On 15 January 2016 the Government introduced the long awaited Criminal Justice (Offences Relating to Information Systems) Bill 2016. The purpose of the Bill is to give effect to the provisions of Directive 2013/40/EU of 12 August 2013 on attacks against information systems (the deadline for transposition of which was August 2015).
Currently, the law on cybercrime in Ireland is contained across a number of legislative acts, namely the Criminal Damage Act, 1991 (the “1991 Act”), the Criminal Justice (Theft and Fraud Offences) Act, 2001 (the “2001 Act”), and the Criminal Justice Act 2011 (the “2011 Act”). Apart from the 2011 Act, which was introduced for particular purposes in support of An Garda Síochána (the national police force) investigations, the substantive law in Ireland, set out in the 1991 Act and 2001 Act is elderly, contains notable omissions and is seldom used as the basis for prosecution. The substantive law has been discussed previously.
The 2011 Act was introduced primarily to facilitate Garda access to information and documentation in the course of an investigation. While it is an effective piece of legislation (which is the subject of previous discussion) it is largely procedural in nature. Consequently, it has been fifteen years since legislation was enacted which addressed cybercrime specifically, or any substantive offences in the area were introduced. In the context of the technological developments of the last 15 years, the Bill is necessary to update the law in the area and aims to offer greater protection to modern information and communication systems.
This article sets out a brief summary of the more noteworthy provisions of the Bill. Subsequent articles will discuss the substantive provisions of the ultimate Act, including any noteworthy changes to the text of the Bill. We discuss the status of the Bill below.