Australian law enforcement overstep data retention regulations
Following a recent audit into the compliance of Australian law enforcement agencies, it was discovered that Australian police were unlawfully provided with metadata and web browser histories of people under investigation.
Despite the mandatory data retention regime opening the door to user data, the legislation strictly prohibits forcing telecommunications companies to store web browsing data of its users. Accordingly, it came as a shock when Australian police had access to such data. The issue with metadata has been the subject of debate since early 2014, where the former attorney general failed to define what fell under the scope of metadata. This opaque meaning resulted in law enforcement agencies over-accessing data without proper authorisation.
The Commonwealth Ombudsman, Michael Manthorpe, has recently highlighted the “greyness” with this regime in his annual report. In this report, the Ombudsman investigated the Australian Criminal Intelligence Commission, the Australian Federal Police, the Australian Securities and Investments Commissions, the Department of Home Affairs, various State police forces and more. This report detailed that Australian law enforcement was provided with data 295,691 times between 2018-2019. Not only was most of this data unlawfully accessed but several agencies failed to appropriately deal with the data after use. Overall, the Ombudsman made numerous recommendations of varying scrutiny against the agencies and intends to monitor them going into the future to confirm compliance.
Due to the weight of metadata, this may prove to be an increasing problem for Australian people. Web browsing history and searches can paint a vivid picture of a person and should be considered an incredibly intrusive act when not done through the proper channels. It is apparent that a concrete definition of the term “metadata” is required and that law enforcement agencies, as well as telecommunication companies, should be held to a stricter standard when dealing with personal user data. It will be interesting to see how the results differ following the Ombudsman’s next inspection at the end of this financial year.
For the full reading of the article see here.