Im März 2015 hat das aus­tra­li­sche Par­la­ment dem Ent­wurf für ein sehr weit­rei­chen­des Gesetz zur Vor­rats­da­ten­spei­che­rung (VDS) zuge­stimmt. Das TELECOMMUNICATIONS (INTERCEPTION AND ACCESS) AMENDMENT (DATA RETENTION) BILL 2014 bringt eine deut­lich wei­ter­ge­hen­de Pflicht zur Spei­che­rung von Benut­zer­da­ten, als die bei uns in Deutsch­land aktu­ell dis­ku­tier­te VDS. Den­noch ent­hält das Gesetz einen Aspekt, des­sen Über­nah­me – bei aller grund­sätz­li­chen Kri­tik – auch unse­rem Gesetz­ge­ber in der par­la­men­ta­ri­schen Bera­tung zu raten wäre:

In der aus­tra­li­schen Fas­sung einer VDS wird näm­lich der ACMA, der „Aus­tra­lia Media and Com­mu­ni­ca­ti­ons Aut­ho­ri­ty“, also der zustän­di­gen Regu­lie­rungs­be­hör­de (ver­gleich­bar unse­rer BNetzA), die Mög­lich­keit eröff­net, bestimm­te Ser­vices bzw. Anbie­ter­grup­pen von der Über­wa­chungs­pflicht zu befrei­en, um dem Gebot der Ver­hält­nis­mä­ßig­keit und Daten­spar­sam­keit indi­vi­du­ell ange­mes­sen Rech­nung tra­gen zu kön­nen. Ein Com­mu­ni­ca­ti­ons Access Coor­di­na­tor (CAC) der beim Gene­ral­staats­an­walt ange­sie­delt ist, ist zudem als koor­di­nie­ren­de Bin­de­glied zwi­schen Ermitt­lungs­be­hör­den und ver­pflich­te­ten Unter­neh­men u.a. dafür zustän­dig, die kon­kre­ten Aus­nah­men näher zu defi­nie­ren.

Beim aktu­el­len Ent­wurf für eine VDS in Deutsch­land sol­len dage­gen alle Unter­neh­men, auch kleins­te Ein-Mann- Pro­vi­der, in unver­hält­nis­mä­ßi­ger Wei­se mit Auf­wand und Kos­ten belas­tet, obwohl der Gesetz­ent­wurf selbst zu dem Schluss kommt, dass 98% aller Daten­ver­keh­re bei nur 20 Unter­neh­men anfal­len und für alle ande­ren Anbie­ter die Belas­tung eine unbil­li­ge Här­te dar­stel­len wür­den. In Aus­nah­me­fäl­len soll dafür zwar eine Ent­schä­di­gung gewährt wer­den, doch wird damit die eigent­lich unver­hält­nis­mä­ßi­ge Belas­tung nicht ver­mie­den, wie es auch das Prin­zip der Daten­spar­sam­keit im Inter­es­se der betrof­fe­nen Bür­ger eigent­lich gebie­ten wür­de. Eine Mar­gi­nal­gren­ze, wie Sie bereits in der Tele­kom­mu­ni­ka­ti­ons­über­wa­chung (TKÜV) bei 10.000 Teil­neh­mern gezo­gen ist, ist bis­lang auch nicht vor­ge­se­hen. Die­ses ist im Rah­men der par­la­men­ta­ri­schen Bera­tun­gen drin­gend nach­zu­ho­len.

Eine noch bes­se­re Mög­lich­keit zur Siche­rung der Ver­hält­nis­mä­ßig­keit wäre es aber, nach dem Vor­bild Aus­tra­li­ens der BNetzA die Mög­lich­keit zu geben, im Beneh­men mit den Ermitt­lungs­be­hör­den sol­che Unter­neh­men und Ser­vices von der Ver­pflich­tung aus­neh­men zu kön­nen, bei denen sich kei­ne oder nur sehr unwahr­schein­lich über­haupt rele­van­te Ermitt­lungs­an­sät­ze durch eine VDS erge­ben kön­nen.

