Ireland Recording Laws: One-Party Consent, GDPR, and 2025-2026 Updates

Ireland applies a one-party consent rule to telephone call recording: a party to any traditional call may record it without notifying the other, under the Interception of Postal Packets and Telecommunications Messages (Regulation) Act 1993. GDPR and the Data Protection Act 2018 impose additional obligations whenever a recording captures personal data.

What Is Ireland's Recording Consent Standard?

Ireland operates under a one-party consent framework for recording traditional telephone calls. Under the Interception of Postal Packets and Telecommunications Messages (Regulation) Act 1993, a telephone conversation may be legally recorded as long as one party to the call consents to the recording.

The Act defines "interception" as "listening or attempted listening to, or the recording or attempted recording, by any means, in the course of its transmission, of a telecommunications message." The Act then excludes from that definition any situation "where either the person on whose behalf the message is transmitted or the person intended to receive the message has consented."

In plain terms: if you are a party to a telephone call in Ireland, you can record it without telling the other person. The other party does not need to know about or agree to the recording for it to be lawful under the 1993 Act.

This one-party consent rule applies only to traditional telephone calls transmitted through telecommunications networks. The Act was written in 1993, long before modern internet-based communication tools existed, and its statutory scope has not been updated to reflect them.

For context, Ireland's rule differs from some other common-law countries. The United Kingdom follows the same one-party consent model under the Regulation of Investigatory Powers Act 2000. Across the EU, many member states impose stricter requirements. Within Ireland, the broader constitutional right to privacy (Article 40.3 of Bunreacht na hEireann) and GDPR overlay the statutory one-party consent framework and create additional obligations when recorded data is used beyond the personal sphere.

The 1993 Interception Act: Scope and Limits

The Interception of Postal Packets and Telecommunications Messages (Regulation) Act 1993 has two primary functions. First, it creates the lawful framework for state interception (ministerial warrant system for An Garda Siochana and Defence Forces). Second, it implicitly establishes one-party consent as the dividing line between lawful and unlawful private recording of telephone calls.

What the Act Covers

The 1993 Act governs "telecommunications messages" as defined by reference to the Postal and Telecommunications Services Act 1983. That 1983 definition was written before the commercial internet existed, covering messages transmitted through traditional public switched telephone network (PSTN) infrastructure.

What the Act Does NOT Cover

The 1993 Act does not apply to:

• WhatsApp voice and video calls
• Zoom meetings and webinars
• Microsoft Teams calls
• FaceTime audio and video calls
• Skype conversations
• Discord voice channels
• Any other internet-based calling platform

These platforms transmit data over the internet through packet-switched networks rather than through traditional telecommunications infrastructure. They fall outside the statutory definition of "telecommunications message."

The Foundational Criminal Provision: Section 98

The underlying criminal offence is not in the 1993 Act itself but in Section 98 of the Postal and Telecommunications Services Act 1983. That section makes it a criminal offence to intercept a telecommunications message without authorisation. The 1993 Act then creates the authorisation framework, meaning that recording with one-party consent is lawful because the recorder is a party to the message and thus not "intercepting" it without consent.

The landmark case of Kennedy and Arnold v. Ireland [1987] IR 587 established that unlawful telephone interception violates the constitutional right to privacy guaranteed by Article 40.3. In that case, two journalists whose phones had been tapped on ministerial orders were awarded damages by the High Court. Mr Justice Hamilton held that the State's action was "an attack on their dignity and freedom as individuals and cannot be tolerated in a democratic society." This ruling preceded the 1993 Act and was a direct catalyst for its enactment.

The VoIP and Internet Call Gap

One of the most significant gaps in Irish recording law involves Voice over Internet Protocol (VoIP) calls and internet-based communications. Because the 1993 Act's statutory scope is tied to the 1983 PSTN definition, it does not extend to modern internet communications.

What This Means in Practice

There is no specific Irish statute that directly addresses whether recording a VoIP call requires one-party consent, two-party consent, or no consent at all. Recording internet-based calls falls into a legal gray area governed primarily by GDPR, the Data Protection Act 2018, and constitutional privacy rights.

