There are new concerns that data retention “ambiguity” is allowing cops to view people’s browsing history.

Australia's mandatory data retention scheme requires telecommunications companies to store the metadata of customers for at least two years, and make it available to law enforcement.

The data includes the technical information of a communication - the time, date and location and the device or equipment used, which is captured without the need for a warrant.

It appears that law enforcement agencies are getting the full URLs of web pages visited by people, despite government assurances that this would not happen.

Commonwealth Ombudsman Michael Manthorpe has slammed the “ambiguity around the definition of content” at a parliamentary committee.

The content of a message, phone call or email and web-browsing history were not supposed to be included in metadata.

“[The data retention bill] explicitly excludes anything that is web-browsing history or could amount to web-browsing history, such as a URL or IP address to which a subscriber has browsed,” the federal government said in the lead-up to the 2015 legislation.

Mr Manthorpe argues that URL data captured in metadata requests is “content” as it can “communicate something about the content of what is being looked at”.

“We're simply highlighting that I think when the scheme commenced, the concept was probably thought to be quite a clean and delineable thing, but we know that there is a greyness on the edges that we thought we should call out,” he said.

Mr Manthorpe also criticised agencies for acting on “verbally issued authorisations” instead of written approvals.

“What we have observed is that in some instances, law enforcement agencies, particularly I think where they are operating in a spirit of urgency … in some cases they issue an internal authorisation based on verbal advice,” he said.

“At an operational level, I can understand why that might occur, but that isn't catered for in the legislation. We think that is a gap in the legislation.”

Inspector-General of Intelligence and Security Margaret Stone echoed Mr Manthorpe's sentiments.

“Because the nature of telecommunications have changed so much in recent years, there is this assumption that you get more from content than metadata,” she said.

“But when you look at the range of metadata, and what it tells you, there's an argument that could be made that it is just as intrusive, or almost as intrusive, as content.”

The Parliamentary Joint Committee on Intelligence and Security is part-way through a review of controversial metadata retention laws.

It has revealed that in the 2018-2019 financial year, 295,691 authorisations to access metadata were issued across Australia.