 


Die rele­van­ten Rege­lun­gen der Aus­tra­li­er sind daher hier doku­men­tiert, die wich­tigs­ten Stel­len in Fett her­vor­ge­ho­ben:

Divi­si­on 3—Exemptions

187K The Com­mu­ni­ca­ti­ons Access Co-ordi­na­tor may grant exemp­ti­ons or varia­ti­ons Decisi­on to exempt or vary

(1) The Com­mu­ni­ca­ti­ons Access Co-ordi­na­tor may:
(a) exempt a spe­ci­fied ser­vice pro­vi­der from the obli­ga­ti­ons impo­sed on the ser­vice pro­vi­der under this Part, eit­her gene­ral­ly or in so far as they rela­te to a spe­ci­fied kind of rele­vant ser­vice; or
(b) vary the obli­ga­ti­ons impo­sed on a spe­ci­fied ser­vice pro­vi­der under this Part, eit­her gene­ral­ly or in so far as they rela­te to a spe­ci­fied kind of rele­vant ser­vice; or
© vary, in rela­ti­on to a spe­ci­fied ser­vice pro­vi­der, a peri­od spe­ci­fied in sec­tion 187C, eit­her gene­ral­ly or in rela­ti­on to infor­ma­ti­on or docu­ments that rela­te to a spe­ci­fied kind of rele­vant ser­vice.
A varia­ti­on must not impo­se obli­ga­ti­ons that would exceed the obli­ga­ti­ons to which a ser­vice pro­vi­der would other­wi­se be sub­ject under sec­tions 187A and 187C.
(2) The decisi­on must be in wri­ting.
(3) The decisi­on may be:
(a) uncon­di­tio­nal; or
(b) sub­ject to such con­di­ti­ons as are spe­ci­fied in the decisi­on.
(4) A decisi­on made under sub­sec­tion (1) is not a legis­la­ti­ve instru­ment. Effect of app­ly­ing for exemp­ti­on or varia­ti­on
(5) If a ser­vice pro­vi­der app­lies in wri­ting to the Com­mu­ni­ca­ti­ons Access Co-ordi­na­tor for a par­ti­cu­lar decisi­on under sub­sec­tion (1) rela­ting to the ser­vice pro­vi­der:
(a) the Co-ordi­na­tor:
(i) must give a copy of the app­li­ca­ti­on to the enforce­ment agen­ci­es and secu­ri­ty aut­ho­ri­ties that, in the opi­ni­on of the Co-ordi­na­tor, are likely to be inte­rested in the app­li­ca­ti­on; and
(ii) may give a copy of the app­li­ca­ti­on to the ACMA; and
(b) if the Co-ordi­na­tor does not, wit­hin 60 days after the day the Co-ordi­na­tor recei­ves the app­li­ca­ti­on:
(i) make a decisi­on on the app­li­ca­ti­on, and
(ii) com­mu­ni­ca­te to the app­li­cant the decisi­on on the app­li­ca­ti­on; the Co-ordi­na­tor is taken, at the end of that peri­od of 60 days, to have made the decisi­on that the ser­vice pro­vi­der app­lied for.
(6) A decisi­on that is taken under para­graph
(5)(b) to have been made in rela­ti­on to a ser­vice pro­vi­der that app­lied for the decisi­on has effect only until the Com­mu­ni­ca­ti­ons Access Co ordi­na­tor makes, and com­mu­ni­ca­tes to the ser­vice pro­vi­der, a decisi­on on the app­li­ca­ti­on. Mat­ters to be taken into account
(7) Befo­re making a decisi­on under sub­sec­tion (1) in rela­ti­on to a ser­vice pro­vi­der, the Com­mu­ni­ca­ti­ons Access Co-ordi­na­tor must take into account:
(a) the inte­rests of law enforce­ment and natio­nal secu­ri­ty; and
(b) the objec­ts of the Telecom­mu­ni­ca­ti­ons Act 1997; and
© the ser­vice provider’s histo­ry of com­pli­an­ce with this Part; and
(d) the ser­vice provider’s costs, or anti­ci­pa­ted costs, of com­ply­ing with this Part; and
(e) any alter­na­ti­ve data reten­ti­on or infor­ma­ti­on secu­ri­ty arran­ge­ments that the ser­vice pro­vi­der has iden­ti­fied.
(8) The Com­mu­ni­ca­ti­ons Access Co-ordi­na­tor may take into account any other mat­ter he or she con­si­ders rele­vant.

