Brandis extends submission deadline on telco data retention for civil proceedings

Australian Attorney-General George Brandis has extended the deadline for those wanting to make a submission on whether the federal government should prohibit access by parties for civil proceedings to data retained by telecommunications providers under the data retention legislation.

Submissions now close on Friday, January 27 -- two weeks after the original January 13 submission due date.

The Parliamentary Joint Committee on Intelligence and Security (PJCIS) had previously said that because the data retention laws were introduced for national security and law-enforcement purposes, data access and use by civil litigants would be unsuitable.

According to the government's current consultation paper [PDF] on the matter, however, the PJCIS suggested that this prohibition not apply to telecommunications data that is retained under the laws but then also used for business purposes, as well as permitting access to the data under "appropriate" exceptions.

"The committee also recommended that the Bill be amended to include a regulation-making power to enable provision for 'appropriate exclusions'," the consultation paper said.

"In making this recommendation, the committee gave examples of 'family law proceedings involving violence or international child abduction cases' as potential classes of matters that could be excluded from the scope of the prohibition.

"However, the committee noted that it '[did] not wish to prescribe how a regulatory power would work when it comes to what should be excluded', and further recommended that the minister for communications and the attorney-general review the measure and report to the Parliament on the findings of that review by 13 April 2017."

Section 280 of the Telecommunications Act was hence amended so that data retained under the legislation solely for the sake of complying with data retention obligations cannot be used for civil proceedings as of April 13, 2017 -- apart from these exception-making powers and when it is also used for business needs by the retaining provider.

The Attorney-General's Department in December announced that it would be reviewing the law, as recommended, to look into whether retained telco data could be used in civil proceedings.

This was despite Brandis saying in 2014 that data retention would not be used for copyright infringement cases -- although the Australian Federal Police admitted at the time that telecommunications customer data could be used by rights holders to prosecute online piracy -- and was being introduced only for the "highest levels of crime" including terrorism, transnational crime, and paedophilia.

The government is presently specifically seeking feedback on: What retained telco data is currently requested by parties to civil proceedings, and in what circumstances; what impact there would be if parties to civil proceedings were not permitted to access such data; and whether there are definite civil proceedings or circumstances when the prohibition to accessing such data should not apply.

The Telecommunications (Interception and Access) Amendment (Data Retention) Act, passed by the Australian government in March 2015, came into effect in October 2015, and sees customers' call records, location information, IP addresses, billing information, and other data stored for two years by telecommunications carriers, accessible without a warrant by law-enforcement agencies.

There is yet to be mandatory data breach notification legislation implemented to protect the security of data collected by telcos and shared between government agencies, despite the PJCIS recommending in February 2015 that Australia have data-breach notification laws in place before the end of 2015, prior to the implementation phase of data retention.

Despite the controversial laws, amendments to expand access to the data retained under them, and the lack of a mandatory data breach notification law, a poll by the Australian National University (ANU) in October found that over two-thirds of respondents support data retention laws for the purpose of protecting national security.

The poll, conducted via a random phone survey of 1,200 individuals between June and July, found that 67 percent thought the retention of communications metadata is "justified as part of the effort to combat terrorism and protect national security".

In addition, almost 70 percent approve of data retention for counter-terrorism purposes.