Allens Hub gives evidence before parliament on the data retention regime
Hub members Dr Monika Zalnierute and Genna Churches were invited to give evidence before the Parliamentary Joint Committee on Intelligence and Security of their submissions to the mandatory data retention review
A transcript of their evidence given on 14 February 2020 can be found here and below is their opening statement. A supplementary submission can be found here:
The importance of these public hearings and the assessment of the regime by the PJCIS cannot be underestimated. Australian law juxtaposed with technology, stands at a precipice — if we continue to ignore the importance of metadata and permit unwarranted access to it, there may be serious ramifications for the rule of law and our broader democracy. Metadata will only increase in production as will the capacity to store it; creating a greater potential for misuse.
Internationally, jurisdictions such as the US are ensuring the protection of metadata, particularly location data. The Court of justice of the European union held that blanket data retention schemes are incompatible with EU law.
We take this opportunity to mention the very recent Advocate general’s opinion on the UK, French and Belgian data retention schemes. The Advocate general suggests that the UK and French retention schemes are inconsistent with European Law, particularly in light of the Tele2 Sverige and Watson judgment. The opinion provides further guidance on the proportionality of data retention and access and should be kept in mind when reading the list of international comparisons in the Home Affairs Submission. We suggest that the proportionality as judged by the CJEU should be used as an example for Australia and would ensure that the rights of the individual are carefully balanced against the societal objective of investigating serious crime and the protection of national security.
We note serious issues with the proportionality of the current data retention and access regime. These issues include: no prior review of access through a warrant system; blanket metadata retention including the likely retention and access of content such as URLs; indefinite retention of data accessed by agencies; no deletion timeframe for Telcos or agencies; secondary disclosures are broadly permitted and are not reported in annual reports; no protections for roles which require professional secrecy such as lawyers; and access is permitted by a wide variety of agencies. Proportionality may be returned to the regime by a combination of: reducing the scope of metadata retained, reducing the agencies with access, reducing the retention period, implementing a judicial warrant system or only permitting access for the investigation of serious crime.
As our submissions show, the current metadata retention and access regime is undermined by older provisions, suggesting that amendments to the act may be ineffective. Instead we suggest that the telecommunications interception and access act and the telecommunications act be completely revised. This review should be wide ranging and include the review of similar technologies regulated by the surveillance devices act. Only with complete revision can legislators be sure that the protections they envisaged are not weakened through external legislation or existing instances of broad drafting.
In closing, we urge the PJCIS to recognise that metadata can be more pervasive than content and appropriately adjusts the proportionality of the scheme.