Back in 2015 the Australian parliament introduced the data retention scheme under the Telecommunications (Interception and Access). As a result, telcos have to keep specific data from its customers for at least two years. Unsurprisingly, this is quite expensive. Here’s how much complying with data retention laws has cost over the past five years.
And what is the Data Retention Scheme?
Brought into effect on October 13 2015, the government’s metadata retention laws forces telcos to retain that data for at least two years. That metadata could include things like phone call numbers, length and locations, IP addresses, email addresses and much more.
The purpose of this is for domestic law enforcement agencies (such as the Federal Police, ICAC and ASIC) to gain access to it if necessary.
Originally only 21 agencies would be able to request access to this data, This number has ballooned to over 100 over the course of five years thanks to loopholes in the legislation. As we reported last year, local councils and even the RSPCA have managed to gain access to metadata to go after minor crimes.
An FOI request from last year revealed that minister for Home Affairs, Peter Dutton, had been in talks with even more agencies that wanted to access this data. This included NSW Fair Trading, the Queensland Office of Fair Trading and Consumer Affairs Victoria. The ATO also requests access back in 2019.
A senate hearing in 2020 also revealed that more metadata information than originally allowed is handed over to law enforcement agencies. For example, data that would give away the content of a website that was being browsed due to the inclusion of the URL.
This is due to “ambiguities” in the law.
“The piece of ambiguity we have observed through our inspections is that sometimes the metadata in the way that it is captured, particularly URL data and sometimes IP address, but particularly URL data, does start to actually, in its granularity, communicate something about the content of what is being looked at,” Commonwealth Ombudsman Michael Manthorpe told the committee at the time.
While the Data Retention Scheme has been a controversial and much-talked about law over the past few years, it’s also a costly one.
The cost
In December 2020, the Australian Communications and Media Authority (ACMA) published a report monitoring the performance of telecommunications law enforcement and national security obligations.
Part of this report included the overall cost of telcos complying with data retention obligations. It also included the subsequent costs recovered from criminal law enforcement agencies off the back of this compliance.
Since the data retention scheme was first implemented in October 2015, the cost has bounced around.
The 2015-16 financial year saw a data retention compliance cost across the industry of almost $44.5 million. 2017-18 was $35.3 million, which dramatically dropped to around 17.5 million in 2018-19.
The biggest jump was the 2016-17 financial year, which saw a whopping $119.8 million in compliance costs. But there’s an explanation for this.
The TIA act allowed telcos to roll out its compliance measures and obligations over a two year period. This meant that the vast majority of set up costs happened across the 2016-17 financial year.
Comparatively, the costs recovered as an alleged result of the data retention is significantly lower.
ACMA also disclosed in the report that the Department of Home Affairs didn’t refer any telcos to the organisation for failure to comply with the obligations across the 2019-29 financial year.