‘Metadata law’ review makes key changes

The Australian Human Rights Commission has welcomed recommendations for reform of the mandatory data retention regime (known as the ‘metadata law’).

The Parliamentary Joint Committee on Intelligence and Security (PJCIS) has made 22 recommendations to improve human rights and other protections following its review of the metadata law.

The PJCIS report proposes better reporting requirements, and tighter restrictions on authorisation for accessing metadata – both of which were recommended in the Commission’s submission. However, it stops short of introducing a mandatory warrant system for metadata.

“I am pleased to see the recommendations for reform outlined in the PJCIS report,” said Human Rights Commissioner Edward Santow.

“The Commission made a submission to the review outlining four key recommendations for reform and also gave evidence at a PJCIS hearing. The final report addresses many aspects of our recommendations.

“When this legislation was introduced, it was said to be necessary to combat ‘serious criminal offences’ such as murder. But in practice the law has allowed access to personal data for other purposes, including the enforcement of fine debts, or to protect public revenue.

“The Commission recommended that the law be tightened so that it permitted access to people’s communications data only for investigating serious crimes and only by law enforcement bodies, not by the range of other bodies currently enabled to do so. We note the PJCIS has largely agreed with this.

“However, the Commission would still prefer a warrant system be put in place, to ensure that there is full, independent oversight of the use of these intrusive powers.”

The Commission’s submission made four key recommendations for reform:

  • that ‘contents’ and ‘substance’ of a communication be defined in the legislation (this was endorsed by the PJCIS).
  • that the data retention period be reduced from 2 years (this was not endorsed)
  • that communications data should only be accessible for the investigation of defined serious crimes and only by law enforcement agencies, not by the range of other bodies currently enabled to do so (this was largely endorsed, and better reporting requirements also proposed by the PJCIS)
  • that a warrant or tighter authorisation system be established for access to communications data (this was not endorsed but some tighter restrictions on authorisation were recommended).

You can read the Commission’s submission on the mandatory data retention regime on our website.

/Public Release. View in full here.