Telstra Corporation Limited and Privacy Commissioner

Case

[2015] AATA 991

18 December 2015

Telstra Corporation Limited and Privacy Commissioner [2015] AATA 991 (18 December 2015)

Division:  GENERAL DIVISION

File Number:  2015/2199

Re:  TELSTRA CORPORATION LIMITED

APPLICANT

And:PRIVACY COMMISSIONER

RESPONDENT

And:BEN GRUBB

JOINED PARTY

DECISION

Tribunal  Deputy President S A Forgie

Date  18 December 2015

Place  Melbourne

The Tribunal decides to:

1.set aside the determination of the Respondent dated 1 May 2015; and

2.substitute a determination that:

(1)the complaint made by the Joined Party is not substantiated;

(2)the Applicant has not breached National Privacy Principle 6.1 in Schedule 3 to the Privacy Act 1988; and

(3)in response to the Joined Party’s request made to the Applicant under the Privacy Act 1988 and dated 15 June 2013, the Applicant is not required to provide any further information to the Joined Party in addition to that which it has already provided.

………[sgd]…………….

Deputy President

CATCHWORDS – PRIVACY – National Privacy Principles – personal information – access sought to mobile network data including metadata – when information is about an individual – when the identity of an individual is apparent or can reasonably be ascertained – determination set aside.

LEGISLATION

Freedom of Information Act 1982: ss 4(1); 11A; 11B; 24AA; 41 and 47F
Freedom of Information Amendment (Reform) Act 2010: s 3
Privacy Act 1988: ss 6(1); 6C(1)(b); 6D-6EA; 16A(2); 16B(1) and (2); 16C(3); 36; 36(1) and (7); 36(2A); 40(1) and (1A) and 52(1)(a) and (b), (1B) and (2)
Privacy Amendment (Enhancing Privacy Protection) Act 2012: ss 2 and 3
Telecommunications Act 1997: ss 7 and 87(1)
Telecommunications (Interception and Access) Act 1979: ss 5(1); 187A(1), (3) and (4); 187AA and 187LA
Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015: s 3

CASES

Bailey v Hinch [1989] VicRp 9; [1989] VR 78

Ben Grubb and Telstra Corporation Limited [2015] AICmr [35]

Collector of Customs v Agfa-Gevaert Ltd [1996] HCA 36; (1996) 186 CLR 389; 141 ALR 59; 43 ALD 193; 24 AAR 282
Director of Public Prosecutions (NT) v WJI [2004] HCA 47; (2004) 219 CLR 43; 210 ALR 276
Exxon Corporation v Exxon Insurance Ltd [1982] Ch 119
Jorgensen v Australian Securities and Investments Commission [2004] FCA 143; (2004) 208 ALR 73
Re Denehy and Superannuation Complaints Tribunal [2012] AATA 608; (2012) 131 ALD 413
Re Lobo and Department of Immigration and Citizenship [2011] AATA 705; (2011) 56 AAR 1; 124 ALD 238
Smallbone v New South Wales Bar Association [2011] FCA 1145; (2011) 198 FCR 17; 284 ALR 82
WL v La Trobe University [2005] VCAT 2592; (2005) 24 VAR 23

OTHER MATERIAL

Chambers 21st Century Dictionary, 1999, reprinted 2004, Chambers
Explanatory Memorandum to Privacy Bill
Privacy Report Law Reform Commission Report No. 22, AGPS Canberra, 1983, Vol 2
Second Reading Speech to Freedom of Information Bill Hansard, House of Representatives, 1 November 1988 at 2117

REASONS FOR DECISION

  1. Under the Privacy Act 1988 (Privacy Act), Mr Ben Grubb asked for access to all metadata information held by Telstra Corporation Limited (Telstra) regarding his mobile phone.  Telstra gave him access to a range of information but declined to give him access to its mobile network data which includes metadata.  On a complaint made to him by Mr Grubb regarding Telstra’s decision, the Privacy Commissioner (Commissioner) decided on 1 May 2015 that the mobile network data is “personal information” as that term is defined in the Privacy Act. He further decided that, in refusing to give Mr Grubb access to it, Telstra was in breach of National Privacy Principle (NPP) 6.1 and directed that he give that information to Mr Grubb. The relevant law is that which was in force before 13 October 2015.[1]  I have decided that Telstra’s mobile network data is not information about an individual, namely Mr Grubb, and so is not personal information.  Therefore, Telstra is not in breach of NPP 6.1 in refusing to give him access to it.

    [1] See [11] below

REQUEST FOR DATA

  1. On 15 June 2013, Mr Grubb wrote an email to Telstra:

    As you are no doubt aware under Australian law I have a general right to access the personal information that a company holds about me.  With this in mind I’d like to request all the metadata information Telstra has stored about my mobile phone service (04…).

    The metadata would likely include which cell tower I’m connected to at any given time, the mobile phone number of a text I have received and the time it was received, the time a data session finished and begun, URLs [Uniform Resource Locators] of websites I have visited, the duration of telephone calls, who is calling and who I’ve called and so on.  I assume estimated longitude and latitude positions would be stored too.  This is the type of data I would like to receive.”[2]

    [2] Documents lodged under s 37 of the Administrative Appeals Tribunal Act 1975 (T documents); T7 at 533

TELSTRA’S RESPONSE and Mr GRUBB’S PRIVACY COMPLAINT

  1. In its letter of 16 July 2013 to Mr Grubb, Telstra provided the following response to his request:

    I’ve confirmed that:

    ·We are unable to provide you with information regarding your location and the details of the numbers that called and sent SMS to your service due to privacy laws.

    ·I advised you that you can access your outbound mobile call details via your online billing.

    ·I advised you that you can access the length of your data usage sessions via online billing.

    ·I advised you that you will need a subpoena for any of the other information you have requested.”[3]

    [3] T documents; T7 at 535

  1. On 8 August 2013, Mr Grubb lodged a complaint with the Privacy Commissioner (Commissioner) on the basis that the law requires Telstra to give him access to data that is personal to him.  No other person has matching data, he added.[4] He sought neither an apology nor compensation. His complaint was made under s 36 of the Privacy Act.