187KA Review of exemp­ti­on or varia­ti­on decisi­ons

(1) A ser­vice pro­vi­der may app­ly in wri­ting to the ACMA for review of a decisi­on under sub­sec­tion 187K(1) rela­ting to the ser­vice pro­vi­der.
(2) The ACMA must:
(a) con­firm the decisi­on; or
(b) sub­sti­tu­te for that decisi­on ano­t­her decisi­on that could have been made under sub­sec­tion 187K(1). A sub­sti­tu­ted decisi­on under para­graph (b) has effect (other than for the pur­po­ses of this sec­tion) as if it were a decisi­on of the Com­mu­ni­ca­ti­ons Access Co ordi­na­tor under sub­sec­tion 187K(1).
(3) Befo­re con­si­de­ring its review of the decisi­on under sub­sec­tion 187K(1), the ACMA must give a copy of the app­li­ca­ti­on to:
(a) the Com­mu­ni­ca­ti­ons Access Co-ordi­na­tor; and
(b) any enforce­ment agen­ci­es and secu­ri­ty aut­ho­ri­ties that were given, under sub­pa­ra­graph 187K(5)(a)(i), a copy of the app­li­ca­ti­on for the decisi­on under review; and
© any other enforce­ment agen­ci­es and secu­ri­ty aut­ho­ri­ties that, in the opi­ni­on of the ACMA, are likely to be inte­rested in the app­li­ca­ti­on. Mat­ters to be taken into account
(4) Befo­re making a decisi­on under sub­sec­tion (2) in rela­ti­on to a ser­vice pro­vi­der, the ACMA must take into account:
(a) the inte­rests of law enforce­ment and natio­nal secu­ri­ty; and
(b) the objec­ts of the Telecom­mu­ni­ca­ti­ons Act 1997; and
© the ser­vice provider’s histo­ry of com­pli­an­ce with this Part; and
(d) the ser­vice provider’s costs, or anti­ci­pa­ted costs, of com­ply­ing with this Part; and
(e) any alter­na­ti­ve data reten­ti­on or infor­ma­ti­on secu­ri­ty arran­ge­ments that the ser­vice pro­vi­der has iden­ti­fied.
(5) The ACMA may take into account any other mat­ter it con­si­ders rele­vant.

Dazu heißt es erläuternd im Gesetz : 

Divi­si­on 3 of Part 5–1A—Exemptions

Sec­tion 187K—The Com­mu­ni­ca­ti­ons Access Co-ordi­na­tor may grant exemp­ti­ons or varia­ti­ons

