'

Brandis rules out data retention in civil litigation

The government has ruled out the use of telecommunications metadata captured and stored under data retention in civil cases, denying that the review was conducted with a view to weaken restrictions.

The Australian government has made the decision to prevent civil litigants from using telecommunications data being stored under data-retention legislation in court proceedings, saying its review into the matter found there was "insufficient reason" for allowing exceptions.

The government had conducted a review into whether it should prohibit access by parties to data retained by telecommunications providers or whether retained telco data could be used in civil proceedings following a recommendation from the Parliamentary Joint Committee of Intelligence and Security (PJCIS) on the matter.

"The review ... considered the use of telecommunications data in the civil justice system, privacy of communications, and the regulatory burden on the telecommunications industry," Attorney-General George Brandis and Communications Minister Mitch Fifield said in a joint announcement on Thursday.

"It is incorrect to say, as some have falsely asserted, that the review was conducted for the purposes of weakening existing restrictions."

The data-retention legislation, passed by the Australian government in March 2015, came into effect in October 2015 and sees customers' call records, location information, IP addresses, billing information, and other data stored for two years by telecommunications carriers, accessible without a warrant by law-enforcement agencies.

With the legislation introduced for the purposes of combating terrorism and protecting national security, the retained data is prohibited from being used in civil cases, with the PJCIS saying that data access and use by civil litigants would be unsuitable. However, there was a provision inserted allowing, effectively, for exception-making powers that could enable its use in family law proceedings concerning either violence or international child abduction, for instance.

The government's review, published on Thursday, has ruled these exceptions out.

"Although there is a history of telecommunications data being obtained to support a modest number of civil cases, the review has received insufficient evidence to sustain a recommendation that regulations be made to allow civil litigants to access data retained solely for the purpose of the data-retention scheme," the Review of whether there should be exceptions to the prohibition on civil litigant access to retained telecommunications data [PDF] concluded.

"The prohibition preserves civil litigants' access to data that is not retained for the purpose of the data-retention scheme, while restricting access to data accumulated and used solely for the purpose of the scheme."

The review added that if evidence does reveal a need for exceptions, regulations around this could be considered subject to privacy consultation and a consideration of the impact on the telcos storing the data. This would be open to the PJCIS in 2019 during its statutory review of data retention.

During the review, the government considered more than 260 submissions from the legal sector, privacy and human rights organisations, telecommunications providers, media companies, political parties and members of Parliament, government entities and representatives, and individuals.

Telstra said in its submission that the use of metadata in civil proceedings would introduce a number of "practical compliance issues", because it is not always straightforward to determine whether data is stored solely for data-retention purposes.

Under Section 280 of the Telecommunications Act, from April 13, data stored solely for compliance with the data-retention laws cannot be used in a civil court case; however, data stored for other purposes is still accessible.

Telstra noted that it is possible that carriers feed metadata stored under the data-retention scheme into a central data store.

This would require telcos to sift through which data is being kept for business purposes, and would risk "potential inadvertent disclosures".

"This will create uncertainty for staff in having to differentiate between what telecommunications data is retained for the purposes of s187AA of the TIA Act, and what data is retained for other business purposes," Telstra said.

"This may be the case particularly if [carriers] are put in a position where they have to determine at what point in their systems the data retained is in compliance with the TIA Act, or whether the data is retained solely for day-to-day business purposes.

"This added logistical hurdle adds costs to the process of compliance. The differences in approach may also make it complicated for parties to litigation to know what data they will be permitted to have access to."

Telstra recommended that in these cases, courts should decide whether metadata will be allowed in a civil case.

The Communications Alliance suggested an "all or nothing" approach from the review, but pointed out that government agencies that are restricted from accessing telco data by Australia's metadata laws are still able to demand data by falling back on their own statutes and the laws forcing telcos to respond to lawful information requests.

"Either a continuation of the currently existing disclosure rules (albeit with a clearer, more limited regime of which agencies can lawfully access retained metadata or other data) or a regime that allows access to all retained data in civil proceedings independent of the civil matter under consideration," Comms Alliance said.

The Australian Privacy Foundation, Electronic Frontiers Australia, Victorian Commissioner for Privacy and Data Protection David Watts, and the Australian Communications Consumer Action Network (ACCAN) all shot down the widening of access to telco metadata, with Shadow Attorney-General Mark Dreyfus saying back in January that the Labor party was "very concerned" about the use of retained telecommunications data in some civil cases.

"At the time that the committee was considering this, I was very concerned, Labor was very concerned, about the possibility of use for civil proceedings," Dreyfus said.

"We remain very concerned, and we are waiting to see what this review says."

Data-retention was originally passed thanks to the votes from Labor.