Going Against the Flow: Australia Enacts a Data Retention Law

(2015) 134 Privacy Laws & Business International Report, 26-28

UNSW Law Research Paper No. 2015-45

4 Pages Posted: 24 Aug 2015 Last revised: 11 Sep 2015

Graham Greenleaf

University of New South Wales, Faculty of Law

Date Written: April 20, 2015

Abstract

After the 2014 decision of the EU Court of Justice in the Digital Rights Ireland Case data retention laws in many European countries have been declared invalid, or laws redrafted in an attempt to reconcile them with fundamental rights as identified by the Court. In contrast, on 26 March 2015 Australia enacted the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 (‘Data Retention Law’). This is the end of the line for legal opposition to the law. Australia does not have a Bill of Rights or any other constitutional protections capable of invalidating an overly-broad or otherwise repressive data retention law.

This article analyses key features of the Data Retention Law, including the continuing difficulties of defining ‘metadata’, the limited obligations to delete data after the retention period, encryption requirements, the extent of access without warrants permitted, the attempted civil litigation exemption, and additional protection for journalists.

As part of the political trade-off to get the Bill through, the government accepted a recommendation by the PJCIS to introduce a mandatory data breach reporting (MDB) scheme by the end of 2015, but with no commitments concerning the content of the Bill.

This legislation gives the impression of being only a first step, not the last word. There are many aspects of the Bill where Ministerial declarations can be used to expand its scope, able to be used in response to alleged emergencies, which will lapse after 40 days only if the opposition at the time has the spine to refuse to enact legislation making them permanent. This is a recipe ripe for government exploitation by national security and law-and-order campaigns.

Keywords: data protection, privacy, data retention, Digital Rights Ireland, data breach notification, Australia, journalism

Suggested Citation

Greenleaf, Graham, Going Against the Flow: Australia Enacts a Data Retention Law (April 20, 2015). (2015) 134 Privacy Laws & Business International Report, 26-28; UNSW Law Research Paper No. 2015-45. Available at SSRN: https://ssrn.com/abstract=2649560

Graham Greenleaf (Contact Author)

University of New South Wales, Faculty of Law ( email )

Sydney, New South Wales 2052
Australia
+61 2 9385 2233 (Phone)
+61 2 9385 1175 (Fax)

HOME PAGE: http://www2.austlii.edu.au/~graham

Register to save articles to
your library

Register

Paper statistics

Downloads
395
rank
66,824
Abstract Views
1,208
PlumX