1. Sec­tion 187K pro­vi­des that the CAC may exempt a ser­vice pro­vi­der from the man­dato­ry data reten­ti­on and infor­ma­ti­on secu­ri­ty obli­ga­ti­ons impo­sed on the ser­vice pro­vi­der under Part 5–1A of the TIA Act, or vary the obli­ga­ti­ons that the ser­vice pro vider is sub­ject to. The CAC may grant this exemp­ti­on or varia­ti­on on his or her own voli­ti­on or on app­li­ca­ti­on by a ser­vice pro­vi­der.
2. This exemp­ti­on and varia­ti­on sche­me is inten­ded to per­mit exemp­ti­ons or varia­ti­ons to be gran­ted in a ran­ge of cir­cum­s­tan­ces, inclu­ding whe­re impo­sing data reten­ti­on obli­ga­ti­ons for a par­ti­cu­lar rele­vant ser­vice would be of limi­ted uti­li­ty for law enforce­ment and natio­nal secu­ri­ty pur­po­ses.
3. The sche­me pro­vi­ded by this sec­tion is model­led on exis­ting sec­tions 192 and 193 of the TIA Act, which pro­vi­de that the CAC or the ACMA may grant exemp­ti­ons in rela­ti­on to the inter­cep­ti­on capa­bi­li­ty obli­ga­ti­ons of ser­vice pro­vi­ders.
4. Sub­sec­tion 187K(1) pro­vi­des that the CAC may make a deter­mi­na­ti­on in rela­ti­on to a spe­ci­fied ser­vice pro­vi­der that:
• remo­ves or varies any or all of the man­dato­ry data reten­ti­on or infor­ma­ti­on secu­ri­ty obli­ga­ti­ons
• remo­ves or varies any or all of the man­dato­ry data reten­ti­on or infor­ma­ti­on secu­ri­ty obli­ga­ti­ons impo­sed on the ser­vice pro­vi­der under Part 5–1A for a par­ti­cu­lar kind of rele­vant ser­vice, or
• redu­ces the data reten­ti­on peri­od or the extent of the infor­ma­ti­on secu­ri­ty obli­ga­ti­ons, eit­her gene­ral­ly or in rela­ti­on to data that rela­tes to a par­ti­cu­lar kind of rele­vant ser­vice.
5. A varia­ti­on must not, howe­ver, impo­se obli­ga­ti­ons that would exceed the obli­ga­ti­ons to which a ser­vice pro­vi­der would other­wi­se be sub­ject to under sec­tions 187A, 187BA and 187C.
6. The decisi­on of the CAC may be expres­sed broad­ly. In making a deter­mi­na­ti­on, the CAC may spe­ci­fy ser­vice pro­vi­ders in any way, for examp­le by refe­rence to a class of ser­vice pro­vi­ders, and is not requi­red to refer spe­ci­fi­cal­ly to indi­vi­du­al ser­vice pro­vi­ders. For examp­le, the CAC may spe­ci­fy that any ser­vice pro­vi­der that pro­vi­des Inter­net Pro­to­col tele­vi­si­on (IPTV) ser­vices is not requi­red to retain any data in rela­ti­on to its IPTV ser­vice. Simi­lar­ly, an exemp­ti­on or varia­ti­on may be expres­sed to app­ly to a class of obli­ga­ti­ons.
7. Sub­sec­tion 187K(1) ensu­res that deter­mi­na­ti­ons can be pro­per­ly nuan­ced by ves­ting the CAC with the abi­li­ty to ela­bo­ra­te, eit­her to par­ti­cu­lar ser­vice pro­vi­ders or gene­ral­ly, how the data reten­ti­on obli­ga­ti­ons intro­du­ced by Part 5 1A should app­ly to par­ti­cu­lar tech­no­lo­gies. For examp­le, a deter­mi­na­ti­on could exempt the reten­ti­on of spe­ci­fic infor­ma­ti­on rela­ting to satel­li­te or mobi­le inter­net ser­vices. Tho­se ser­vices crea­te dif­fe­rent types of data, the­re­fo­re it is appro­pria­te to have a method of pro­vi­ding grea­ter cer­tain­ty to ser­vice pro­vi­ders about how high-level obli­ga­ti­ons app­ly to diver­se tech­no­lo­gies.
8. The data reten­ti­on obli­ga­ti­ons under Part 5–1A may cover ser­vices that are of limi­ted or no rele­van­ce to law enforce­ment or natio­nal secu­ri­ty.The­se could inclu­de ser­vices rela­ting to IPTV, con­tent on demand, the lea­sing of dark fib­re and machi­ne-to-machi­ne com­mu­ni­ca­ti­ons. Sub­sec­tion 187K(1) reco­gnises that, in cer­tain instan­ces, a ser­vice pro­vi­der may not achie­ve com­ple­te tech­ni­cal com­pli­an­ce in rela­ti­on to a par­ti­cu­lar ser­vice or some aspect of that ser­vice, or that the non-com­pli­an­ce has limi­ted impli­ca­ti­ons for law enforce­ment or natio­nal secu­ri­ty agen­ci­es.
9. The decisi­on of the CAC to grant an exemp­ti­on or varia­ti­on is not reviewa­ble under the Admi­nis­tra­ti­ve Decisi­ons (Judi­ci­al Review) Act 1977 (the ADJR Act) as decisi­ons under the TIA Act are not decisi­ons to which the ADJR Act app­lies (see para­graph (d) of Sche­du­le 1 to the ADJR Act). The exclu­si­on of the­se decisi­ons from the ADJR Act does not pre­vent decisi­ons made under the TIA Act from being judi­ci­al­ly reviewa­ble under para­graph 75(v) of the Con­sti­tu­ti­on and sec­tion 39B of the Judi­cia­ry Act 1901 (Cth).
