Data retention law kicks in
The government’s controversial mandatory data retention regulation comes into effect from 14 April, but a number of ISPs may be unable to comply in time.
Industry body Internet Australia has noted that while the Attorney-General’s department received 210 applications for funding under the scheme, the number of ISPs operating in the country could be significantly higher.
“The fact is, the government doesn’t actually know how many ISPs there are much less how to find them all,” Internet Australia Executive Chair Anne Hurley said.
“The Attorney-General’s Department received 210 applications for funding under the scheme and approved 180. However, it is widely believed there are more than 250 ISPs out there, possibly many more. “If there are huge gaps in the data collection the value of the scheme will be severely diminished.”
Communications Alliance, the peak body for Australia’s telecoms industry, likewise noted that many service providers faced challenges meeting the deadline due to the complexity involved in the compliance tasks.
CEO John Stanton said the issue was the lengthy delays in the government distributing grants to subsidise the costs of the systems required. He said the allotment of $128.4 million in grants was not finalised until September last year, 18 months after the legislation was passed, and service providers faced additional delays before actually receiving funds.
“The resulting time frame put many service providers under immense pressure to complete the work to enable them to comply with this onerous regime within the deadline,” he said.
“The government should acknowledge that these delays have made timely compliance more difficult to achieve. The Attorney-General should publicly commit that no action will be taken post-deadline, against any service provider that is genuinely working to comply with the regime, but has been disadvantaged by the slow pace of decision-making.”
Internet Australia’s Hurley said the design of the scheme also means that the compliance costs will be felt hardest among smaller ISPs.
“Our fear is that many of the smaller ISPs who provide niche services, especially in regional Australia, are faced with another technical and financial hurdle that threatens the very variability of their businesses. Our ISP members are very unhappy and with good reason,” she said.
Hurley also repeated the alliance’s call for the government to bring forward a review of the scheme currently scheduled to take place in 2019.
“We have a flawed scheme that will see consumers paying more for their internet. If we must have a data retention scheme the government should properly fund it and make sure it will actually work,” Hurley said.
Internet Australia has long been critical of the potential effectiveness of the scheme at all. In a parliamentary inquiry two years ago, then CEO Laurie Patton said international experience has found that data retention is of limited, if any, value in the fight against terrorism.
“Many European countries are struggling with or winding back their data retention schemes in the light of concerns for personal privacy rights. Yet we will be spending hundreds of millions of dollars on this questionable law,” he said at the time.
The government has separately announced that it has decided not to lift restrictions on civil litigants accessing the stored telecommunications data following a review.
The review by the Attorney-General’s Department and the Department of Communications and the Arts found that there is insufficient reason to justify making exceptions to the restrictions for civil court cases.
During the review, the potential benefits of providing access for civil cases were weighed against privacy concerns and the regulatory burden on ISPs.
Under the data retention scheme, ISPs are required to store telecommunications metadata — such as call logs, IP addresses and location data — for a period of two years, and must provide access to this data on request to any of 21 law enforcement and other agencies authorised to demand access.
A security champion program will foster an open culture mindset and benefit your entire...
Australia's Notifiable Data Breach legislation came into effect today, leaving Australian...
With the Notifiable Data Breach scheme about to start, two OAIC guides detail the steps to take...