The Irish government has acknowledged this gap. A proposed Communications (Interception and Lawful Access) Bill aims to replace the 1993 Act entirely and extend lawful interception powers to "all forms of communications," including over-the-top and encrypted services. The Minister for Justice has committed to bringing proposals to Government once a review of the 1993 Act concludes. As of May 2026, no firm enactment date has been announced.

Until new legislation is enacted, any person recording a VoIP call they are party to should treat the recording as personal data processing and comply with GDPR Article 6 requirements.

In-Person Conversation Recording

The 1993 Interception Act applies exclusively to telecommunications messages in transmission. It does not govern in-person conversations, meetings, or face-to-face discussions.

Legal Status of Recording In-Person Conversations

Irish law does not contain a specific statute that criminalises recording an in-person conversation you are part of. However, several legal frameworks come into play:

Constitutional Right to Privacy: Article 40.3 of the Irish Constitution (Bunreacht na hEireann) protects an unenumerated right to privacy. Courts balance this right against competing interests on a case-by-case basis.

GDPR and the Data Protection Act 2018: Recording someone captures their personal data (voice). The Data Protection Act 2018 and GDPR require a lawful basis for processing personal data under Article 6.

Harassment Laws: Under Section 10 of the Non-Fatal Offences Against the Person Act 1997, persistent recording of another person could constitute harassment if it interferes with their peace and privacy. Penalties reach up to 7 years imprisonment on indictment.

Recording Meetings You Attend

If you attend a meeting in person, no specific Irish law prevents you from recording it. However, the recording may raise data protection concerns depending on what you do with it afterward. Using it for purely personal purposes may fall under the GDPR "household exemption," but sharing, publishing, or using it commercially triggers full GDPR compliance obligations.

GDPR and the Data Protection Act 2018

The General Data Protection Regulation (GDPR) applies directly in Ireland and works alongside the Data Protection Act 2018. Together, they create a comprehensive framework governing how recorded personal data must be handled.

Lawful Basis for Recording Under GDPR Article 6

Any recording that constitutes "processing of personal data" requires one of six lawful bases:

1. Consent of the recorded individual
2. Contractual necessity (e.g., recording to fulfill a service agreement)
3. Legal obligation (required by law to record)
4. Vital interests (protecting someone's life)
5. Public task (exercising official authority)
6. Legitimate interests (balanced against the recorded person's rights)

For personal telephone call recording where you are a party, the "household exemption" in GDPR Article 2(2)(c) may apply if the recording is for "purely personal or household" purposes. The Data Protection Commission (DPC) interprets this exemption narrowly.

Data Subject Rights

A person whose voice has been recorded holds significant rights under GDPR:

• Right to be informed that recording is taking place
• Right of access to the recorded data
• Right to erasure ("right to be forgotten") in certain circumstances
• Right to object to the processing of their personal data
• Right to lodge a complaint with the DPC

The Household Exemption

The DPC has clarified that the household exemption covers recording "in the course of a purely personal or household activity." This exemption is construed narrowly. If a recording covers public spaces or is shared on social media, the exemption no longer applies and full GDPR obligations apply. The European Court of Justice decision in Rynes v. Urad (2014) established that video surveillance covering even partially public spaces cannot automatically qualify as a purely personal activity.

DPC Enforcement Activity

Ireland's DPC has become one of Europe's most active GDPR enforcers. Because many of the world's largest technology companies are headquartered in Ireland for EU purposes, the DPC handles lead-authority cases across the EU. In 2024 alone, the DPC imposed fines of EUR 652 million, including EUR 310 million against LinkedIn and EUR 251 million against Meta. Any Irish organisation that records personal data and mishandles it faces a regulatory environment that takes enforcement seriously.

Criminal Justice (Surveillance) Act 2009

The Criminal Justice (Surveillance) Act 2009 governs covert surveillance conducted by Irish law enforcement and state agencies. This Act is entirely separate from the 1993 Interception Act and governs a different scope of activities.

