The much-debated data retention law came into effect in October 2015. Telecommunications companies must now keep customer metadata for up to two years. Metadata captures who, when, where and how, but not the content, of messages. This new legislation also requires that companies encrypt the data and provide only authorised access.
These changes mean that government agencies and the Australian Security and Intelligence Organisation (ASIO) can access this data without a warrant. There is one exception. If this request pertains to identifying a journalist’s source, they must first obtain a Journalist Information Warrant first.
The law aims to bolster the investigative capabilities of law enforcement and security agencies. Metadata, used in criminal cases to either rule out suspects, identify people and as evidence, is an important weapon in modern policing. With the relentless explosion of technology, some telecommunications companies have struggled to keep pace with the variety and quantity of metadata. This law enforces compliance.
Telecommunication companies have until April 2017 to meet their obligations. A question mark remains over the impact of this law on privacy. Some experts warn that it is the end to digital privacy in Australia. Others see it as vital for national security. The Government insists that the data retained is protected as personal information under the Privacy Act and the Australian Privacy Principles (APPs).