10. Sub­sec­tion 187K(2) pro­vi­des that the CAC’s decisi­on must be in wri­ting.
11. Sub­sec­tion 187K(3) pro­vi­des that the CAC’s decisi­on may be uncon­di­tio­nal, or sub­ject to such con­di­ti­ons as spe­ci­fied in the decisi­on. Such con­di­ti­ons may inclu­de limits on the time for which the exemp­ti­on or varia­ti­on app­lies, limits on the num­bers of custo­mers or the geo­gra­phic scope of a par­ti­cu­lar type of ser­vice, or requi­re­ments for ongo­ing con­sul­ta­ti­ons with agen­ci­es.
12. Sub­sec­tion 187K(4) pro­vi­des that a decisi­on made by the CAC under sub­sec­tion 187K(1) is not a legis­la­ti­ve instru­ment. Sub­sec­tion 187K(4) has been inclu­ded to assist readers, as the instru­ment is not a legis­la­ti­ve instru­ment wit­hin the mea­ning of sec­tion 5 of the Legis­la­ti­ve Instru­ments Act 2003.
13. Para­graph 187K(5)(a) pro­vi­des that whe­re a ser­vice pro­vi­der app­lies in wri­ting for a par­ti­cu­lar decisi­on, the CAC must give a copy of the app­li­ca­ti­on to affec­ted enforce­ment agen­ci­es or secu­ri­ty agen­ci­es and may give a copy to the ACMA. Whe­re the requested exemp­ti­on has an impact on the inves­ti­ga­ti­ve capa­bi­li­ties or regu­lato­ry func­tions of an agen­cy, it is appro­pria­te that the CAC con­sults with that agen­cy.
14. Para­graph 187K(5)(b) pro­vi­des that if the CAC does not respond to a ser­vice provider’s app­li­ca­ti­on wit­hin 60 days, the decisi­on requested by the ser­vice pro­vi­der is deemed to have been gran­ted to that ser­vice pro­vi­der. This pro­vi­si­on is inten­ded to ensu­re that the CAC resol­ves app­li­ca­ti­ons in a time­ly man­ner and pro­vi­des cer­tain­ty for ser­vice pro­vi­ders as to their legal obli­ga­ti­ons under the TIA Act at any given time.
15. Sub­sec­tion 187K(6) pro­vi­des that the deemed decisi­on under para­graph 187K(5)(b) has effect only until the CAC makes and com­mu­ni­ca­tes to the ser­vice pro­vi­der a decisi­on on the app­li­ca­ti­on. This ensu­res that the deemed exemp­ti­on is only tem­pora­ry.
16. Sub­sec­tion 187K(7) requi­res that, in gran­ting an exemp­ti­on or varia­ti­on, the CAC must take into account the inte­rests of law enforce­ment and natio­nal secu­ri­ty, which can inclu­de the rele­van­ce to law enforce­ment or natio­nal secu­ri­ty of the ser­vices for which an exemp­ti­on or varia­ti­on is being sought.
17. The CAC must also take into account the objec­ts of the Telecom­mu­ni­ca­ti­ons Act 1997,[1] the main object of which is to pro­vi­de a regu­lato­ry frame­work that pro­mo­tes:
• the long-term inte­rests of users of telecom­mu­ni­ca­ti­ons ser­vices,
• the effi­ci­en­cy and inter­na­tio­nal com­pe­ti­tiveness of the Aus­tra­li­an telecom­mu­ni­ca­ti­ons indus­try, and
• the avai­la­bi­li­ty of acces­si­ble and afford­a­ble car­ria­ge ser­vices that enhan­ce the wel­fa­re of Aus­tra­li­ans.
18. The CAC must also take into account the ser­vice provider’s histo­ry of com­pli­an­ce with Part 5–1A of the TIA Act, the ser­vice provider’s costs, or anti­ci­pa­ted costs, of com­ply­ing with data reten­ti­on obli­ga­ti­ons under Part 5–1A, and any alter­na­ti­ve data reten­ti­on or infor­ma­ti­on secu­ri­ty arran­ge­ments that the ser­vice pro­vi­der has iden­ti­fied. Such alter­na­ti­ve data reten­ti­on and secu­ri­ty arran­ge­ments could be for­ma­li­sed as part of an exemp­ti­on or varia­ti­on gran­ted by the CAC. Ser­vice pro­vi­ders are in a uni­que posi­ti­on to draw to the CAC’s atten­ti­on spe­ci­fic cost impli­ca­ti­ons, and to sug­gest alter­na­ti­ve com­pli­an­ce arran­ge­ments in sup­port of any exemp­ti­on app­li­ca­ti­on.
19. Sub­sec­tion 187K(8) enab­les the CAC to take into account any other rele­vant mat­ter when deci­ding whe­ther or not to grant an exemp­ti­on or varia­ti­on, which might inclu­de rele­vant tech­no­lo­gi­cal or indus­try fac­tors such as:
• the size, mar­ket sha­re and natio­nal secu­ri­ty and law enforce­ment risk pro­fi­le of the ser­vice pro­vi­der