    [4] T documents; T7 at 527-531

INFORMATION GIVEN TO Mr GRUBB BEFORE COMMISSIONER’S DETERMINATION

  1. Following his complaint to the Commissioner, Telstra has given Mr Grubb the following additional information, which I set out in its context:

    (1)As resolution of the complaint turned on what information fell within the scope of Mr Grubb’s request and so what was “personal information”, Telstra wrote to him on 2 October 2014 saying, in part:

    To assist with narrowing the issues that need to be considered and determined by the Commissioner, we are providing you with this letter:

    1.a compact disk containing call records in respect of your account;

    2.a folder containing all bills that have been issued to you in respect of your account;

    3.a document (Attachment 1 to this letter) listing personal information in relation to you that is contained in our customer relationship management system.

    Telstra accepts that all of this information is ‘personal information’ for the purposes of the Privacy Act 1988.”[5]

    [5] Exhibit C; Exhibit JC-1

    (a)The Compact Disk contained an Excel spreadsheet showing call data records in relation to all outgoing calls, Short Message Service (SMS) messages and Multimedia Messaging Service (MMS) messages from Mr Grubb’s mobile telephone service between 17 January 2011 and 21 September 2014.  The records contained information showing the following:

    (i)the originating number, described as the “A-party number”, being Mr Grubb’s mobile number;

    (ii)the A-party location being the mobile cell location;

    (iii)the number of the recipient of the communication, which is described as the “B-party number”;

    (iv)the date of the communication;

    (v)the time of the communication; and

    (vi)the duration of the communication in seconds in the case of a call and, in the case of an SMS or MMS, the fact that it was made.

    (b)The folder referred to in the letter contained copies of all bills that related to his mobile telephone service account since it had been opened and that Telstra had issued to him since then.  Ms Jhin Chiu, a Legal Counsel with Telstra, stated that the form of accounts had changed over the years but that the information they contained had generally remained the same.  I set out the type of information appearing in a bill at […(c)(iii)] below.

    (c)The information in Attachment 1 to Telstra’s letter dated 2 October 2014 and referred to in (1) of this paragraph contained information of the following type:

    (i)Personal information held in Telstra’s Customer Relationship System including details of Mr Grubb’s full name, address, date of birth, mobile number, email address(es), billing account number, customer ID (identity), IMSI (International Mobile Subscriber Identity), PUK (personal unlocking key), marketing opt outs, SIM (Subscriber Identity Module) category and password.

    (ii)A sample page of calls made from his mobile number showing:

    (i)Mr Grubb’s number as “A-party number”;

    (ii)A-party location being a suburb or area;

    (iii)B-party number being the number called;

    (iv)Call date;

    (v)Call time; and

    (vi)Call duration in seconds or SMS details.

    (iii)A Tax Invoice or Telstra Bill issued to Mr Grubb in the form currently used by Telstra.  It shows:

    ·information such as his address, the billing period, the date the bill was issued, the account number and the bill number, the mobile number, the total due for payment and when it was due;

    ·his bill history in graph form, details of his previous balance and its payment and the charges due under his particular plan;

    ·general information about how to restrict or bar certain content on his mobile; and

    ·details of the calls he had made on his mobile in the billing period showing, for each call, the date and time it was made, the type of call being National or National to Telstra mobile, location, number called, rate (being Peak or Weekend), duration in minutes and seconds, the gross amount in dollars and the net amount in dollars.

    (2)In a letter dated 18 November 2014, Telstra gave Mr Grubb additional data that it regarded as personal information.  That was information regarding the colour of his handset, the handset’s ID, its IMEI (International Mobile Station Equipment Identity), his mobile device payment option and the network type.[6]

    [6] Exhibit C; Exhibit JC-2

    (3)Telstra wrote a third letter dated 27 January 2015 including a report of information that it had extracted from a system that retained nine to ten months of data at a time.  The report was downloaded to a USB flash drive.  The data Telstra extracted related to the period from 19 February 2014 to 3 December 2014 and included some material that it had previously provided to Mr Grubb.  The report included details of:

    (a)A-party number;

    (b)A-party IMEI;

    (c)A-party IMSI;

    (d)A-party Cell ID;

    (e)A-party location;

    (f)original number called;

    (g)called number;

    (h)B-party IMEI (redacted);

    (i)B-party IMSI (redacted);

    (j)B-party Cell ID (redacted);

    (k)B-party location (redacted);

    (l)call date;

    (m)call time;

    (n)call duration in seconds.[7]

    [7] Exhibit C; Exhibit JC-3 and see also T documents; T21 at 619-917

    INFORMATION NOT GIVEN TO MR GRUBB BEFORE COMMISSIONER’S DETERMINATION

  2. On the basis of Ms Chiu’s affidavit, I find that Telstra has not given Mr Grubb access to two classes of information.  One class comprises call data records in relation to incoming calls, SMS messages or MMS messages.  The other class comprises “… network data retained by Telstra in relation to communications passing through its mobile networks.”[8]  Ms Chiu expanded on the first:

    Incoming call data records would show the following categories of information: the A Party’s number, IMEI and IMSI, the B Party’s number, IMEI and IMSI, mobile cell location information in relation to the A Party and the B Party (where the party is a Telstra customer), and the date, time and (where applicable) duration of the communication.  This information would be shown in relation to each call, SMS message and MMS message to the Complainant’s mobile telephone service since his account was opened, whether or not the A Party had a silent line or had blocked his or her calling number display.”[9]

    [8] Exhibit C at [22]

    [9] Exhibit C at [21]

NOTICE TO PRODUCE ISSUED TO TELSTRA BY THE COMMISSIONER

  1. On 27 November 2014 and before Telstra sent its third set of information to Mr Grubb early in 2015, the Commissioner gave Telstra a Notice to Produce the following:

    The information that Telstra would provide to a law enforcement agency under warrant or court order requesting the following data and information regarding Mr Ben Grubb’s mobile telephone account …:

