George Brandis (Queensland, Liberal Party, Attorney-General) Share this | Hansard source

Thank you, Senator Muir, for your advance notice of this question. I appreciate your customary courtesy, and I have some information for you. I need to make it clear, Senator, that the bill to which you refer does not propose to limit the retention of metadata by telecommunication service providers. What it proposes to do is to mandate it. The creation of metadata is a natural by-product of communications being made on networks, and service providers have technical reasons why they need to retain metadata, but they also have regulatory obligations.

Let me give you an example, because this is essentially about business records. Under the tax act, companies are obliged to retain their business records for tax purposes for five years, so telecommunications providers have, until now, had the practice of retaining their data for an unspecified period, and this bill will mandate an obligation, akin to that in the tax act, that they retain it for two years. The purpose of the bill is to establish that two-year period as a common minimum standard, but it is not a maximum standard. They may elect to retain the data for longer. The bill only applies to a closely defined subset of metadata which is set out in the bill: the metadata that is of most utility to agencies who protect the safety and human rights of the Australian community.

The recent bipartisan report of the Parliamentary Joint Committee on Intelligence and Security concluded that a two-year retention period was necessary and appropriate. I might say that this issue has been looked at in two consecutive parliaments by that committee, and on both occasions it arrived on a bipartisan basis at that conclusion.

The Privacy Act will continue to require the personal information that is no longer—