• the degree to which an exemp­ti­on would effec­tively miti­ga­te costs and mini­mi­se impac­ts on the ser­vice provider’s cash flow, and
• the pre-exis­ting busi­ness plans of the ser­vice pro­vi­der.

20. Pur­suant to sec­tion 33(3) of the Acts Inter­pre­ta­ti­on Act 1901, the power to make or grant an instru­ment of admi­nis­tra­ti­ve cha­rac­ter, such as an exemp­ti­on or varia­ti­on under sub­sec­tion 187K, is to be taken as inclu­ding a power to repeal, rescind, revo­ke, amend or vary any such instru­ment. This power is to be exer­cis­ed in the same man­ner and sub­ject to the same con­di­ti­ons (if any) that app­lied to the making or gran­ting of the instru­ment.
21. The CAC may seek to exer­ci­se the power to repeal or revo­ke an exemp­ti­on or varia­ti­on in a ran­ge of cir­cum­s­tan­ces, inclu­ding whe­re an exemp­ti­on (that has been gran­ted on the expec­ta­ti­on that it will remain con­fi­den­ti­al) beco­mes known publicly, to a class of per­sons, or to a spe­ci­fic indi­vi­du­al in cir­cum­s­tan­ces whe­re that dis­clo­sure would have a detri­men­tal impact on the inte­rests of law enforce­ment and natio­nal secu­ri­ty. Sec­tion 187KA– Review of exemp­ti­on or varia­ti­on decisi­ons by the ACMA
22. Sec­tion 187KA imple­ments recom­men­da­ti­on 15 of the 2015 PJCIS Report.
23. The ACMA has the abi­li­ty to deter­mi­ne dis­pu­tes in rela­ti­on to app­li­ca­ti­ons for data reten­ti­on imple­men­ta­ti­on plans (inclu­ding app­li­ca­ti­ons for amend­ment). This item pro­vi­des the ACMA with the addi­tio­nal role to deter­mi­ne dis­pu­tes when a ser­vice pro­vi­der has app­lied to the CAC for an exemp­ti­on or varia­ti­on from the data reten­ti­on obli­ga­ti­ons. As such, sec­tion 187KA ensu­res a con­sis­tent approach to dis­pu­tes bet­ween the CAC and ser­vice pro­vi­ders regar­ding the app­li­ca­ti­on of data reten­ti­on obli­ga­ti­ons.