    All the metadata and telecommunications data Telstra holds about Mr Ben Grubb’s mobile telephone account which may include (but is not limited to) the following:

    -Subscriber information including service number and connection dates

    -Carriage service records including call records, SMS records and internet records (including date, time and duration of a communication, details of the phone numbers of the parties involved in the communications)

    -Location-based information including the cell tower Mr Grubb is connected to at any given time, estimated longitude and latitude positions)

    -Internet session information including date, time and duration of internet sessions as well as Internet Protocol (IP) address, email logs and URLs of websites”.[10]

    [10] Exhibit C at [13]

  1. On the basis of Ms Chiu’s affidavit, I find that the Commissioner subsequently narrowed the scope of information to be produced by his Notice to Produce.[11]  In its response dated 11 December 2014, Telstra provided the following information:

    [11] Exhibit C at [14]

    (1)The information contained in the first document included Mr Grubb’s service number, account number(s), customer ID, connection date and statement that still active, service name, service address, billing name, statement email, date of birth, authorised representative, SIM number, IMSI, IMEI, product being plan and mobile, SIM replacement and order submitted and place where submitted.

    (a)Telstra noted that an order had been placed but it could not identify whether it had been submitted online or over the telephone as both the order and interaction had been archived.  It had been unable to access that archived information due to an issue it had identified.[12]

    [12] T documents; T25 at 1115-1116

    (2)The second document set out Mr Grubb’s call records extending from 19 February 2014 to 3 December 2014.  The format is the same as that in the call records sent to Mr Grubb by Telstra in its letter dated 27 January 2015 for the same period.[13]

    [13] See [5(3)] above and T documents; T21 at 619-917

    (3)Call data records in relation to incoming and outgoing calls.[14]  A sample page was attached to Ms Chiu’s affidavit as part of Exhibit JC-1.  I have summarised the nature of the information shown on the document at (1)(a) of this paragraph.

    [14] T documents; T22 at 919-1107

    (4)Sample longitude and latitude coordinates of mobile cells.  That document sets out information under the following headings:

    (a)CGI (computer-generated imagery);

    (b)Base Station Name;

    (c)Billing name;

    (d)MSA Name (Metropolitan Statistical Areas);

    (e)State;

    (f)Antenna Latitude (GDA94[15]);

    (g)Antenna Bearing;

    (h)Technology;

    (i)Cell Name (LRD Code);[16]

    (j)Base Station Type; and

    (k)Date.[17]

    [15] GDA94 is the Geocentric Datum of Australia.  It is a coordinate reference system that was adopted nationally on 1 January 2000.

    [16] LRD = Link & Route Detail

    [17] T documents; T23 at 1109

COMMISSIONER’S DETERMINATIONS

  1. After reviewing Mr Grubb’s complaint, the Commissioner made two declarations on 1 May 2015. The first was that Mr Grubb’s complaint was substantiated and the Telstra had breached NPP 6.1 by failing to provide the complainant with access to personal information in accordance with it. Under s 52(1)(b)(ii) of the Privacy Act, the Commissioner declared that Telstra must:

    ·         within 30 business days after the making of this declaration, provide the complainant with access to the following personal information held by Telstra in accordance with the complainant’s request dated 15 June 2013 and further to that already provided by Telstra to the complainant, save that Telstra is not obliged to provide access to the phone numbers of incoming callers:

    ·Internet Protocol (IP) address information

    ·Uniform Resource Locator (URL) information

    ·Cell tower location information beyond the cell tower location information that Telstra retains for billing purposes (to which the complainant has been given access). …

    ·provide the complainant with access to the above information free of charge.”[18]

    [18] Ben Grubb and Telstra Corporation Limited [2015] AICmr [35] at [172]; footnote omitted

  1. Mr Grubb said at the hearing that he was not seeking access to the phone numbers of incoming callers.

LEGISLATIVE FRAMEWORK

Privacy Act in force immediately before 12 March 2014 amendments came into effect

  1. Between the time Mr Grubb lodged his complaint with the Commissioner in 2013 and the time the Commissioner made his determinations in 2015, the Privacy Act has been extensively amended. Amendments of particular relevance are those made by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (PAEPP Act) but their application is determined by Schedule 6. In this case, Item 16 is relevant for it relates to complaints made to the Commissioner under s 36 of the Privacy Act before the commencement time (12 March 2014[19]) but only if:

    immediately before that time, the Commissioner has not:

    (i)decided under Part V of that Act not to investigate, or not to investigate further, the act or practice; or

    (ii)made a determination under section 52 of that Act in relation to the complaint.”[20] 

    In those circumstances, the complaint may be dealt with under the Privacy Act after 12 March 2014 as if the amendments made by the PAEPP Act had not been made.[21]

    [19] PAEPP Act; Schedule 6, Item 1 and s 2, Item 2

    [20] PAEPP Act; Schedule 6, Item 16(1)(b)

    [21] PAEPP Act; Schedule 6, Item 16(2)  I set out the relevant amendment that has been made to the definition of “personal information” at [80] below. At [19]-[25] below, I set out the amendments made to the Telecommunications (Interception and Access) Act 1979 to add ss 187AA and 187LA and their relevance to the definition of “personal information” under the Privacy Act.

    Telstra’s duty under the Privacy Act

  2. For the purposes of the Privacy Act, Telstra is regarded as an organisation. The word “organisation” is defined to include various entities.  Among them is a body corporate that is not a small business operator.[22]  Telstra is not a small business operator but it is a body corporate and so an organisation.  It is common ground that Telstra does not have an approved policy code binding it.  Therefore, it must not do an act, or engage in a practice, that breaches a National Privacy Principle (NPP).[23] 

    [22] Privacy Act; s 6C(1)(b) and see also ss 6D-6EA

    [23] Privacy Act; s 16A(2) The NPPs were replaced by the Australian Privacy Principles (APPs) by the PAEPP Act with effect from 12 March 2014: see s 3, Schedule 1, Items 14 and 104 and s 2(1), Item 2.