What the 2009 Act Covers

The Act defines "surveillance" as "monitoring, observing, listening to or making a recording of a particular person or group" and their movements, activities, and communications, carried out "by or with the assistance of surveillance devices."

Who May Conduct Covert Surveillance

Only three agencies may apply for surveillance authorisation:

• An Garda Siochana (Irish police)
• Defence Forces (Irish military)
• Revenue Commissioners (tax enforcement)

Authorisation Process

A District Court judge must authorise surveillance, with hearings conducted in private without the subject's knowledge. Authorisation is valid for up to three months and may be renewed. In urgent cases, a superior officer may approve surveillance for up to 72 hours without court authorisation. Tracking devices require written approval from a superior officer for up to four months.

Oversight Mechanism

A designated High Court judge reviews the operation of the Act and reports to the Taoiseach (Prime Minister). A separate Complaints Referee (a Circuit Court judge) handles individual complaints and may recommend compensation of up to EUR 5,000.

Admissibility of Surveillance Evidence

Under Section 14 of the 2009 Act, evidence obtained through authorised surveillance is admissible. Courts may still admit evidence even if there were technical errors in the authorisation process, provided the errors were unintentional and admission serves the interests of justice.

Recording in Court Proceedings

Recording court proceedings in Ireland is strictly regulated.

Prohibition on Unauthorised Recording

Under District Court (Recording of Proceedings) Rules 2013 (S.I. No. 99/2013), no person other than the Courts Service or an authorised person may make any record of proceedings other than by written or shorthand notes. Any party may make a record with the court's express permission and subject to the court's directions.

Unauthorised Recording as Contempt

The Courts Service of Ireland has confirmed that using recordings in any way other than those outlined in official guidance could attract liability for contempt of court in addition to copyright liability.

Supreme Court Broadcast Exception

The Supreme Court has adopted a separate scheme for recording and broadcasting of Supreme Court proceedings where the Court permits it. This is a narrow, court-controlled exception and does not extend to other levels of the court system without specific authorisation.

Practical Implication

Anyone attending Irish court proceedings should understand that taking out a phone and recording, even quietly, risks a contempt finding. The prohibition applies regardless of whether you are a party, witness, journalist, or member of the public.

Recording An Garda Siochana (Irish Police)

Can You Film Gardai in Public?

The general legal position is that there is no specific Irish law that prohibits members of the public from filming Garda officers in public spaces. As Citizens Information confirms, "in general, there is no legal basis for telling people they can't film the Gardai." However, how and where you are filming matters. Standing too close to the scene of an arrest, or refusing to move when directed, could result in a public-order offence charge. The offence in that case would be the obstruction or refusal to comply, not the filming itself.

The Garda Siochana (Recording Devices) Act 2023

The Garda Siochana (Recording Devices) Act 2023 governs how An Garda Siochana uses recording devices, including bodyworn cameras. A Code of Practice Order was made in 2024, and a pilot programme for bodycam use commenced in 2024. The Act requires Garda officers using a recording device to inform individuals "in an accessible language or format" that they are being filmed and recorded.

The Irish Human Rights and Equality Commission (IHREC) has called for significant human rights protections around facial recognition, drones, and covert recording provisions in the Act.

The Garda Siochana (Recording Devices) (Amendment) Bill 2025

A 2025 Amendment Bill would allow An Garda Siochana to use biometric recognition technologies, including facial recognition, to assist in investigating serious criminal offences. As of May 2026, the Bill was progressing through the Oireachtas.

Practical Guidance

If you film Garda officers in a public place:

• You are acting within your rights provided you do not obstruct their duties.
• Remain at a reasonable distance from any active arrest or operation.
• Be aware that sharing footage online creates data protection obligations under GDPR if the footage contains identifiable personal data.
• Garda body-camera footage is subject to data protection rights, including subject access requests to An Garda Siochana as the data controller.

Workplace Recording in Ireland

Workplace recording in Ireland is governed by a combination of employment law, GDPR, and DPC guidance on surveillance.

