireland’s Supreme Court on the validity of the law under which Dwyer’s mobile phone data was retained and seized would have to be retrospective, meaning it would cover the time period Dwyer was under investigation.
The delivery of the opinion today comes two months after a CJEU hearing in Luxembourg considered important questions about data retention law in the EU.
Although the opinion is not binding on the 15-judge court, more often than not it tends to rule in line with views expressed by the advocate general involved in a particular case.
Questions about the scope of data retention law were referred to the CJEU by Ireland’s Supreme Court and judicial authorities in Germany and France, who have been grappling with similar issues.
The European court will now enter a deliberative phase in the cases, with a ruling expected to be published some time before next March. After this the Supreme Court in Dublin will finalise its judgment in Dwyer’s challenge to Ireland’s data retention law.
The Supreme Court referred questions to the CJEU after Dwyer succeeded in a High Court challenge to the law under which his data was retained and seized.
This data was crucial to proving he was responsible for the disappearance and murder of Dublin childcare worker Elaine O’Hara in 2012.
The High Court found the law, which obliged telecoms providers hold on to customer data for two years, breached EU law as it was general and indiscriminate.
It also found that the system used by gardaí for accessing the data lacked independent oversight from a judge.
Last year the Supreme Court signalled it agreed that the system provided for under the Communications (Retention of Data) Act 2011 did not meet EU standards as there is insufficient independent review of requests for telephone data.
However, it signalled it did not want to apply the decision retrospectively as the 2011 Act was only brought in as a result of a 2006 EU directive, one which was later struck down by the CJEU in 2014 following a case led by the privacy campaign group Digital Rights Ireland.
In his opinion, released this morning, the Advocate General said the general and indiscriminate retention of traffic and location data was justified only by the protection of national security.
He said this did not include the prosecution of offences, including serious offences.
He said that by permitting, for reasons going beyond those inherent in the protection of national security, the preventive, general and indiscriminate retention of traffic and location data of all subscribers for a period of two years, the Irish legislation did not comply with an EU directive on privacy and electronic communications.
The Advocate General also said that, as previously outlined in a CJEU ruling last year in a case called La Quadrature du Net, a national court cannot limit in time the effects of a declaration of illegality of domestic legislation incompatible with EU law.
This signals that the striking down of the Irish law will not just apply from the date of the High Court ruling in 2019, but will have to be retrospective.
Such a finding may have serious ramifications for other cases other than the Dwyer one.
While the opinion is a boost to Dwyer, it is by no means certain he will end up walking free.
Although it appears unlikely, the CJEU’s ultimate finding may differ from the opinion of the Advocate General.
Dwyer will be hoping to use the CJEU finding in a separate appeal against his conviction, which will be heard by the Court of Appeal.
There is Irish case law which may come into play in the appeal which suggests he may ultimately be unsuccessful.
This is a Supreme Court ruling on the exclusionary rule, in a case called JC, where it found that where evidence was obtained in breach of a person’s rights, the evidence can still be deemed admissible if the breach was inadvertent.
The State could argue that the breach was inadvertent as gardaí were simply acting under the law as it was at the time.
The Advocate General’s legal opinion will not be well received by the State.
The CJEU was told by Ireland and other countries at a hearing of its Grand Chamber in September that the ability of member States to retain and use mobile phone data was essential to upholding the rule of law.
Ireland’s Attorney General Paul Gallagher warned judges that serious criminals will be able to put themselves beyond reach if access to such data is significantly curtailed.
However, Dwyer’s counsel Remy Farrell argued the Irish legislation was “extreme”, breached EU law, and that any finding of an Irish court in relation to this should be retrospective.