top of page

DATA RETENTION BY ISP’s AND THE LAW: Ignorance is not an excuse



As I have always said, technology and the internet can be a hard place to navigate. I’m not talking about trying to find a torrent for your favorite show that is least likely to be a virus. I mean, staying out of trouble while you are online. The very field of Internet Law or Cyber Law is a comparatively new one, and naturally, not everyone realises that certain activities are prohibited. You may even think you were abiding by the law in some cases. But is ignorance of the law, a valid defence?

I am afraid not.

Unless you live under a rock, chances are that you have a digital presence. As a matter of fact, in 2017, chances are that the rock you live under also has wi-fi coverage. Social media went from being restricted to “the cool kids” back in the day, to everyone and their neighbour and grandma.

While it is great that such tremendous developments have happened in technology, we should also concern ourselves with the fine print that goes along with such advances.

Did you know that your Internet Service Provider (ISP) may keep track of all online activity that occurs, even on your private computers? Whether or not they keep “logs” of the websites you visited, forms you filled out, and sometimes even sensitive information, is up to the ISP itself. However, it is the norm for ISP’s to keep information known as “metadata” on their users. This information usually includes your IP address, identifying information and bandwidth used.

Most of you may have heard about the recent Australian Federal Government scheme for mandatory data retention which has made it law for Australian ISP’s to hold customer metadata for a minimum of two years duration. Most of you may or may not additionally know that this scheme makes it legal for numerous government agencies such as the AFP and the ASIO to access said metadata without the need for a warrant.

What does this mean from a legal point of view? Well, for instance, if you (or anyone else) were suspected of being involved in questionable activity on the internet, your ISP must hand over all information they have recorded to the associated authorities.

Now on the other end of the same spectrum, let’s look at where another country stands with regards to ISP data retention. Originally, the lower courts in Canada had adapted a stance similar to Australia. However, more recently in a Supreme Court of Canada decision from 2014, it was ruled that the Police “cannot get subscriber information from Internet service providers without a warrant”.

The reasoning behind this was that there exists a reasonable expectation of privacy, under what is called the Canadian Charter of Rights and Freedoms. The Court held that this expectation extends to internet users. It is worth noting that this decision was passed 8-0 by the Court. That being said, the Police in Canada CAN access this information from your ISP, they are just required to appear before a Judge and convince the Court that a warrant to obtain such identifying information is necessary.

Laws around data retention by ISP’s is not as straightforward as one would hope for it to be. Remember, being ignorant of these laws is not a defence. Most of these laws serve to protect our community from unscrupulous and malicious activities. In a day and age where technology has quickly moved from our work desks into our pockets, it is essential to be aware of the legal side of things.


bottom of page