Just over a year ago, in the very early stages of the march towards mandatory data retention in Australia, Attorney-General George Brandis pointed to the United Kingdom’s rushed emergency legislation forcing telecommunications providers to retain so-called metadata for access by government agencies. Unfortunately for Brandis, his UK shining example has been found to be not exactly legal.

“I might point out to you as recently as yesterday, the House of Commons passed a new data retention statute. This is very much the way in which Western nations are going,” Brandis said at the time.

The Data Retention and Investigatory Powers Act 2014 was rushed through UK Parliament after a ruling by the European Court of Justice that the EU directive forcing data retention for between six months and two years was invalid because requiring the retention of the data directly interfered with fundamental rights.

Labour MP Tom Watson and Conservative MP David Davis challenged the UK’s data retention scheme, and last week the UK High Court ruled that the legislation was inconsistent with European law — in particular, the European law the legislation was designed to override.

The court found that the legislation did not restrict access to the retained data just for the purpose of preventing and detecting precisely defined serious offences or for conducting criminal prosecutions relating to such offences. Also, agencies accessing the data did not need approval from a court or independent administrative body.

The decision is likely to be appealed, and in an acknowledgement that the last attempt at the legislation was rushed, the court has agreed to not stop the enforcement of the invalid legislation until the end of March in 2016.

As legal expert Leanne O’Donnell notes, the legislation now joins several others across Europe as being ruled unconstitutional or invalid by courts in their local country.

Australia doesn’t enjoy the privacy protections in place in the European Union. The Australian data retention legislation passed in March, which forces telecommunications companies to retain customer data for two years, does not limit access strictly to criminal investigations, meaning data can be accessed for a wide variety of purposes, not just in fighting terrorism and organised crime.

The government did restrict the number of agencies that can access that data, but more agencies can be added as time goes on. Just months after passing the original law, the government sneakily added the newly created Border Force agency onto the list.

The only judicial oversight into agency access to metadata is the so-called journalist warrant added in at the last minute in order to secure Labor’s support for the legislation. Recently, however, it was revealed the telcos that are ordered to hand over a journalist’s data to law enforcement agencies for the purpose of investigating a leak have no way of knowing whether a warrant has been obtained in advance by that agency.

A spokesperson for Brandis has not provided a response to a question on whether he still believes that data retention is “the way in which Western nations are going”.

Get Crikey for $1 a week.

Lockdowns are over and BBQs are back! At last, we get to talk to people in real life. But conversation topics outside COVID are so thin on the ground.

Join Crikey and we’ll give you something to talk about. Get your first 12 weeks for $12 to get stories, analysis and BBQ stoppers you won’t see anywhere else.

Peter Fray
Peter Fray
Editor-in-chief of Crikey
12 weeks for just $12.