19.5k unique visitors in the last 3 days

Telstra Defeats Aussie Privacy Commissioner Over Metadata

Federal judges decided the Australian Privacy Act does not force telcos to give detailed service data to customers.

Australian Privacy Commissioner Timothy Pilgrim (pictured above) has taken a shellacking in the courts, after trying to stretch the scope of the Australian Privacy Act too far. In a landmark ruling, the federal court judges dismissed the commissioner’s appeal, siding with Telstra and the Administrative Appeals Tribunal over whether the Aussie telco needed to hand a full suite of telecommunications metadata over to Telstra customer and former journalist Ben Grubb. Grubb had asked for the metadata by using the personal information access provisions of the Privacy Act.

Telstra argued they were not required to hand over network information such as IP addresses, URLs visited, the location of cell towers used, and data about inbound calls, because it does not constitute personal information and so falls outside the Privacy Act. The judges agreed, in a decision which hinged on the word ‘about’. Their determination was that telecoms metadata was about the service being provided, without being about the customer.

The case originated when Grubb, seeking to generate a news story as well as define terminology and combat surveillance, used the rights granted by the Privacy Act to lodge a request for all the information that Telstra held about him. When Telstra refused to provide the metadata he wanted, Grubb sought the assistance of the Office of the Australian Information Commissioner (OAIC), headed by Pilgrim. The OAIC backed Grubb, deciding that Telstra had failed to meet their obligations. But when the case went to Australia’s Administrative Appeals Tribunal, they ruled in favor of Telstra. After several rounds of appeal the case was brought before three Federal Court judges, who again favored Telstra’s interpretation of the limits of the law.

If Privacy Commissioner Pilgrim is disappointed, he is not saying so publicly. The official response on the OAIC website is a long-winded version of ‘no comment’.

The case highlights an important and recurring problem with legislation designed to set expectations relating to personal data, privacy, and the management of data by comms providers. Legislators like to pass laws to protect privacy, but lack the skill and finesse to be precise in defining exactly who is entitled to what, and what telcos must do to meet their obligations. Every time they fall short it becomes the job of the courts to close the gap, resolving the meaning of the legislation. And because private citizens lack the resources to effectively bring cases, we end up with offshoots of government, like the OAIC, being paid to fight telcos in courts, only to learn their interpretation of the law is wrong too. I do not expect any miracle solution; the precedents set by courts of law will always need to resolve fine points of interpretation and application of the law. But if legislators spent less time taking credit for protecting privacy, and more time writing better-worded laws, they would save customers, taxpayers and businesses a lot of time, cost and anxiety.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email