    A.        Application of NPPs

  3. Putting aside tax file number information, credit information and credit reporting,[24] the Privacy Act applies to the collection of personal information by an organisation and to the personal information collected only if certain circumstances apply. In relation to the collection, the Privacy Act only applies if it is collected for inclusion in a record or a generally available publication. In relation to personal information that has been collected, it applies only if it is held by an organisation in a record.[25]  The word “record” is defined in s 6(1) of the Privacy Act to mean:

    [24] Tax file numbers and credit information are the subjects of Division 4 and 5 of Part III respectively.  Part IIIA relates to credit reporting.

    [25] Privacy Act; ss 16B(1) and (2)

    (a)     a document; or

    (b)a database (however kept); or

    (c)a photograph or other pictorial representation of a person;

    but does not include:

    (d)a generally available publication; or

    (e)anything kept in a library, art gallery or museum for the purpose of reference, study or exhibition; or

    (f)Commonwealth records as defined by subsection 3(1) of the Archives Act 1983 that are in the open access period for the purposes of that Act; or

    (fa)records (as defined in the Archives Act 1983) in the custody of the Archives (as defined in that Act) in relation to which the Archives has entered into arrangements with a person other than a Commonwealth institution (as defined in that Act) providing for the extent to which Archives or other persons are to have access to the records; or

    (g)documents placed by or on behalf of a person (other than an agency) in the memorial collection within the meaning of the Australian War Memorial Act 1980; or

    (h)letters or other articles in the course of transmission by post.

  1. Sections 16C to 16E modify the way in which the NPPs apply.  Sections 16C and 16D delay their application in some instances and s 16E take the collection and use of personal information for an individual’s personal, family or household affairs outside the application of the NPPs.  Section16C(3) was raised during the hearing in relation to the construction of “personal information” but it was also recognised that it does not apply to exclude any personal information that is from the scope of NPP 6. It is a transitional provision and was included when Division 3 of Part III was added by the Privacy Amendment (Private Sector) Act 2000 with effect from 21 December 2001.  The personal information sought by Mr Grubb has been collected since that date. 

  2. Section 16C(3) provides:

    National Privacy Principle 6 applies in relation to personal information collected after the commencement of this section.  That Principle also applies to personal information collected by an organisation before that commencement and used or disclosed by the organisation after that commencement, except to the extent that compliance by the organisation with the Principle in relation to the information would:

    (a)place an unreasonable administrative burden on the organisation; or

    (b)cause the organisation unreasonable expense.

    B.       NPP 6

  3. Only some paragraphs of sub-clause 6.1 of NPP 6 come into play and I will repeat only those paragraphs that may be relevant:

    Access and correction

    6.1If an organisation holds personal information about an individual, it must provide the individual with access to the information on request by the individual, except to the extent that:

    (a)-(b)…

    (c)providing access would have an unreasonable impact upon the privacy of other individuals; or

    (d)-(f)…

    (g)providing access would be unlawful;

    (h)denying access is required or authorised by or under law; or

    (i)-(k)…

    C.       Definition of “personal information

  4. Immediately before 12 March 2014, s 6(1) of the Privacy Act defines the term “personal information” to mean:

    … information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

  5. For completeness, I note that the definition was repealed and substituted from that day with the following:

    personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:

    (a)whether the information or opinion is true or not; and

    (b)whether the information or opinion is recorded in a material form or not.”[26]

    [26] PAEPP Act; s 3, Schedule 1, Item 36

    D.       Extension of duty from 13 October 2015

  6. With effect from 13 October 2015, the Telecommunications (Interception and Access) Act 1979 (TIA Act) was amended by the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 (Data Retention Act).  Both before and after that date, Telstra has been a “carriage service provider” for the purposes of the TIA Act.[27]

    [27] TIA Act; s 5(1) providing that “carriage service provider has the meaning given by the Telecommunications Act 1997.” Section 7 of the Telecommunications Act 1997 (Telecommunications Act) provides that the expression “carriage service provider has the meaning given by section 87.”  Section 87(1) set out what it describes as a “basic definition” before it goes on to modify it.  The basic definition is:“(1) For the purposes of this Act, if a person supplies, or proposes to supply, a listed carriage service to the public using: (a) a network unit owned by one or more carriers; or (b) a network unit in relation to which a nominated carrier declaration is in force; the person is a carriage service provider.”  Section 86 provides that, for the purposes of that legislation, a carriage service provider is, together with a content service provider, a “service provider”.

  7. From 13 October 2015, the following note was added to the definition of “personal information” in s 6(1) of the Privacy Act:

    Note:  Section 187LA of the Telecommunications (Interception and Access) Act 1979 extends the meaning of personal information to cover information kept under Part 5-1A of that Act.”[28]

    [28] Data Retention Act; s 3; Schedule 1; Item 1H

  8. More specifically, s 187LA, which comes within Part 5-1A of the TIA Act and which also came into effect from 13 October 2015, provides:

    (1)     The Privacy Act 1988 applies in relation to a service provider, as if the service provider were an organisation within the meaning of that Act, to the extent that the activities of the service provider relate to retained data.

    (2) Information that is kept under this Part, or information that is in a document kept under this Part is taken, for the purposes of the Privacy Act 1988, to be personal information about an individual if the information relates to:

    (a)the individual; or

    (b)a communication to which the individual is a party.”  

  9. Part 5-1A imposes an obligation on persons it describes as “service providers” who operate a service to which Part 5-1A applies to:

    … keep, or cause to be kept, in accordance with section 187BA and for the period specified in in section 187C:

    (a)information of a kind specified in or under section 187AA; or

    (b)documents containing information of that kind;

    relating to any communication carried by means of the service.

