Thursday, 7 May 2015

Australian Privacy Commissioner grants journalist access to his own metadata withheld by Telstra in 2013

The Australian Privacy Commissioner has determined that metadata produced by journalist Ben Grubb’s mobile phone activity is personal information and ordered Telstra to allow him access to this type of data.

Unfortunately, changes* to the Commonwealth Privacy Act 1988 may mean that this determination might not support futures challenges in cases where a telecommunications company refuses access to an individual’s own metadata.


3. On 15 June 2013 the complainant claimed a right of access under the Privacy Act to ‘all the metadata information Telstra has stored’ about him in relation to his mobile phone service, including (but not limited to) cell tower logs, inbound call and text details, duration of data sessions and telephone calls and the URLs of websites visited……..


1. Telstra Corporation Limited (Telstra) interfered with the complainant’s privacy by failing to provide the complainant with access to his personal information held by Telstra in breach of National Privacy Principle (NPP) 6.1 of the Privacy Act 1988 (Cth) (the Privacy Act).
2. To redress this matter, Telstra shall:
* within 30 business days after the making of this declaration, provide the complainant with access to his personal information held by Telstra in accordance with his request dated 15 June 2013, save that Telstra is not obliged to provide access to inbound call numbers;
* provide the complainant with access to the above information free of charge…….
13. I note from the outset that because this matter relates to events that occurred prior to reforms to the Privacy Act which commenced on 12 March 2014, the complaint has been dealt with under the legislative regime as it applied when the events occurred. The National Privacy Principles (NPPs) not the Australian Privacy Principles2 therefore apply in this instance to the question of whether or not Telstra has breached the Act. The NPPs outline the standards for handling personal information that legally bind organisations.

Full transcript of this determination can be found here.

* The Privacy Act 1988 defined personal information as:

personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

* Under the Privacy Amendment (Enhancing Privacy Protection) Act 2012 which amended the Privacy Act 1988, personal information is now defined thus:

personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
                     (a)  whether the information or opinion is true or not; and
                     (b)  whether the information or opinion is recorded in a material form or not.


Monday marks 688 days since I first asked Telstra for the metadata generated by my mobile phone - the same information it routinely gives law-enforcement and intelligence agencies without a warrant when investigating crime.
Monday also marks the start of Privacy Awareness Week 2015, which usually goes by each year without too much fuss and, to be quite frank, is a little boring. But this year's Privacy Awareness Week is different.
You see, Monday also marks the day the Office of the Australian Information Commissioner hasmade public a landmark decision in relation to my battle with Telstra for access to my metadata.
I wanted access to the data in light of the data retention laws, which recently passed parliament, so that I could show Australians exactly what metadata was, considering not even George Brandis could explain it. I wanted to put my metadata on a map like German politician Malte Spitz did after he successfully sued his telco in 2011 to show just how invasive having all of your metadata stored was in the wake of mandatory data retention in his country……

No comments: