The Australian telco industry has called for the government to exercise “regulatory restraint” as its mandatory data retention scheme compliance comes into effect.
The Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015, which was passed by Parliament in March 2015, imposes a deadline for Australian telecommunications and internet service providers (ISPs) to fully comply with the legislation by 13 April.
Telecommunications providers were given up to 18 months to comply with the new legislation, which came into effect in October 2015.
The new laws stipulate that Australian telcos and ISPs are required by law to store users’ non-content telecommunications data (metadata), such as email addresses, phone numbers, the date and time of communications, and the duration of phone calls, for a minimum period of two years.
However, the complexity of the compliance task involved, combined with "lengthy delays" by the Federal Government in distributing grants to subsidise the cost of new systems, has left some service providers facing challenges in meeting the deadline, according to telco industry body, the Communications Alliance.
“The resulting timeframe put many service providers under immense pressure to complete the work to enable them to comply with this onerous regime within the deadline,” Communications Alliance CEO, John Stanton, said.
“The Government should acknowledge that these delays have made timely compliance more difficult to achieve.
“The Attorney-General should publicly commit that no action will be taken post-deadline, against any service provider that is genuinely working to comply with the regime, but has been disadvantaged by the slow pace of decision-making,” he said.
The calls for the government to give service providers some leeway in relation to the compliance deadline comes after the government handed out $128.4 million of public funding to 180 ISPs around the country to help out with the costs associated with the mandatory data retention scheme.
Of the handout recipients, Optus was allocated $14.8 million, Vodafone Hutchison Australia received more than $28.8 million, M2 Group got $1.6 million, TPG Internet was granted $1.4 million and Telstra was given $39.9 million.
According to the Communications Alliance, however, the apportionment of the millions of dollars in funding to industry players under the Data Retention Industry Grants Program (DRIGP) was not finalised until September 2016, 18 months after the ligislation was passed, giving telcos little time to prepare themselves, despite receiving financial assistance.
Stanton said service providers subsequently faced additional delays while completing grant agreements, before receiving funds, and suggests that the government should do more to work with telcos to help bring them up to compliance.
“Government should focus in the short-term on a cooperative approach to helping service providers meet their compliance obligation, rather than purely on enforcement,” Stanton said.
“This should extend also to the Office of the Australian Information Commissioner (the ‘Privacy Commissioner’) which will be monitoring compliance with the Australian Privacy Principles."
The data retention legislation, aimed at ensuring the country’s security and law enforcement agencies continue to have lawful access to data, has been touted by the government as a necessary tool for Australia’s security and law enforcement agencies.
However, it met with staunch opposition by some members of parliament.
Greens Senator, Scott Ludlam, was one of the legislation’s most vocal opponents. He not only raised privacy concerns relating to the regime, but has also outlined the ease with which it could theoretically be circumvented.
"While implementation is both complex and costly to taxpayers and ISPs, the scheme is almost trivially easy to bypass for anyone motivated to do so,” Ludlam said when the laws were passed.