Australia Data Retention Is In Effect - Here's How To Protect Yourself

Last updated: March 23, 2024 Reading time: 5 minutes
Cyber criminals

The countdown for ‘intrusive data surveillance’ has expired after the 18-month deadline. From this day forward, every ISP and Telco in Australia will be bound to perform meta-data retention of every single customer in Australia for at least two years.

In October 2015, the Australian parliament passed the metadata retention bill. It gave all the ISPs and Telco in the industry 18 months to formulate the strategy to implement and abide by the orders. The orders came as a so-called ‘precaution’ for national security to fight terrorism, which is just a sham in the views of privacy advocates.

Last year, I covered a progressive story on Australian data retention. Going to such length is to keep tabs on every person in Australia through the law-enforcing entities without any warrants. The Federal departments, which are not authorized to access the metadata, circumvent the data retention bill restrictions by asking the Australian Federal Police (AFP) to do their work.

That means over 2500 appointed offices of 21 law enforcement agencies and unauthorized federal departments can access your private information round the clock for drug crimes instead of the security operation, as Dr. Robb Nicholls of the University of NSW claimed.

What does your MetaData looks like

Since Telco and ISPs both are obliged for data retention in Australia, your information can include:

  • Your name and address.
  • All the details of mobiles and apps, including your SIM mobile number.
  • Date and timestamps of any communication through Email, VoIP, Social Media, Messaging apps, Websites, and Mobile.
  • Recipient of your communication.
  • All the details of the email except the body content.
  • Location of your Internet-connected devices (incl. Cell Towers and Wi-Fi hotspots) and more…

Such sensitive data held out of sight like in proprietary silos, we lose out on the benefits we could realize if we had direct control over this data and chose with whom to share it, said Sir Tim Berners-Lee.

How to Protect your Privacy

Here’s how you can protect your privacy against Australian Data Retention Law.

Virtual Private Networks

April 13, 2017, marked as #GetaVPN day by Digital Rights Watch, provides an immediate solution to prevent ISPs from keeping tabs on your information. Paid VPN subscriptions offer the necessary privacy protection for your data.

VPN – Virtual Private Networks – encrypts your communication data with 256-bit AES encryption which is unbreakable yet as it would take 1 billion years to break it using a brute force attack. It also changes your IP with a fake one, so it becomes futile for anyone to track your communication back to you.

However, you should take care while opting for the best VPN subscription for Australia and choose a VPN provider with its DNS servers. You can opt for industry-leading VPN providers such as NordVPN, ExpressVPN, and ExtremeVPN, which are vastly trusted by people globally, mainly because:

  1. Based outside the jurisdiction of FIVE EYES countries (i.e. Australia, Canada, United States, United Kingdom, and New Zealand).
  2. Strict NO (Traffic/Metadata) LOG policy (which means that all the output data is instantly sent to /dev/null sunk directory – pointed out by NordVPN).
  3. Encrypt your communication and entire web traffic with 256-bit AES encryption and OpenVPN security Protocol.
  4. Owns private DNS (which means all of your data is routed through private DNS and not through your ISP’s DNS).
  5. Exclusive security features like TOR-over-VPN (NordVPN) and Split Tunnel (PureVPN).

TOR Network

TOR is a volunteer-based service and runs on a secure TOR network. Australian users can connect to the TOR network using the TOR browser, making Internet data retention useless. However, since data passes through volunteer gateways (nodes), Internet surfing is slow, and privacy protection is only limited to the browser. At the same time, the rest of your network traffic remains exposed for the ISPs to monitor.

If you want TOR protection but do not want to change your browser, you can opt for NordVPN because it provides TOR-over-VPN functionality.

Mobile SMS and Calls

Metadata collection is an old and silent practice of governments worldwide, and unfortunately, you cannot escape that. However, you can shift your calling and texting habits to end-to-end encrypted messaging apps such as Signal, Telegram, Wickr, and WhatsApp, which are more private.

If you use the Internet via your mobile carrier, it is recommended to use a VPN to encrypt the entire mobile Internet traffic. Also, apps that you use send mobile-related information to the developer of those apps, so always download apps from a trusted source and developers and read their privacy policies before downloading.

Email Protection

Since the Australia Data Retention list includes email tracking, it is necessary to protect your emails from your ISP. I recommend you move to a more secure email provider such as Protonmail or Tutanota. However, since we are integrated into Gmail, it might be hard to let go. To add encryption to Gmail, you can install a free Google Chrome extension named Mailvelope, which encrypts your email with OpenPGP encryption. And while you are at it, you can install HTTPs everywhere on your browser to force websites for encrypted certificates.

Social Media Tracking Protection

While Australia Data Retention laws are after your metadata, Social Media platforms are also after your information for analytics purposes and to show you targeted ads.

You can install extensions like Disconnect or Privacy Badger to prevent social media tracking, which sends ‘do not track me’ requests and blocks all the tracking URLs.


Since Australia Data Retention is effective and fully operational, it becomes your responsibility to protect your information. As discussed earlier, the immediate solution is to go for a paid VPN subscription for the time being to protect your information and then look for further options. By following these practices, you can significantly minimize the possibility of data retention by ISPs and Telcos.

Share this article

About the Author

Rebecca James is an IT consultant with forward thinking approach toward developing IT infrastructures of SMEs. She writes to engage with individuals and raise awareness of digital security, privacy, and better IT infrastructure.

More from Rebecca James

Related Posts