Let Me and My Metadata Alone: Australia's Compliance with Article 17 of the International Covenant on Civil and Political Rights

In 2015, Australia enacted legislation to require telecommunications service providers to retain user and subscriber metadata for a period of two years. The retention of metadata, classified under legislation as personal information, raises concerns of the potential of unlawful privacy intrusions into the private lives of individuals by state and non-state actors. The aim of this research is to evaluate whether the legislation is consistent with Australia's obligations under article 17 of the International Covenant on Civil and Political Rights. This paper explores the development of the concept of privacy as a human right and illustrates that privacy concerns closely followed with advances in technology, capable of being delineated into three waves of privacy discourse. Daniel Solove's taxonomy of privacy is used to analyse threats to privacy engendered by metadata retention. Using international legal instruments, this research offers a set of requirements that must be satisfied for privacy intrusions to be deemed legitimate, necessary and proportionate. Upon applying the international legal requirements to the metadata retention legislation, this research concludes that Australia does not meet its international legal obligations to protect individual privacy against unlawful or arbitrary interference.