A Senate inquiry into online privacy protections has called on the Federal Government to justify its data retention proposal, include an “extensive” cost-benefit analysis and wide stakeholder consultation.
It has also recommended providing greater powers to the Australian Privacy Commissioner to act against potential privacy breaches.
The inquiry, established at the request of Greens senator Scott Ludlam in June last year, covered a wide gamut of potential privacy issues including potential privacy breaches by advertisers, private companies as well as governments through initiatives such as an extension of the data retention regime proposed by the Attorney-General’s department.
The latter proposal’s goals would be partially achieved when Australia accedes to the Council of Europe Convention on Cybercrime, mandating internet service providers retain data for up to three months.
However, the Attorney-General’s department has also signalled a fuller expansion of the data retention regime, with close-door meetings held with industry last year sketching out a potential mandate to extend the scope of data retained.
In reporting the results of the Senate inquiry (PDF), the committee on environment and communications urged caution in implementing a fully expanded data retention regime, but stopped short of supporting or arguing against the regime proposal.
Instead, it recommended the government justify the need for the data by law enforcement authorities and submit to “appropriate accountability and monitoring mechanisms”.
Inquiry chair, Liberal senator Mary Jo Fisher, told Computerworld Australia that law enforcement authorities would be required to show they didn’t simply want the information because it was available.
“We are trying to apply offline thinking to solving online problems, and it just doesn’t work,” she said.
“The flipside is the enforcement agencies are trying to get from the online world even more than they can get from the offline world. It seems at odds with itself.”
Senator Ludlam said he was pleased the committee had unanimously raised a “red flag” to the government on potential issues of the proposal, which Australian Privacy Commissioner Timothy Pilgrim admitted during hearings could breach established privacy principles.
“We already have data that is retained that law enforcement agencies have the ability to access,” Ludlam said. “The problem that I’ve got with the proposal as it sounds is that it’s potentially very open to being abused and that material being released.”
The proposal, if implemented, could cost ISPs millions to implement. Though the inquiry noted the potential cost to service providers, neither Ludlam nor Fisher completely recommended subsidisation of those costs by government.
“There might be some other benefit to ISPs that you realise,” Senator Fisher said. “An unacceptable scenario would be to impose a huge burden on ISPs that was going to cost lots of money for no gain by the enforcers in being able to increase the security of the general public.”
Ludlam said “severe push-back” from industry on the topic would likely prevent the government from imposing heavy costs on industry as a result of the proposal, but that the sketchy details of the proposal prevented further investigation of the issue.
“Certain members of the industry are the only ones who have a clear idea of what’s been proposed because they’re the ones who have been in the confidential briefings,” he said. “I’ll leave it to the industry to make their views known.”
In dealing with other issues under its terms of reference, the committee also recommended greater investigation privacy consent forms, and providing Australians with the ability to legally move against individual privacy breaches.
Follow James Hutchinson on Twitter: @j_hutch
Follow Computerworld Australia on Twitter: @ComputerworldAU