    Note 1-3…”[29]

    [29] TIA Act; s 187A(1)

  10. Since 13 October 2015, s 187A(3) of Part 5-1A provides that the Part applies to a service if:

    (a)     it is a service for carrying communications, or enabling communications to be carried, by means of guided or unguided electromagnetic energy or both; and

    (b)it is a service:

    (i)operated by a carrier; or

    (ii)operated by an internet service provider (within the meaning of Schedule 5 to the Broadcasting Services Act 1992); or

    (iii)of a kind for which a declaration under subsection (3A) is in force; and

    (c)the person operating the service owns or operates, in Australia, infrastructure that enables the provision of any of its relevant services;

    but does not apply to a broadcasting service (within the meaning of the Broadcasting Services Act 1992).”

  1. Section 187AA sets out six topics of information that, since 13 October 2015, must be kept and gives a description of the information in each.  The topics are:

    1        The subscriber of, and accounts, services, telecommunications devices and other relevant services relating to, the relevant service

    2        The source of a communication

    3        The destination of a communication

    4        The date, time and duration of a communication, or of its connection to a relevant service

    5        The type of a communication or of a relevant service used in connection with a communication

    6        The location of equipment, or a line, used in connection with a communication”.

  2. Section 187A(4) now clarifies the operation of s 187AA by providing:

    This section does not require a service provider to keep, or cause to be kept:

    (a)information that is the contents or substance of a communication; or

    Note:This paragraph puts beyond doubt that service providers are not required to keep information about telecommunications content.

    (b)       information that:

    (i)states an address to which a communication was sent on the internet, from a telecommunications device, using an internet access service provided by the service provider; and

    (ii)was obtained by the service provider only as a result of providing the service; or

    Note:This paragraph puts beyond doubt that service providers are not required to keep information about subscribers’ web browsing history.

    (c)information to the extent that it relates to a communication that is being carried by means of another service:

    (i)that is of a kind referred to in paragraph (3)(a); and

    (ii)that is operated by another person using the relevant service operated by the service provider;

    or a document to the extent that the document contains such information; or

    Note:This paragraph puts beyond doubt that service providers are not required to keep information or documents about communications that pass ‘over the top’ of the underlying service they provide, and that are being carried by means of other services operated by other service providers.

    (d)information that the service provider is required to delete because of a determination made under section 99 of the Telecommunications Act 1997, or a document to the extent that the document contains such information; or

    (e)information about the location of a telecommunications device that is not information used by the service provider in relation to the relevant service to which the device is connected.

    Complaints under the Privacy Act

  3. Subject to one qualification, an individual may complain to the Commissioner about an act or practice that may be an interference with his or her privacy.[30] The qualification, which is set out in s 36(2A), is not relevant as Telstra does not have an approved privacy code.

    [30] Privacy Act; s 36(1)

  4. Once a complaint has been made about an act or practice that is an act or practice of an organisation, the respondent to that complaint is the organisation.[31]  The Commissioner is generally required to investigate that act or practice if that act or practice may be an interference with the privacy of an individual.[32] The one exception to the Commissioner’s obligation arises if the complainant did not first complain to the respondent before making the complaint under s 36 to the Commissioner. Even then, the Commissioner may decide to investigate the complaint if he or she considers that it was not appropriate for the complainant to complain to the respondent.[33] The Commissioner’s powers and duties in undertaking the investigation are set out in Division 1 of Part V of the Privacy Act.

    [31] Privacy Act; s 36(7)

    [32] Privacy Act; s 40(1)

    [33] Privacy Act; s 40(1A)

  5. Division 2 of Part V set out the Commissioner’s powers after investigating a complaint. They include those set out in s 52(1)(a) and (b):

    After investigating a complaint, the Commissioner may:

    (a)make a determination dismissing the complaint; or

    (b)find the complaint substantiated and make a determination that includes one or more of the following:

    (i)a declaration:

    (A)where the principal executive of an agency is the respondent – that the agency has engaged in conduct constituting an interference with the privacy of an individual and should not repeat or continue such conduct; or

    (B)in any other case – that the respondent has engaged in conduct constituting an interference with the privacy of an individual and should not repeat or continue such conduct;

    (ii)a declaration that the respondent should perform any reasonable act or course of conduct to redress any loss or damage suffered by the complainant;

    (iii)a declaration that the complainant/ is entitled to a specified amount by way of compensation for any loss or damage suffered by reason of the act or practice the subject of the complaint;

    (iv)a declaration that it would be inappropriate for any further action to be taken in the matter.

  6. The Commissioner is required to state any findings of fact upon which the determination is based.[34]  The determination is not binding or conclusive between any of the parties to the determination.[35]

    [34] Privacy Act; s 52(2)

    [35] Privacy Act; s 52(1B)

    OUTLINE OF SUBMISSIONS

  1. At the outset of his written closing submissions on behalf of Telstra, Mr Masters submitted that there are two key issues for determination:

    (a)     whether mobile network data held by Telstra in relation to the Complainant’s mobile telephone service are ‘personal information’, that is, whether the Complainant’s identity is apparent or can reasonably be ascertained from the mobile network data; and

    (b)whether providing the Complainant with access to incoming call data records held by Telstra in relation to his mobile telephone service would have an unreasonable impact upon the privacy of other individuals.”[36]

    [36] Outline of Closing Submissions of the Applicant at [1]

  1. As Mr Grubb’s identity is not apparent from, and cannot be reasonably be ascertained from, mobile network data in relation to his mobile telephone service, the mobile network data are not “personal information”, Mr Masters submitted.  Furthermore, exception (c) to NPP 6.1 would apply as providing Mr Grubb with access to incoming call data records in relation to his mobile telephone service would have an unreasonable impact upon the privacy of other individuals.  He referred to my earlier decisions in Re Lobo and Department of Immigration and Citizenship[37] (Lobo) and Re Denehy and Superannuation Complaints Tribunal[38] (Denehy).

    [37] [2011] AATA 705; (2011) 56 AAR 1; 124 ALD 238

    [38] [2012] AATA 608; (2012) 131 ALD 413

  1. Mr Masters submitted that Mr Grubb’s identity is not apparent and cannot be ascertained when regard is had solely to the mobile network data.  That data, for example, contains no reference to a customer’s name or telephone number.  When regard is had to information in the public arena, Mr Grubb’s identity is neither apparent nor can be easily ascertained from that mobile network data.  The only way in which the identity of an individual could be ascertained from Telstra’s mobile network data would be for regard to be had to information that is not available in the public domain i.e. information in its network assurance systems, subscriber database and customer relationship management system. 

