Parliamentary Joint Committee Releases Report on Mandatory Data Retention Regime

On 4 April 2019, the Parliamentary Joint Committee on Intelligence and Security (“the Committee”) formerly adopted the review of the mandatory data retention regime (“MDRR”) and called for submissions. The review is required by Part 5-1A of the Telecommunications (Interception and Access) Act 1979 (“the Act”). The review was completed on 15 April 2020, and the Committee’s final report was published in late October 2020.

The Committee focused its review on topics including:

• The effectiveness of the regime, accounting for technological changes since its implementation
• The appropriateness of the dataset and retention period
• Any potential improvements to oversight
• The number of complaints made in regards to the regime
• Security requirements in relation to stored data
• Access by agencies to certain retained data

The Committee’s final report contained 22 recommendations.

Part 5-1A of the Act

The Committee summarises Part 5-1A in [1.20]:

Subsection 187N provides that Part 5-1A was to be reviewed after two years of being implemented. This Part was inserted by the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 (Cth). The corresponding Bill was discussed in an earlier TimeBase article.

Committee Report

The Committee comments that whilst the MDRR has shown to be a useful in investigations by law enforcement agencies and intelligence services, its ongoing use must be balanced against criticisms that the regime is costly, intrusive, and lacking in transparency. The Committee views the regime as effective overall, however, recommends a number of amendments in order to address these concerns.

One of the key concerns was the storage of location data as part of the dataset held by MDRR. In any other scenario, a warrant would be required in order to track the location of an individual, and privacy concerns in regard to access to this information has been raised. However, keeping this data has been shown to be important for law enforcement in order to look for missing persons and confirming a suspect’s location at a given time. On the balance, the Committee was not persuaded to recommend the removal of location data from the regime.

The dataset that is submitted into the MDRR has also been shown to come in different formats, and that the provision of data comes at different prices from different carriers. Following this, one of the key recommendations by the Committee is the preparation of national guidelines for the operation of the MDRR. These guidelines are to be prepared by the Department of Home Affairs, and should aim to provide for greater clarity, consistency, and security in the collection and management of telecommunications data under the regime.

Some of the other recommendations put forward by the Committee include:

• Clarification on what information should fall under telecommunications data and the scope of the regime (recommendation 2)
• Maintaining the data retention period at two years (recommendation 4)
• Clarification that information generated by Internet of Things devices are not required to be stored (recommendation 5)
• Amendment of Part 5-1A to require service providers to store specific information on servers located in Australia unless specifically exempted (recommendation 21)

TimeBase is an independent, privately owned Australian legal publisher specialising in the online delivery of accurate, comprehensive and innovative legislation research tools including LawOne and unique Point-in-Time Products. Nothing on this website should be construed as legal advice and does not substitute for the advice of competent legal counsel.

Review of the mandatory data retention regime (Parliamentary Joint Committee on Intelligence and Security, Parliament of Australia)