After much debate, the Australian government's controversial
mandatory data retention law has been passed. Telecommunications
companies will now be required to retain a defined subset of their
customers' telecommunications data records for two years and
allow national security agencies to access these records.
Irrespective of certain safeguards which have been implemented, the
practical effect of these new laws is that vast amounts of data on
the movements and habits of ordinary Australian citizens will be
collected by Australian telecommunications companies, involving
substantial costs for data retention and the potential for an
increased level of surveillance of Australians.
The Telecommunications (Interception and Access) Amendment
(Data Retention) Bill 2015 (Cth)(the Bill)
does not define "metadata". Instead, it amends the
Telecommunications (Interception and Access) Act 1979
(Cth) (the TIA Act) to specify the kinds of
information that telecommunications companies will be required to
keep under the new section; 187AA of the TIA Act. This will include
metadata for phone and computer use, such as:
Subscriber or account holder details
Source and destination of the communication
Date, time, duration and location of the communication
Type of services used (eg voice, SMS, email, social
Type of delivery services (eg ADSL, Wi-Fi, VoIP,
Telecommunications companies will only be required to retain the
metadata rather than the content of phone calls, emails and web
browsing history, all of which are specifically excluded in the
legislation. According to the Explanatory Memorandum to the Bill,
this is because access to metadata infringes less on personal
privacy than on access to content.
Although the Bill is part of a suite of counter-terrorism
measures against home-grown terrorists, privacy advocates have
raised concerns about the new law due to the risk of security
agencies misusing the personal information of Australians. Legal
and media advisors have raised concerns as to the long-term effects
the new law could have on journalistic or legal privilege. The
additional responsibilities placed on telecommunication sector
entities to capture and retain data and information can arguably
increase their liability exposure and that of their insurers.
The Australian government has tried to ease these privacy
concerns by including what it sees as appropriate safeguards, such
as, requiring national security agencies to make a case that access
to the data is "reasonably necessary" to an
investigation. There is also an independent oversight mechanism
allowing the Commonwealth Ombudsman access to agency records and
allowing the Parliamentary Joint Committee on Intelligence and
Security oversight of the use of metadata by the AFP and ASIO.
Telecommunications companies are now required to encrypt the
retained information and protect it from unauthorised interference
or unauthorised access, which is in line with the principles under
the Privacy Act 1988 (Cth) for the handling of personal
Further, national security agencies accessing phone and computer
records pursuant to the new laws, will now be subject to the
Australian Privacy Principles for the handling of that information,
to the extent that the information constitutes "personal
information" for the purposes of the Privacy Act.
Is this appropriate and reasonable, considering the
intrinsically personal details that will be held?
The safeguards provide only a level of comfort that the
information being retained will be held and used only within
It is important to remember that all systems are subject to
breaches, even those maintained by the telecommunications industry
and by national security agencies - this is particularly relevant
with regard to the current regulatory focus on data breach and
privacy related issues and exposures.
It remains to be seen how the implementation of the new laws
will unfold and as to whether the intended national security
benefits outweigh the financial cost of implementing the regime and
the long term effect, which the retention of data might have on the
personal privacy of Australians.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Those types of personal disclosure may still be permitted under the Privacy Act as long as your house is in order.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).