Most ISPs Are Unprepared For Australia’s New Metadata Laws

Australia’s new data retention laws came into effect in October, and ISPs have until April 2017 to become fully compliant.

But despite having had six months to prepare, 84% of Australian ISPs say they’re still not ready to begin collecting or storing metadata.

The Attorney-General’s Department defines metadata as ‘data created when online tasks are undertaken and other forms of electronic communication are made’.

Metadata could include your IP address, your email address, the time and duration of your phone calls, the numbers you called, and which cell tower your device was connected to (your location). The government is not asking ISPs to retain web-browsing history or the content of emails. So metadata is not what you say on the phone or type on your device – rather, it’s the digital footprint you leave behind.

Metadata is used by law enforcement and security agencies to help solve many criminal and national security investigations. For example, most child exploitation cases depend on metadata, since perpetrators generally share information online. Only selected agencies with a clear need for metadata analysis, and strong privacy protection systems, are permitted to access the data.

The legislation allows two years for ISPs to fully implement their processes, and the Government is working with the sector to achieve full compliance by April 2017. Until then, the Government will focus on implementation rather than enforcement.


All ISPs should have already started retaining metadata, unless they’ve been granted an extension. Extensions are only granted if the ISP submits a Data Retention Implementation Plan (DRIP), and the Government approves the plan. But gaining DRIP approval has been difficult, with many ISPs remaining non-compliant. Approval has only been granted for 10% of the 81% of ISPs who submitted a plan.

A survey of ISPs by telecoms lobby group Communications Alliance discovered that compliance with the new laws is proving onerous for ISPs, and two-thirds still aren’t sure what type of metadata they’re required to retain. Some ISPs say the workload required to comply with the new regulations will put them out of business, or force them to reduce the range of services they offer.

Internet Australia, an organisation representing web users and small ISPs, has requested an immediate review of the regulations. ‘Nobody is anywhere near ready,’ said Laurie Patton of Internet Australia. ‘It’s such a complicated and fundamentally flawed piece of legislation that there are hundreds of ISPs out there that are still struggling to understand what they’ve got to do.’

For any further enquiries please contact us on 1300 853 453

Leave a Reply

Your email address will not be published.