The Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 was introduced into Parliament on 30 October 2014 and is currently being reviewed by the Parliamentary Joint Committee on Intelligence and Security.
The Bill will require telecommunications service providers to retain telecommunications data (also commonly referred to as metadata) for two years. Metadata is information about communications (e.g. the time a phone call was made and its duration), information about the parties to the communication (e.g. the sender and the receiver) including account and location information, and the device used. It does not require that service providers retain the content or substance of a communication, but metadata can still reveal a lot of information about an individual and those they interact with. For example, revealing who a person is in contact with, how often and where, can help to paint a picture of that person's private political opinions, sexual habits, religion or medical conditions.
ACCAN's submission recognises that access to metadata by criminal law-enforcement agencies can be legitimate and necessary. However, we want to ensure that a data retention scheme does not unduly increase the cost of phone and internet services for consumers and that reasonable and consistent privacy regimes be put in place. In 2012, Optus estimated that, depending on a range of assumptions about a data retention scheme's scope, such a scheme could cost the company more than $200 million. This could see consumers affected by price rises of $5 - $10 a month.
Our submission makes a number of recommendations including that:
The Federal government covers the cost of a data retention scheme;
- Agencies authorised to access metadata without a warrant be restricted to those investigating serious offences, as defined in the Telecommunications (Interception and Access) (TIA) Act;
- The Attorney-General or Minister only add agencies to the list of those able to access metadata without a warrant by amendment to the TIA Act, rather than via regulation, so that such additions are subject to full Parliamentary scrutiny;
- The types of data to be collected (the data set) are defined in legislation, rather than regulation;
- The Attorney-General clarifies the jurisdiction of the Commonwealth Privacy Act over the activities of state law-enforcement organisations using metadata, so that if an individual's personal information is compromised by state agencies, they have access to the same level of redress as afforded under the Commonwealth Act;
- That the statutory obligation to retain data is limited to six months, and that this timeframe is reviewed three years after the data retention scheme's implementation phase, in line with a wider review of the Bill.
Download: Data Retention Bill submission_ACCAN.docx817.43 KB
Download: Data Retention Bill submission_ACCAN.pdf372.51 KB