Employer Recording of Employees

Employers who record employees must comply with GDPR and the Data Protection Act 2018. Key requirements include:

• Transparency: Employees must be clearly informed about what data is collected, why, how long it will be retained, and who has access.
• Purpose limitation: CCTV installed for security purposes cannot be repurposed for disciplinary monitoring without separate justification.
• Proportionality: Constant monitoring of employees is considered intrusive and only justifiable in exceptional circumstances.
• Data Protection Impact Assessment (DPIA): Required for systematic monitoring of employees.

Covert Workplace Surveillance

In general, employers may not covertly record employees without consent. Covert surveillance is only permitted when:

• The workplace is relevant to a criminal investigation
• The surveillance is focused and time-limited
• A specific written policy authorises covert surveillance
• No evidence is found within a reasonable time, at which point surveillance must stop

Employee Covert Recording at Work

Employees who covertly record workplace conversations (such as disciplinary meetings or discussions with managers) face a complex legal situation. The Workplace Relations Commission (WRC) has shown willingness to accept covert recordings as evidence in employment disputes, particularly where there is a breakdown in trust between employer and employee. However, where the employer provides a comprehensive grievance process and no wrongdoing is alleged, the WRC may decline to admit covert recordings.

Business Call Recording

Businesses that record customer calls must provide clear notice at the start of the call. Under the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (S.I. No. 336/2011), which implements the EU ePrivacy Directive, confidentiality of electronic communications must be preserved. Businesses typically rely on consent or legitimate interest as their lawful basis, supported by a prominent notification at the start of the call.

Recording in Public Places

Irish law does not specifically prohibit recording (audio or video) in public places. The DPC has confirmed that "the GDPR does not prohibit people from taking photographs in public spaces," provided there is no harassment involved.

Key Principles for Public Recording

• Taking photos or video in public is generally permitted under common law.
• The household exemption typically applies to personal photography and recording in public.
• Publishing or sharing recordings containing identifiable individuals triggers GDPR obligations. A lawful basis under Article 6 is needed to share recordings publicly.
• Reasonable expectation of privacy still applies in some public settings. Recording someone in a situation where they would reasonably expect privacy (for example, a private conversation in a public park) may violate their rights.
• Persistent recording of a specific person could constitute harassment under Section 10 of the Non-Fatal Offences Against the Person Act 1997.

Dash Cams and Body Cameras

The DPC has issued specific guidance on dash cams and recording devices used in public. Continuous recording that captures identifiable individuals may fall outside the household exemption, particularly if the footage is shared online or used commercially.

Online Safety and Media Regulation Act 2022

The Online Safety and Media Regulation Act 2022 established Coimisiun na Mean (the Media Commission) as Ireland's online safety regulator. While the Act does not directly address personal recording consent, it governs how online platforms handle content that may involve recordings, including harmful and intimate content.

Coimisiun na Mean: What It Does

Coimisiun na Mean adopted Ireland's Online Safety Code for designated video-sharing platforms (TikTok, Facebook, Instagram, X) in October 2024. Full application of the Code commenced in 2025. The Code requires platforms to:

• Restrict harmful content including cyberbullying, incitement to hatred, and racist or xenophobic material
• Implement age assurance measures for services accessed by children
• Provide user-friendly reporting and flagging mechanisms
• Take down non-consensual intimate images (NCII) promptly

As of February 2026, Coimisiun na Mean appeared before the Joint Committee on Arts, Media, Communications, Culture and Sport to discuss online safety regulation and AI-generated harms.

What This Means for Recordings

If a recording of another person is uploaded to a regulated platform without consent, the platform has obligations to act. The OSMR Act works alongside Coco's Law (see below) and the GDPR to provide a layered response: criminal liability through Coco's Law, regulatory enforcement through Coimisiun na Mean, and data protection enforcement through the DPC.

