What’s all this about allowing civil parties access to metadata?

The Attorney General recently asked for submissions about the potential use of metadata collected for the purposes of the data retention regime in civil cases. You can read our submission here. For those interested, this is a quick summary.

The core justification made for the data retention scheme at the time it was being debated in Parliament was as a necessity for dealing with serious crimes. The legislation included a broad prohibition on the disclosure of data retained for the purposes of the regime except to a set list of agencies.

However, as part of passing the legislation, a provision was included that allowed exceptions to the prohibition (bear with me). This provision meant that in April 2017, the government would be able to list exceptions to this prohibition so that parties in civil cases could also access data retained under the regime. The examples usually given are violence and child abduction cases. It is easy to see how this data might be relevant in lots of family law matters.

In justifying the need for this legislation originally, the Government have undermined personal privacy by placing an inherent link between data retention and the need to prosecute serious crimes. In fact, this was the only justification for the scheme when the legislation was passed with bipartisan support. Watering down the few protections of privacy in the regime for different reasons is unacceptable.  

Having said that, it is important to note that data retained under the regime can be accessed by law enforcement agencies already in relation to any offences, not just serious crimes. Worst of all, this list of law enforcement agencies can be added to at any time. Already there are reports of agencies lobbying to get themselves added to the list.

To allow such a wide ranging interpretation of the data retention regime is clearly not in line with what was originally sold to the Australian people, and if there are changes in who can access metadata and the purpose for this access, we need an open, accountable and democratic process for making this decision. We don’t need backdoor lawmaking via regulation, the kind that this government seems to prefer.

The government needs to introduce a threshold in relation to the seriousness of the alleged conduct that must be met in order to access data retained under the regime. This should be absolute – no exceptions.

This might seem like a strong reaction, especially when people are trying to get access to data to help deal with matters like child abductions. But there are two clear answers to that argument.

First, it is critical to remember that the current data retention regime is highly invasive of the privacy, and a breach of our international human rights obligations. Data of this kind paints a fulsome picture of our personal lives, when and where we see medical professionals, who we meet at night, what we like to consume. United Nations Special Rapporteur Ben Emmerson stated in 2014 that mandatory data retention ‘amounts to a systematic interference with the right to respect for the privacy of communications,’ and as such, ‘bulk access technology is indiscriminately corrosive of online privacy and impinges on the very essence of the right to privacy.’ Digital rights must be seen as human rights, and the current Australian data retention regime is a clear violation of this approach.

Second, the civil justice system seems to be working well enough without allowing parties to use data retained under the regime. Plenty of data and documents are and will continue to be available for parties in civil cases – the prohibition does not cover all data. Nonetheless, it is easy to see how owners of copyright might engaging in conduct that looks a lot like fishing expeditions to telcos to get the data of the person who downloaded the latest Game of Thrones so they can send a threatening letter. Copyright holders already have plenty of ways to enforce their rights, but they don’t use them. There just isn’t good grounds to say that access to data retained under the regime will improve the civil justice system.

In short, the impact of a prohibition on access on the civil justice system will always be difficult to predict, but the impact on privacy is clear. (It’s bad.)

Ultimately, discussions about data retained for the purpose of this regime should be conducted using a human rights lens. To put it another way: people have a right to privacy, and this is not automatically trumped by the needs of government. According to international human rights law, any data retention regime must be both necessary to address a legitimate goal and be a proportionate means to achieving that goal. I have grave doubts about whether the very existence of a data retention scheme can be compatible with freedom of expression and privacy rights. Looking around the world, various courts and decision makers have rejected the idea that bulk data retention can ever be necessary or proportionate. As such, any proposed exceptions to the prohibition looks unjustifiable from this perspective.

Leave a comment

Your email address will not be published. Required fields are marked *