  1. Even if it were relevant to have regard to information that is solely within Telstra’s possession, it cannot be certain that the further information that would be required to identify an individual from mobile network data would be available.  The evidence, Mr Masters submitted, supports a finding that it is retained for a maximum of 30 days but for as few as three.  Therefore, the availability of information required to ascertain the identity of an individual from mobile network data is a matter of speculation and conjecture.  That is not enough to satisfy the definition of “personal information”.

  1. The process of identifying an individual from the mobile network data involves complicated and tedious searches of the sort that could not lead to a finding that the identity of the individual could reasonably be ascertained from that mobile network data.  He referred to the evidence of Mr Tracey.

  1. On behalf of the Privacy Commissioner, Ms Allars submitted that there is no basis for adopting an interpretation of the expression “personal information” any different from that which has been adopted when the same expression is used in the Freedom of Information Act 1982 (FOI Act).  The expression was adopted without comment in the Second Reading Speech made in 1988 by the then Attorney-General, the Hon Lionel Bowen MP in introducing the Privacy Bill.[39]  The Explanatory Memorandum had given examples but had not addressed the issue of the whether the identity of an individual is “apparent or can reasonably be ascertained, from the information or opinion.”  The Law Reform Commission, whose Privacy Report[40] preceded the Privacy Act, had considered the issue and stated that:

    “[i]f the information can easily be combined with other known information, so that the person’s identity becomes apparent, the information should be regarded as personal information.  Information should be regarded as ‘personal information’ if it is information about a natural person from which, or by use of which, the person can be identified.”[41]

Ms Allars submitted that my reasoning in Lobo and Denehy is consistent with this approach.

[39] Hansard, House of Representatives, 1 November 1988 at 2117

[40] Report No. 22, AGPS Canberra, 1983, Vol 2 at [1196]-[1198]

[41] Report No. 22, AGPS Canberra, 1983, Vol 2 at [1198]

  1. Turning to Telstra’s submissions, Ms Allars submitted that it had incorrectly treated the words “information or opinion” in the definition of “personal information” as referring to the whole of the database information it holds.  The words “information or opinion” appearing at the end of the definition of “personal information” should instead be read as referring to the “information or opinion” to which access is sought under NPP 6.1.  The definition is directed to the question whether the identity of a person is apparent or can reasonably be ascertained from the class of information that is the subject of the request made under NPP 6.1.  The words “apparent or can reasonably be ascertained” do not authorise an organisation to give a response along the lines of the size of the task’s being such that it would substantially and unreasonably divert its resources from its other operations. That would be a response permitted under s 24AA of the FOI Act but not under the Privacy Act.

  1. In applying the exception in NPP 6.1(c), a two-step approach is required.  The first is to enquire whether the identity of any other individuals would be apparent or reasonably ascertainable from the persona information of the requester.  That enquiry would be made on the assumption that the personal information as being in the public arena.  The second would be to ask whether giving access to the person making the request would have an unreasonable impact on other individuals.  These two steps, Ms Allars submitted, were taken by Yates J in Smallbone v New South Wales Bar Association[42] (Smallbone).

    [42] [2011] FCA 1145; (2011) 198 FCR 17; 284 ALR 82

  1. Ms Allars rejected any suggestion that Telstra could refuse to disclose the information on the basis that the identity of an individual was only apparent or could reasonably be ascertained from information or material that it has in its possession but which it refuses to place in the public arena.  Even if I were to accept that Telstra’s approach were correct, the evidence does not support it in the circumstances of this matter.  It is immaterial that personal information has been deleted from Telstra’s database because the issue is whether the identity of the person requesting the information is apparent or reasonably identifiable from the current information held.  The deleted data ceases to be the subject of the request for access.  The data that is the subject of the request is the data held by Telstra when its request is determined. 

  1. Mr Grubb submitted that the Privacy Act gives individuals a right to their personal information and a further right to have that personal information corrected if it is inaccurate, incomplete or out-of-date. Whether it is known as data or metadata, the information that he generates while using Telstra services, Mr Grubb submitted, is personal information. If he were not to exist, nor would that data. Therefore, that data is information about him and personal to him. He should be given access to it under the Privacy Act.

  1. At the heart of Mr Grubb’s submission is the proposition that, if a person were to trawl through the data held by Telstra, that person would be able to identify Mr Grubb from it.  To illustrate his submission, Mr Grubb referred to data released by AOL as anonymised search query logs conducted by a large number of its users.  AOL released the information for research purposes but made it publicly available.  Among those to whom it was available was the New York Times.  It used the information released by AOL on particular users to follow their searches and, using the information from those searches, to identify them. 

  1. The same would be true of him, Mr Grubb submitted.  Google, he said, uses encryption on searches.  That means that information about his search would arrive at Telstra in a “sanitised” form.  If he were to use a search engine that did not have encryption, his name would appear in the URL or metadata.  That URL would be stored by Telstra for an unknown period of time.  Every site that he visits reveals a little of his identity.  One site may, or may not, identify him but, when all the information is combined, metadata patterns are formed.  There would be a very high likelihood that it would be possible to identify the person who made the searches. 

  1. If Telstra can associate metadata with a specific account, Mr Grubb said, then it is personal information about that account holder.  If Telstra can give law enforcement access to metadata such as URLs, IP (Internet Protocol) addresses and cell tower information, why is it that Telstra cannot give him the same metadata, he asked.  Metadata generated by him is personal information.

THE EVIDENCE

  1. As the issue in this case concerned information held by Telstra in relation to Mr Grubb’s mobile telephone service, the evidence was directed to mobile communications and not to communications over fixed line or other services. 

