Australian govt says data retention won't be like failed EU directive

Any Australian telecommunications customer data retention regime would have privacy safeguards in place by the Australian government, separating it from the European directive for data retention that was thrown out by the European Court of Justice in April.

Under the European directive, telecommunications companies were expected to store traffic, location, and custmer data for between six months and two years for access by government authorities to use in investigating breaches of the law.

The European Court of Justice was asked by the Constitutional Court in Austria and the High Court of Ireland to determine whether the directive was consistent with the European Charter of Fundamental Rights around privacy and protection of personal data.

The court declared the directive invalid because requiring the retention of the data directly interferes with those fundamental rights, and would likely generate a feeling that a person's private life is the subject of constant surveillance.

According to documents obtained from a Freedom of Information request by ZDNet, a copy of the European Court of Justice's ruling was circulated between the Australian Attorney-General's Department and the Department of Communications in mid-April, along with talking points for how to address questions on the impact of the court's ruling on Australia's own plans for data retention.

Data retention remains a controversial issue in Australia, with the last report from the Attorney-General's Department revealing that a wide range of local, state, and federal government agencies accessed telecommunications customer data 319,874 times in the 2012-2013 financial year. The data, which the government prefers to describe as "metadata", is a comprehensive history of the time, date, location, and recipient information about telephone calls, emails, and other communications. A warrant is not required to access the data because agencies argue that telecommunications customer data does not include content.

The government agencies have been arguing that telecommunications companies should be required to store this data for up to two years, but the most recent parliamentary inquiry into the matter left the decision on data retention to government, and although the Coalition Government has recently moved to enact some of the recommendations from the Joint Standing Committee on Intelligence and Security's 2013 report for stronger spy agency powers, mandatory data retention was not part of the planned legislation.

According to the talking points sent from the Attorney-General's Department to the Department of Communications, the government was considering the impact of the European Court of Justice's ruling on any Australian data retention proposal, and said that the privacy implications may be different in the Australian context.

"It may be that Australia, as a national government, is better placed to directly implement privacy safeguards and objective standards than is possible in the European context, should the government decide to implement data retention."

The talking points also note that the court acknowledged that data retention "genuinely satisfies an objective of general interest, namely the fight against serious crime and, ultimately, public security", and stated that all investigative powers would have some privacy intrusion.

"All investigative powers involve intruding on the right to privacy. What is important is that appropriate safeguards are in place to ensure that such intrusions are not disproportionate, to prevent abuse, and to protect the security of information."

The talking points stress that the Australian government has not made a decision on whether to proceed with data retention, but said that the parliamentary committee's report recommended safeguards should such a regime be put in place, and the Attorney-General's Department recommended limiting the number of agencies with access to the data, and "strengthening the independent oversigh and public reporting requirements."

A portion of one of the documents, and the entire second document in the scope of the Freedom of Information request were redacted on the grounds that the release of the documents may affect national security, defence, or international relations.

Labor MP calls for data retention

In a speech to Parliament yesterday, the chair of the committee at the time of the report, Labor MP Anthony Byrne, called on the government to implement a mandatory data retention regime.

"If a government is concerned and is making the right noises about being concerned about this nation's security, it must give its agencies all of the suite of the powers that it needs to deal with the terrorist threat. And it has not done so," he said.

"I would urge the attorney-general... to bring all of the suites of the powers that the intelligence agencies have been asking for for some period of time...to the parliament at its earliest opportunity."

He said that the powers should be brought before the parliament so the public can debate the need for data retention.

"I don't want to see data retention debated in this chamber, and the chamber below, after an event has occurred on Australian soil."

The news comes as last week the UK Prime Minister David Cameron announced sweeping new emergency surveillance legislation that would force telecommunications companies in the country to retain customer data for up to 12 months.