CAC exemp­ti­on regime

24. Divi­si­on 3, Part 5–1A of the TIA Act pro­vi­des a mecha­nism for the CAC to grant an exemp­ti­on to a ser­vice pro­vi­der from some or all of the man­dato­ry data reten­ti­on obli­ga­ti­ons. The sche­me ope­ra­tes in a simi­lar way to the exis­ting exemp­ti­on regime for inter­cep­ti­on capa­bi­li­ty under sec­tion 192 of the TIA Act.
25. Under the data reten­ti­on exemp­ti­on sche­me, a ser­vice pro­vi­der may app­ly to the CAC for an exemp­ti­on and the CAC is requi­red to make a decisi­on on the app­li­ca­ti­on wit­hin a spe­ci­fied peri­od. The exemp­ti­on may also sti­pu­la­te expi­ra­ti­on dates or cir­cum­s­tan­ces wher­e­by the ser­vice pro­vi­der must reap­p­ly for an exemp­ti­on.
26. The CAC exemp­ti­on faci­li­ty indi­rec­t­ly streng­t­hens the right to pri­va­cy of indi­vi­du­al custo­mers in that it pro­vi­des a method of redu­cing data reten­ti­on obli­ga­ti­ons, for examp­le, in cir­cum­s­tan­ces whe­re the volu­me of data to be retai­ned is dis­pro­por­tio­na­te to the inte­rests of law enforce­ment and natio­nal secu­ri­ty.

Right to an effec­tive reme­dy – Arti­cle 2(3) of the ICCPR

27. Arti­cle 2(3) of the ICCPR pro­tec­ts the right to an effec­tive reme­dy for any vio­la­ti­on of rights or free­doms reco­gnis­ed by the ICCPR, inclu­ding the right to have such a reme­dy deter­mi­ned by com­pe­tent judi­ci­al, admi­nis­tra­ti­ve or legis­la­ti­ve aut­ho­ri­ties or by any other com­pe­tent aut­ho­ri­ty pro­vi­ded for by the legal sys­tem of the Sta­te.
28. Sec­tion 187KA allows the CAC to refer dis­pu­tes over app­li­ca­ti­ons for exemp­ti­ons from and varia­ti­ons to data reten­ti­on obli­ga­ti­ons to the Aus­tra­li­an Com­mu­ni­ca­ti­ons Media Aut­ho­ri­ty (the ACMA).
29. Sec­tion 187KA enga­ges and pro­mo­tes the right to an effec­tive reme­dy as it pro­vi­des ser­vice pro­vi­ders with an addi­tio­nal reme­di­al ave­nue for the reso­lu­ti­on of dis­pu­tes by the ACMA in rela­ti­on to exemp­ti­ons or varia­ti­on decisi­ons made by the CAC.
30. The Bill also con­fers on the ACMA a role to arbi­tra­te dis­pu­tes in rela­ti­on to data imple­men­ta­ti­on plans bet­ween the CAC and ser­vice pro­vi­ders and allows a ser­vice pro­vi­der to app­ly to the ACMA for a review of CAC decisi­ons about exemp­ti­ons or varia­ti­ons of reten­ti­on obli­ga­ti­ons app­li­ca­ble to their ser­vices.
31. Pro­vi­ding admi­nis­tra­ti­ve review of CAC decisi­ons, in addi­ti­on to judi­ci­al review[2], advan­ces an applicant’s right to an effec­tive reme­dy.
32. Divi­si­on 3 of Part 5–1A pro­vi­des that the CAC may grant exemp­ti­ons to ser­vice pro­vi­ders for any or all of the obli­ga­ti­ons. The CAC is requi­red to con­si­der both the inte­rests of law enforce­ment and natio­nal secu­ri­ty agen­ci­es, and the objec­ts of the Telecom­mu­ni­ca­ti­ons Act 1997 when deci­ding whe­ther to grant an exemp­ti­on. This allows exemp­ti­ons to be gran­ted whe­re, for examp­le, telecom­mu­ni­ca­ti­ons data rela­ting to the rele­vant ser­vice is likely to be of litt­le or no rele­van­ce to law enforce­ment or natio­nal secu­ri­ty inves­ti­ga­ti­ons, or whe­re the cost of com­ply­ing, eit­her in full or in part, with data reten­ti­on and secu­ri­ty obli­ga­ti­ons in rela­ti­on to the rele­vant ser­vice would be dis­pro­por­tio­na­te­ly high.
33. Divi­si­on 4 of Part 5–1A pro­vi­des that the CAC must tre­at app­li­ca­ti­ons for imple­men­ta­ti­on plans and exemp­ti­ons as con­fi­den­ti­al, as must any per­son to whom the CAC dis­c­lo­ses such app­li­ca­ti­ons. Divi­si­on 4 also pro­vi­des that the con­tra­ven­ti­on of data reten­ti­on obli­ga­ti­ons under Part 5–1A attrac­ts civil pen­al­ties. Fur­ther, Divi­si­on 4 allows the Com­mon­wealth to make a grant of finan­ci­al assi­s­tan­ce to ser­vice pro­vi­ders and pro­vi­des that the Pri­va­cy Act app­lies in rela­ti­on to a ser­vice pro­vi­der to the extent the extent of their data reten­ti­on activi­ties. Divi­si­on 4 also requi­res the Par­li­a­men­ta­ry Joint Com­mit­tee on Intel­li­gence and Secu­ri­ty (the PJCIS) to review the ope­ra­ti­on of the data reten­ti­on regime wit­hin three years of the man­dato­ry data reten­ti­on sche­me being ful­ly imple­men­ted and requi­res the Minis­ter to report annu­al­ly on the ope­ra­ti­on of the data reten­ti­on regime.

