D I G I T A L R I G H T S I R E L A N D L T D .

REGISTERED NUMBER 410355



REGISTERED OFFICE: 10 CASTLE HILL, BENNETTSBRIDGEROAD, KILKENNY



EMAIL: INFO@DIGITALRIGHTS.IE

DIRECTORS: TJ MCINTYRE, COLM MACCARTHAIGH, ANT

OIN O’LACHTNAIN

Mr. Billy HawkesData Protection CommissionerCanal HouseStation RoadPortarlingtonCo. Laoisvia post and emailSaturday, 26 March 2011

Re: Garda Proposals for Internet Blocking and Monitoring of Internet Use

Dear Mr. HawkesIt has recently emerged that the Garda Síochána has written in private to Irish internet serviceproviders asking them to put in place a system of internet blocking of sites which are allegedto contain child pornography, and a copy of one such letter is enclosed.While well intentioned, such systems raise significant privacy and data protection issueswhich have not been addressed, particularly as what is envisaged is a purely self-regulatorysystem with no legislative basis or judicial oversight.As you are already aware, the European Data Protection Supervisor recently considered theissues presented by blocking systems in his opinion of 10 May 2010 on the proposal for aDirective of the European Parliament and of the Council on combating the sexual abuse,sexual exploitation of children and child pornography, repealing Framework Decision2004/68/JHA. In that opinion, he noted that

“

appropriate safeguards are needed to ensure thatmonitoring and/or blocking will only be done in a strictly targeted way and under judicialcontrol, and that misuse of this mechanism is prevented by adequate security measures

”

. In thiscase

, however, no such controls are proposed.

Page

Indeed, one particularly unusual feature of the Garda proposals seeks to monitor internet usewithout any legislative basis whatsoever. Although acknowledging that a

“

customer may haveaccessed a [blocked] site inadvertently

”

the proposals go on to request that in such cases ISPsshould provide

“

details of other websites visited by the user, along with other technicaldetails

”

.As you know, disclosure of such information would not be permitted under theCommunications (Retention of Data) Act 2011 and indeed the disclosure of browsinghistories without Ministerial approval would appear to be an offence under section 98 of thePostal and Telecommunications Services Act 1983. It is, therefore, quite remarkable thatdisclosure of this information is being sought on an entirely non-legislative basis and withoutany reference to the legislation which is already in place in this area.Such disclosure would also give rise to very serious data protection concerns, particularly asit is very often possible to identify users based on details of the URLs which they havevisited, and the other

“

technical details

”

sought will make identification easier again.It should also be noted that the designation of URLs to be blocked itself gives rise tosignificant data protection issues. Domain names or URLs often identify individuals. In somecases

–

e.g. www.EndaKenny.ie or www.example.com/users/JohnDoe

–

the domain name orURL on its own will identify an individual. In other cases, the publicly available WHOISinformation will identify the owner of a domain.Consequently, a decision to block a particular domain name or URL can amount to a veryserious accusation indeed against an identifiable individual. This is particularly so given thatvisitors to that domain name or URL will be presented with a

“

STOP page

”

stating that thispage

“

has been documented by the Garda Síochána as having been used in the distribution of material depicting the sexual abuse of children

”

. If, for example, a user tries to accesswww.example.com/users/JohnDoe and is presented with such a page, it is very likely thatthey will infer that John Doe has been involved in the distribution of child pornography.In summary, therefore, it appears to Digital Rights Ireland that the Garda proposals forblocking present very serious data protection issues and we would request that before any