The Criminal Justice (Offences Relating to Information Systems) Act 2017 introduced substantive law provisions as required by the Budapest Convention on Cybercrime.

The same Act provides for the procedural powers of search, while the Criminal Justice Act 2011 also provides for judicial orders requiring the production of documents or information that relates to a criminal investigation.

Additional provisions exist in the Communications (Retention of Data) Act 2011 around the retention and production of certain online data by service providers. However, powers to order the production and the preservation of data seem too limited and are the subject of ongoing legal challenge, both in Ireland and across the EU.

Implementation of full suite of procedural powers compliant to the Budapest Convention is underway.

Criminal Justice (Offences Relating to Information Systems) Act 2017 criminalizes the following offences:

• Accessing information system without lawful authority, etc.
• Interference with information system without lawful authority
• Interference with data without lawful authority
• Intercepting transmission of data without lawful authority
• Use of computer programme, password, code or data for purposes of section 2, 3, 4 or 5

The Criminal Justice (Theft and Fraud Offences) Act 2001 contains some relevant provisions in terms of forgery and fraud offences, while the Child Trafficking and Pornography Act 1998 and Copyright and Related Rights Act 2000 address relevant content-related offences extensively.

The general power to preserve data arises from the warrant authorising its seizure in the first place. In addition, where the data arises from the search of a system or device which has been seized under warrant or the lawful search of an arrested person, the data may be preserved where there is reason to believe it is evidence of a criminal offence. The preservation of data by a service provider on behalf of law enforcement is subject to mutual agreement and the eventual submission of a disclosure request by the LEA involved.

There are a number of provisions in Irish legislation relating to production orders (issued by a court) for evidential material. These include section 52 of the Criminal Justice (Theft and Fraud Offences) Act 2001 (theft and fraud offences), section 63 of the Criminal Justice Act 1994 (drug trafficking, terrorist financing, indictable offences, international crimes, and asset confiscation) and section 15 of the Criminal Justice Act 2011 (specified white collar offences, and system/data interference offences).

The Communications (Retention of Data) Act 2011 requires providers of electronic communications services to retain certain non-content data for a period of time. This is an obligation to proactively retain data, as distinct from a requirement to preserve data in response to a law enforcement request. A member of An Garda Síochána not below the rank of Chief Superintendent may issue a request to a service provider requiring disclosure of the data above where he/she is satisfied that it is required for: a. the prevention, detection, investigation or prosecution of a serious offence carrying a penalty of five or more years' imprisonment b. the safeguarding of state security c. the saving of a life. The permissibility of data retention is being considered by the Court of Justice of the European Union and may require amendments to Irish law in this area.

Section 7 of the Criminal Justice (Offences Relating to Information Systems) Act 2017 introduces specific powers of search and seizure. It also introduced a power to operate any computer system or require any person at the location to provide access codes or keys to the system, or to make its contents legible. The Section 7 warrant under the Child Trafficking and Pornography Act 1998 makes no specific reference to computers or computer data but does provide for the search and seizure of anything which may be evidence of or relating to an offence of child pornography. Similarly, a warrant under section 10 of the Criminal Justice (Miscellaneous Provisions) Act 1997 provides for the search and seizure of any place and thing which may be evidence of the commission of a serious offence. This includes any offence of sexual exploitation of a child under the Criminal Law (Sexual Offences) Act 2017, including those committed online.

The Constitution of Ireland sets out the protections which apply to a citizen's fundamental rights. Some of those rights are directly enumerated, such as privacy, while others are unenumerated, such as the right to freedom of expression. However, the courts have consistently held that such unenumerated rights, including those set out in the European Convention on Human Rights, are inherent in Article 40 of the Constitution.

As a signatory, Ireland is bound by the European Convention on Human Rights, as transposed into Irish law by the European Convention on Human Rights Act 2003, which guarantees under Article 8 that all persons have a right to respect for their private lives, which shall not be interfered with by government or other authority save in accordance with the law and in the interests of public safety or national security, or for the prevention of crime or the protection of health, morals or the rights and freedoms of others.

Similarly, Article 10 of the European Convention on Human Rights asserts that all persons have a right to freedom of expression, including the right to hold opinions without interference from the state, subject to similar restrictions as above for Article 8. The Irish state recognises it obligations to uphold those rights, and An Garda Síochána, in the exercise of its policing duties, strives to protect and respect those individual rights.

Criminal Justice Act, 1994

Criminal Justice (Miscellaneous Provisions) Act, 1997

Child Trafficking and Pornography Act, 1998

Copyright and Related Rights Act, 2000

Criminal Justice (Theft and Fraud Offences) Act, 2001

Communications (Retention of Data) Act 2011

Criminal Justice Act 2011

Criminal Justice (Offences Relating to Information Systems) Act 2017

Criminal Law (Sexual Offences) Act 2017

The Minister for Justice and Equality is the central authority for mutual legal assistance and, in this regard, is responsible for receiving and ensuring the execution of incoming requests. In practice, the Minister's functions are carried out by civil servants in the Department's Criminal Mutual Assistance and Extradition Division. Division personnel (who are not prosecutors, lawyers or police) determine if a request is lawfully made, assess the relevance of evidence sought, establish whether there is dual criminality, pursue enquiries with the service provider, direct police to obtain a production order/search warrant etc. and generally deal with the requesting authorities. The division's personnel are not involved in the investigation and prosecution of domestic offences.

Sources:

http://data.consilium.europa.eu/doc/document/ST-7160-2017-REV-1-DCL-1/en/pdf

Mutual assistance is covered by the Criminal Justice (Mutual Assistance) Act 2008 which provides for the enactment of international agreements between Ireland and other countries on mutual assistance in criminal matters including the issue of cybercrime.