Harassment, Harmful Communications and Related Offences Act 2020 (Coco's Law)

The Harassment, Harmful Communications and Related Offences Act 2020 (commonly called "Coco's Law") created specific offences relating to the non-consensual recording and distribution of intimate images.

Core Offences

The Act creates offences for:

• Distributing or publishing an intimate image without consent with intent to cause harm
• Threatening to distribute or publish an intimate image without consent
• Sending, distributing, or publishing a threatening or grossly offensive communication by any means with intent to cause harm

The Act defines "intimate image" broadly to capture all means by which such images may be produced, including AI-generated materials and deepfakes. This is significant: a digitally fabricated intimate image of a real person falls within the Act's scope.

Penalties Under the 2020 Act

• Summary conviction: Fine and/or up to 12 months imprisonment
• Conviction on indictment: Fine and/or up to 7 years imprisonment

2026 Amendment Bills

Two amendment bills introduced in early 2026 are expanding the 2020 Act's reach:

1. Harassment, Harmful Communications and Related Offences (Amendment) Bill 2026 (initiated 27 January 2026): Amends the 2020 Act to prohibit the creation of non-consensual intimate or harmful imagery, not just distribution.
2. Harassment, Harmful Communications and Related Offences (Amendment) (No. 2) Bill 2026 (initiated 4 February 2026): Explicitly extends provisions to images that are generated or modified by computer-graphics, ensuring AI-generated deepfakes are unambiguously covered.

Both bills were before the Oireachtas as of May 2026.

Deepfakes, AI Voice Cloning, and the Protection of Voice and Image Bill 2025

The rapid advancement of generative AI has prompted significant legislative activity in Ireland relating to synthetic media.

Protection of Voice and Image Bill 2025

The Protection of Voice and Image Bill 2025 was introduced at First Stage in the Dail on 1 April 2025. The Bill would create a specific offence where someone knowingly exploits a person's name, image, voice, or likeness without consent with the intention to deceive or cause harm.

The Bill is targeted at the creative industries and public figures but would apply broadly. It addresses a gap that Coco's Law does not fill: the misuse of a person's voice or non-intimate likeness for fraudulent, defamatory, or harmful purposes outside the context of intimate imagery.

EU AI Act Implementation in Ireland

Ireland implemented its obligations under the EU AI Act through S.I. No. 366/2025 (European Union (Artificial Intelligence) (Designation) Regulations 2025), effective from 2 August 2025. This statutory instrument designated eight national competent authorities to enforce the AI Act in Ireland. The Regulation of Artificial Intelligence Bill 2026 is separately progressing to create a domestic governance framework.

The EU AI Act imposes specific transparency requirements on systems that generate synthetic content of real people, including obligations to disclose when audio or video content is AI-generated. These requirements apply to providers of AI tools capable of generating deepfakes of identifiable individuals.

Joint Committee Activity

In February 2026, the Joint Committee on Artificial Intelligence met to discuss deepfakes, consent, and AI's role in truth and democracy. The pace of legislative attention makes Ireland one of the more active EU member states on synthetic media regulation.

Penalties for Illegal Recording in Ireland

Penalties for unlawful recording in Ireland come from multiple statutes depending on the conduct:

Unauthorized Interception of Telecommunications

Under Section 98 of the Postal and Telecommunications Services Act 1983, unauthorized interception of telecommunications messages is a criminal offence. On conviction on indictment:

• Up to 5 years imprisonment
• A fine at the court's discretion

GDPR Violations

The DPC can impose administrative fines under GDPR:

• Up to EUR 10 million or 2% of annual global turnover for less severe violations
• Up to EUR 20 million or 4% of annual global turnover for more serious violations

Non-Consensual Intimate Images (Coco's Law)

Under the Harassment, Harmful Communications and Related Offences Act 2020:

• Summary: Fine and/or up to 12 months imprisonment
• Indictment: Fine and/or up to 7 years imprisonment

Harassment Through Recording

Under Section 10 of the Non-Fatal Offences Against the Person Act 1997:

• Summary conviction: Fine up to EUR 1,500 and/or up to 12 months imprisonment
• Conviction on indictment: Fine and/or up to 7 years imprisonment

CCTV Licensing Violations

Failure to comply with CCTV licensing requirements under the Garda Siochana Act 2005 carries fines of up to EUR 2,500, six months imprisonment, or both.