    Telstra’s mobile network data

  2. Since 2013, Mr Gerard John Tracey has been the General Manager of Telstra’s Complex Analysis and Investigations team in its Network Infrastructure Operations group.  His role requires him to provide operational support for Telstra’s delivery of its products and services.  Before holding his current position, Mr Tracey was the Network Technology Manager of the Mobility Analysis and Investigations team in the Network Infrastructure Operations group.  He holds a Bachelor of Engineering and a Bachelor of Information from the Queensland University of Technology. 

  3. Mr Tracey gave evidence regarding Telstra’s mobile network data.  He explained that this data is a collection of recorded transactions that occur between mobile devices and Telstra’s mobile network in order to:

    (1)manage the mobility of mobile devices as they move through the network; and

    (2)establish, maintain or disconnect connections between mobile devices and the destinations that the devices and the destinations that the devices are seeking to communicate with (for example, another mobile device, a fixed service or an internet location).

  4. Telstra does not regard data used by Telstra for its billing purposes as mobile network data.  It keeps the two separate and distinct.  The data in the billing systems has been configured for the purpose of billing customers.

  1. Mr Tracey explained Telstra’s retention policy regarding its mobile network data:

    (1)Telstra is likely to hold multiple network data records in relation to a single mobile device over a period of only a few seconds after the device has been turned on to connect to, and communicate with, Telstra’s network.

    (2)Telstra’s mobile network data is retained for no more than about 30 days and, in some instances, for only three days.

    (3)The network data is retained for network assurance purposes.  That means that Telstra uses the data to ensure that its networks are optimally delivering the services that customers are paying to use as well as to investigate and address faults in the networks.

    Interrogation of Telstra’s mobile network data

  2. Telstra’s Network Infrastructure Operations group accesses mobile network data using approximately 13 different network assurance systems, Mr Tracey said.  Access to, and an understanding of, each of the 13 network assurance systems is required before the recorded transactions between a customer’s mobile device and Telstra’s network may be interpreted and explained.  In all, only some 12 staff have that access and knowledge.  All of them are located in the Network Infrastructure Operations group.  Mr Tracey explained the way in which the network assurance systems work:

    Telstra’s network assurance systems have been designed for the purpose of monitoring and ensuring the operation of Telstra’s network, and not for the purpose of billing customers (which is the purpose of Telstra’s billing systems).  Because of the way in which the network assurance systems have been configured, the collection and storage of any particular network data by Telstra are not certain or guaranteed.  Some transactions are randomly ‘missed’ and not gathered or stored.  This is because the network assurance systems have been designed to deliver an assurance capability, but without a level of capacity and robustness akin to those of Telstra’s networks and billing systems.”[43]

    [43] Exhibit A at [17]

  1. Mr Tracey said that there are many different types of information that Telstra could theoretically identify and isolate by interrogating mobile network data using its network assurance schemes.  He gave the following as examples together with those in the following paragraph.  None of the information in these examples is, Mr Tracey said, identified, isolated or extracted by Telstra as part of its normal business operations.[44]  The first examples he set out were:

    (a)     whether a particular call to a mobile device was unanswered;

    (b)the reason why a particular call from a mobile device was diverted (for example, whether a call was diverted to voicemail because the caller did not answer, was on another call, was out of coverage or declined the call);

    (c)the length of a particular Short Message Service (SMS) message sent or received by a mobile device (that is, the number of characters in the SMS message);

    (d)whether a particular call from a mobile device was to a prepaid mobile device;

    (e)whether a particular call from a mobile device was made using Telstra’s 2G network, 3G network or 4G network.”[45]

    [44] Exhibit A at [25]

    [45] Exhibit A at [18]

  2. In addition to these examples, Mr Tracey referred to three others which he said could be identified and isolated in relation to mobile communications only by interrogating the network data by using Telstra’s network assurance systems.  He added an explanation to each.  The three other examples are:

    (1)“Uniform Resource Locators (URLs) involved in mobile data communications

    A URL is an identifier, such as a webpage reference, used to locate a resource on the Internet.  An example of a URL is The URL is analogous to the name used when addressing a postal envelope.”[46]

    (2)       “Internet Protocol (IP) addresses allocated to mobile devices;

    An IP address is a numerical identifier assigned to an entity (for example, a mobile device, a network element, an internet site or a server) that communicates using the Internet Protocol.  The Internet Protocol is the communications protocol used to communicate with the Internet.  An example of an IP address is ….  An IP address is analogous to a street address used when addressing a postal envelope.  Mobile data communication occurs between the two entities, which are each allocated an IP address.  The IP address allocated to the requesting entity is called the ‘source’ IP address and the address allocated to the target destination is called the ‘destination’ IP address.  Generally, the requesting entity is a mobile device, and the target entity is either a network element or an Internet site.  A mobile device may have multiple IP addresses allocated to it over time.  Similarly, a particular IP address may be allocated to multiple mobile devices over time.”[47]

    (3)“mobile cell location information beyond the mobile cell location information that Telstra retains for billing purposes.

    Mobile cell location information relates to the location of mobile cells involved in mobile communications.  Telstra’s mobile network comprises a collection of mobile cells, which each provide radio coverage to a particular geographical area.  Telstra geographically groups cells to form what is called a ‘location area’.  As a mobile device moves through a location area, it may communicate with multiple cells in that area by ‘handing over’ between cells.  The cell with which a mobile device communicates is not necessarily the cell geographically closest to the mobile device.  Rather, the device will communicate with the cell that provides the best signal strength.”[48]

    [46] Exhibit A at [19] and [20]

    [47] Exhibit A at [19] and [21]

    [48] Exhibit A at [19] and [22]

    Distinguishing between Telstra’s mobile network data and its billing systems

  3. Mr Tracey described what he understands to be the difference between the information held on Telstra’s billing systems and that in its mobile network data record:

    Telstra’s billing systems only record the cell with which a customer’s device communicates at the commencement of the call and, in the case of an SMS message or MMS message, the cell involved in the sending of that communication.  For billing purposes, Telstra’s billing systems also record the cells with which a device communicates at periodic points during a data session.  A data session is a period that commences when a device connects to the mobile network to enable data communication using the Internet Protocol (for example, downloading content from the Internet) to be made, and continues until the device disconnects or is required to re-establish a new data session (for example, if the device loses coverage, or is powered off).  This is the mobile cell location information that Telstra retains for billing purposes.

