Australian senate slaps data retention proposals

An Australian Senate Committee has raised concerns about the government’s plans to implement a data retention regime (which would be required should this country endorse the European Convention on Cybercrime).

The Environment and Communications and References Committee’s report, The adequacy of protections for the privacy of Australians online, has asked that the government “justify the collection and retention of personal data by demonstrating the necessity of that data to law enforcement agencies”.

Indicating, perhaps, the presence of Liberal Party members on the committee, the report asks for a cost-benefit analysis of the data retention proposals, and more pertinently says the government should both quantify and justify the likely compliance expenses to ISPs.

Australians, the report says, should also be assured of the accountability and monitoring mechanisms that would surround a data retention regime.

The committee’s recommendations went far beyond the data retention regime, however. It has also recommended overhauls to several aspects of Australia’s privacy regime, including:

* Revisiting small business exemptions that currently exist, on the basis that even small businesses can hold large databases of personal information; * Ensuring the protection of personal data if it’s transferred overseas; * The creation of a “do not track” model for privacy protection.

The committee has also noticed the loophole that allows data to be collected from Australians by overseas companies, without protection. It says the Privacy Act should be amended so that data collected from Australians, even from overseas companies, be covered by the same protections that would apply if the data was collected by an Australian company.