Submission to Review of the Mandatory Data Retention Regime Prescribed by Part 5-1A of the Telecommunications (Interception and Access) Act 1979 (CTH) (‘TIA Act’)

Abstract

This submission seeks to respond to the terms of reference raised by Parliamentary Joint Committee on Intelligence and Security in its Review of the Mandatory Data Retention Regime prescribed by Part 5-1A of the Telecommunications (Interception and Access) Act 1979 (CTH) (‘TIA Act’). As scholars working at the intersection of law and technology, we are somewhat comforted to see the review of the Data Retention Regime, led by the Joint Committee and mandated by legislation, as we believe that reform in this area is important for Australia. In this submission, we draw upon some of the research conducted by Technologies and Rule of Law stream researchers to make suggestions on how we think the current data retention regime should be reformed. We also seek to provide comparisons with the recent developments in other jurisdictions. In 2015, the Australian Government amended the Telecommunications (Interception and Access) Act 1979 (Cth) (‘TIA Act’) to introduce a statutory obligation for telecommunication and internet service providers (‘carriers/CSPs/ISPs’) to retain a specific dataset of metadata relating to their subscribers for a period of two years. This data retention scheme was the culmination of rumour and inuendo surrounding a proposed scheme beginning in 2010. Data retention schemes have been part of five different inquiries, four of which questioned the necessity of a data retention scheme and the types of data proposed to be retained and one review which recommended a data retention scheme. The Amendment made specific data which once would have fallen under the Privacy Act 1988 (Cth) retainable for a period of two years.