Govt rebuked for being too 'generous' on data retention costs

The government wound up paying 80 percent - and in some cases, 100 percent - of the costs incurred by telcos and internet providers to comply with data retention laws, well above what was intended.

An audit of the grants program [pdf], which accompanied the introduction of data retention obligations, found it was “not fully effective” and resulted in the government being more generous than it wanted to be.

The government agreed, via a one-off grants scheme, to “pay a reasonable portion of the telecommunications industry’s costs of implementing the legislated mandatory data retention scheme.”

It budgeted $131.3 million; the audit found $127.9 million was spent, though a separate report last week suggested the spend was closer to $131.6 million.

The government had proposed to pay out “50 percent of the midpoint of an estimate of industry’s capital cost.”

Those cost estimates were largely collected through applications received for the funds.

However, the audit found that industry over-estimated its compliance costs compared to what the actuals turned out to be, to the tune of about $39.9 million.

The end result was that telcos and internet providers wound up having around 80 percent of their initial compliance costs met by the government.

In addition, for some providers, the funding they received met all of their initial compliance costs.

The auditors found “26 providers where the Australian Government fully funded the data retention implementation costs reported by those providers (involving $23.0 million in funding) notwithstanding that the program guidelines had stated that the Australian Government would not fully fund any provider.”

They also indicated that, even against the estimated compliance costs, the government’s proposed funding looked overly generous, but that there was no evidence of any consideration to cut back the grant amounts.

“There was no documented consideration, or departmental advice to the Attorney-General [which oversaw the scheme at the time], about the merits of constraining the amount of grant funding awarded to 50 percent of estimated costs (on an industry-wide basis),” the auditors said.

“Limiting grant expenditure to 50 percent of the aggregated estimated costs of industry applicants would have saved $28 million in Australian Government expenditure.”

While providers may have benefitted above the anticipated levels from the grant program, numbers released last week by the Attorney-General’s department show they face ballooning ongoing compliance costs associated with data retention.

Excluding the grants, compliance costs rose from $11.9 million in 2014-15 to $44 million in 2015-16 and then to just shy of $120 million in 2016-17. [pdf]

Over the past two years, providers were collectively able to claw back around $9 million a year in costs from criminal law enforcement agencies, but the trend suggests telcos and internet providers will increasingly be left out of pocket by data retention into the future.