Admissibility of Covert Recordings as Evidence

Irish courts take a nuanced approach to admitting covert recordings as evidence. There is no blanket rule excluding or admitting such recordings.

General Principles

• A covert recording is not automatically inadmissible because the other party did not consent.
• Courts balance the right to privacy of the recorded person against the interests of justice and the rights of the party seeking to use the recording.
• The circumstances of the recording matter: how it was obtained, whether it was proportionate, and whether the information could have been obtained by other means.

In Criminal Proceedings

Under Section 14 of the Criminal Justice (Surveillance) Act 2009, evidence obtained through authorised surveillance is admissible. Courts may still admit evidence even where there were technical errors in the authorisation process, provided the errors were unintentional and admission serves the interests of justice.

In Employment Proceedings

The WRC has admitted covert recordings in cases involving allegations of bullying or harassment, situations where trust has broken down between employer and employee, and where the employee had no other means to document wrongdoing. The WRC will generally not admit covert recordings where the employer offered adequate grievance procedures and no misconduct is alleged.

In Family Law Proceedings

Covert recordings may be admitted in family law cases, but courts exercise considerable caution. Relevance and proportionality are the key tests.

Cross-Border Recording: Ireland, the UK, and the EU

Calls Between Ireland and the United Kingdom

The UK follows a broadly similar one-party consent model for telephone call recording under the Regulation of Investigatory Powers Act 2000. Following Brexit, the UK implemented its own UK GDPR, which largely mirrors EU GDPR. The European Commission extended the UK's adequacy decision until 2031 following an assessment in October 2025. This means data flows between Ireland and the UK remain permitted without additional safeguards for now.

For a call between an Irish party and a UK party, Irish law governs from the Irish end (one-party consent under the 1993 Act), while UK GDPR governs any subsequent processing by the UK party. Because both regimes are broadly aligned, the practical outcome is similar in most cases.

Calls Within the EU

Other EU member states apply GDPR directly, but their national interception statutes vary. Germany, France, and Austria require all-party consent for private telephone recordings under their national laws. A recording that is lawful under Irish one-party consent may be unlawful at the other end if the other party is in a stricter jurisdiction. Legal risk should be assessed based on the most restrictive jurisdiction involved.

New EU Cross-Border GDPR Procedural Regulation

In November 2025, the Council of the EU adopted a new procedural regulation (EU) 2025/2518 to speed up handling of cross-border GDPR complaints. The regulation applies from 2 April 2027. It streamlines cooperation between lead supervisory authorities (such as the Irish DPC for companies based in Ireland) and concerned authorities in other member states, which may result in faster enforcement outcomes in cross-border cases involving recordings shared across EU borders.

Quick Reference Table: Ireland Recording Laws by Situation

Upcoming Legislative Changes

The Irish legislative landscape around recording and surveillance is actively evolving across several fronts:

1. Communications (Interception and Lawful Access) Bill -- Proposed replacement for the 1993 Act. Will cover VoIP, encrypted messaging, and over-the-top services. No enactment date announced as of May 2026.
2. Protection of Voice and Image Bill 2025 -- Targeted at AI voice/likeness misuse. First Stage completed April 2025. Committee Stage pending.
3. Harassment, Harmful Communications and Related Offences (Amendment) Bill 2026 -- Prohibits creation (not just distribution) of non-consensual harmful imagery.
4. Harassment, Harmful Communications and Related Offences (Amendment) (No. 2) Bill 2026 -- Explicitly covers computer-generated and AI-modified imagery.
5. Garda Siochana (Recording Devices) (Amendment) Bill 2025 -- Proposed biometric recognition powers for An Garda Siochana.
6. Regulation of Artificial Intelligence Bill 2026 -- Domestic governance framework for EU AI Act obligations.