Privacy advocates are pushing for rapid implementation of 22 recommendations that will, they say, prevent widespread access to sensitive telecommunications data stored under Australia’s mandatory data retention laws.

The recommendations are outlined in the final report of the Parliamentary Joint Committee Intelligence and Security Committee (PJCIS), which has been conducting hearings and accepting submissions for its review of the controversial Telecommunications (Interception and Access) Act 1979.

Its final report, handed down at the end of October, recommended sweeping changes that would clamp down on government agencies’ access to data stored by telecommunications, which are required to keep extensive telecommunications usage data for a period of at least two years.

Among those recommendations are forcing the Department of Home Affairs to liaise with numerous legal and privacy bodies in preparing and mandating consistent guidelines on the scheme’s operation for all government agencies – a sharp rebuke for a pro-surveillance agency whose minister was earlier this year pushing to empower the Australian Signals Directorate to spy on Australians.

The recommendations also include a call to clarify the meaning of the legislative term ‘content or substance of a communication’ – recommending that Home Affairs “specifically consider whether some information that is currently treated as telecommunications data should now be regarded as content, given what that information can reveal about an individual”.

The two-year retention period would be retained, with stricter reporting requirements, an obligation to delete divulged data “as soon as practicable”, and clarification that Internet of Things (IoT) devices are exempt from the requirement to retain data.

Closing the loopholes

In the spirit of improving oversight of the legislation’s operation, the recommendations also include a requirement that verbal authorisation for data requests only be given in emergency situations, and limits the type of people who are authorised to do so.

PJCIS also recommended closure of the s280(1)(b) ‘back door’, which has been blamed for enabling metadata to be accessed by organisations for which it was never intended.

Despite early government assurances that the legislation would only be used by 22 appropriate government agencies, subsequent analysis showed that the data – controversially including URLs and data about journalists’ activities – was being provided, often without a warrant, to more than 80 other agencies including the RSPCA, Victorian Institute of Education, Taxi Services Commission, and Hunter Region Illegal Dumping Squad.

Reflecting the Morrison government’s pro-surveillance posture, Home Affairs Minister Peter Dutton has argued that the broad powers are needed to help stop terrorist activity – but Law Council of Australia president Pauline Wright believes the proposed changes suggest that the PJCIS committee members are unconvinced about the current scheme’s “proportionality”.

“It is clear that the mandatory data retention scheme as currently [written] has the potential to intrude on the privacy of all Australians, not just suspected criminals or people of national security interest,” Wright said after the report’s release.

As one of the bodies that the PJCIS mandated Home Affairs consult with in its review of the legislation, she added, the Law Council of Australia is “ready and willing to assist”.

Telecommunications industry body Communications Alliance also threw its weight behind the proposal to close what CEO John Stanton called a “dangerous loophole”.

Closing that loophole, “under which Australians can have their personal data exposed without their knowledge and without a warrant as part of investigations into crimes such as littering, is a vital security ‘fix’ that the Government must act on,” Stanton said, welcoming the “rational, evidence-based and bipartisan recommendations”.

Legal and privacy advocates have for years expressed concerns about just the sort of overreach that has been observed in the legislation’s first few years.

The current laws “go further than any other democracy in the world,” Human Rights Law Centre senior lawyer Alice Drury said in welcoming the PJCIS recommendations – which, she said, reinforced the case for a formal Australian Charter of Human Rights and Freedoms.

“In a democracy, we should be able to go about our lives without government agencies secretly scooping up details of where we’ve been, who we’ve spoken to and the text messages we’ve sent... experience from around the world tells us that we need really comprehensive oversight mechanisms.”