34. Under Divi­si­on 2 of Part 5–1A, a ser­vice pro­vi­der may seek appro­val of a data reten­ti­on imple­men­ta­ti­on plan that repla­ces the ser­vice provider’s obli­ga­ti­ons under sec­tion 187BA while the plan is in force. Addi­tio­nal­ly, under Divi­si­on 3 of Part 5–1A a ser­vice pro­vi­der may app­ly for and recei­ve an exemp­ti­on from or varia­ti­on to the ser­vice provider’s obli­ga­ti­ons under sec­tion 187BA. An examp­le of a situa­ti­on in which such an exemp­ti­on or varia­ti­on might be appro­pria­te would be whe­re the cost of encryp­t­ing a lega­cy sys­tem that was not desi­gned to be encryp­ted would be undu­ly one­rous and the ser­vice pro­vi­der has iden­ti­fied alter­na­ti­ve infor­ma­ti­on secu­ri­ty mea­su­res that could be imple­men­ted. Howe­ver, an exemp­ti­on would not nor­mal­ly be appro­pria­te whe­re ful­fil­ling the data pro­tec­tion obli­ga­ti­ons would be merely incon­ve­ni­ent.
35. Sec­tion 187C sets out the requi­red peri­od for ser­vice pro­vi­ders to retain spe­ci­fied telecom­mu­ni­ca­ti­ons data. A reten­ti­on requi­re­ment of two years is necessa­ry having regard to the requi­re­ments of natio­nal secu­ri­ty and law enforce­ment agen­ci­es to have telecom­mu­ni­ca­ti­ons data avail­ab­le for inves­ti­ga­ti­ons. It is also con­sis­tent with pri­va­cy expec­ta­ti­ons and the pri­va­cy of users of the Aus­tra­li­an telecom­mu­ni­ca­ti­ons sys­tem. The expe­ri­ence under the for­mer European data reten­ti­on sche­me was that, while fre­quent­ly data acces­sed by agen­ci­es was less than six mon­ths old, for natio­nal secu­ri­ty and serious cri­mi­nal offen­ces, data up to two years old would often be requi­red for the most com­plex inves­ti­ga­ti­ons into cri­mes and thre­ats to natio­nal secu­ri­ty that can have the most dama­ging effect.
36. Howe­ver, the reten­ti­on peri­od in sec­tion 187C is sub­ject to an exemp­ti­ons regime in Divi­si­on 3 of Part 5–1A. In par­ti­cu­lar, para­graph 187K(1)© allows the CAC to redu­ce the requi­red reten­ti­on peri­od. In addi­ti­on, data reten­ti­on imple­men­ta­ti­on plans that a ser­vice pro­vi­der may pro­vi­de under Divi­si­on 2 of Part 5–1A of the TIA Act may also be rele­vant to the peri­od for which a ser­vice pro­vi­der must retain rele­vant data. It is pos­si­ble for a data reten­ti­on imple­men­ta­ti­on plan to spe­ci­fy a reten­ti­on peri­od for a ser­vice offe­red by a ser­vice pro­vi­der of less than two years in rela­ti­on to ser­vices under the plan while the plan is in force.