    By contrast, Telstra’s mobile network data record other mobile cell location information in relation to mobile communications for network assurance purposes.  For example, when a mobile device is not involved in a chargeable communication but it is nevertheless moving through the network, it will initiate communication with a mobile cell when it detects that the cell is part of a ‘new’ location area.  By chargeable communication, I mean a communication in relation to which a customer may be billed by Telstra.  A mobile device will also periodically communicate with the network to confirm that it is still connected to the network.  The mobile cell location information that may be recorded in Telstra’s mobile network data, and which is retained for network assurance purposes, includes records of such communications.  It also includes information in relation to other cells with which a mobile device communicates during a call (that is, other than the cell with which the device communicates at the commencement of the call).”[49]

    [49] Exhibit A at [23]-[24]

    Organisation of Telstra’s mobile network data

  4. Mr Tracey gave evidence about the manner in which Telstra’s mobile network data is organised.  It is neither ordered nor indexed by reference to particular customers, their names or telephone numbers or by devices, he said.  Instead, network data is fundamentally grouped according to network entities.  Network entities, he said, are elements within Telstra’s network.  The grouping is based on various protocols that are used to establish, maintain or disconnect connections with the network.  Each protocol uses a numeric identifier.  A unique numeric identifier will appear in and identify a particular mobile network data record in relation to a mobile communication.  Each protocol and its numeric identifier relates to a different interface between network entities i.e. to a different function performed by the network.

  5. Numeric identifiers used to identify mobile network data may be an International Mobile Subscriber Identity (IMSI) or a Non-IMSI Identifier. 

    (1)IMSI

    (a)An IMSI is allocated to, and identifies, a Subscriber Identity Module (SIM) card.  The same IMSI will remain allocated to a particular SIM card.

    (b)As an example of its role, an IMSI is always used within the core switching voice network used to set up a voice call.

    (c)An IMSI is likely to have multiple Non-IMSI Identifiers, such as a TMSI, P-TMSI and GUTI, allocated to it.

    (2)Non-IMSI Identifier

    (a)Non-IMSI Identifiers include a Temporary Mobile Subscriber Identity (TMSI), the Packet-Temporary Mobile Subscriber Identity (P-TMSI), the SAE Temporary Mobile Subscriber Identity (S-TMSI), the Temporary Logical Link Identity (TLLI) and the Globally Unique Temporary UE Identity (GUTI).

    (b)One type of Non-IMSI Identifiers, a TMSI, is always used over radio interfaces such as the interface between a mobile device and a mobile cell tower.

    (c)Non-IMSI Identifiers are allocated dynamically and will reference multiple IMSIs over time.

    (d)The allocation of a Non-IMSI Identifier to an IMSI is a transaction that may be recorded in Telstra’s mobile network data.

    (i)The timing of that allocation is random in that it cannot be accurately predicted with any certainty.

    (ii)The timing of the allocation may be dictated by a range of factors including, but not limited to, when the relevant device was turned on, when the device was moved between geographical areas, when the device moved between networks (2G, 3G or 4G) and when any operational fault with the device or the network occurred.

    (iii)Some allocations of a Non-IMSI Identifier to an IMSI are transactions that are randomly missed and not collected or stored.

    Retention of Telstra’s mobile network data

  6. In his affidavit, Mr Tracey said that 30 days is generally the maximum period for which Telstra retains its mobile network data and that it may be as short as three days.[50]

    [50] Exhibit A at [32]

    The process of identifying a customer’s identity using mobile network data

  1. In explaining whether a customer’s identity could be ascertained from mobile network data by using a Non-IMSI Identifier, Mr Tracey dealt first with the situation in which Telstra had not retained the relevant mobile network data.  In that case there would be no record of the transaction allocating the Non-IMSI Identifier.  It would be impossible both from a theoretical and practical point of view.

  1. If the mobile network data had been retained, Mr Tracey said, and if the transaction recording the allocation of the Non-IMSI Identifier were identified, it would be possible to ascertain the relevant IMSI as the IMSI would appear in a recorded transaction.  Given that an IMSI is allocated to a particular SIM card, the customer’s identity could then be ascertained.  The task would:

    (1)have to be done by recursively reviewing historical network data and searching for a particular transaction recording the allocation of the Non-IMSI Identifier to an IMSI:

    (a)the process is possible in theoretical terms but impossible in practical terms given the immense volume of data that would need to be recursively reviewed in order to identify the relevant transaction;

    (2)require access to Telstra’s subscriber database in order to find the telephone number assigned to the SIM card to which the IMSI was allocated;

    (3)require access to Telstra’s customer relationship management system in order to find the name of the customer using the telephone number; and

    (4)have to be undertaken by a person within Telstra’s Network Infrastructure Operations group because he or she would have to have access to Telstra’s network assurance systems in order identify a specific transaction of that sort as well as access to Telstra’s subscriber database and customer relationship management system:

    (a)Telstra’s network assurance systems, its subscriber database and customer relationship management system are accessible only by authorised Telstra staff and representatives and not by members of the public;

    (b)Only four or so people within Telstra would have the capacity to identify, unaided by others, a customer’s name with a Non-IMSI Identifier because only four have access to all three sources of information and each is located within the Complex Analysis and Investigations team in the Network Infrastructure Operations group;

    (i)It is extremely rare that a member of the Network Infrastructure Operations group would ever look up a telephone number of a customer on the subscriber database using an IMSI. 

    ·The Network Infrastructure Operations group may look up an IMSI using a telephone number when investigating a complaint received from a customer in relation to an issue at a particular location at a particular time;

    (ii)Mr Tracey could recall fewer than ten occasions on which the Network Infrastructure Operations group had looked up a telephone number using an IMSI.  Those occasions generally arose because Telstra had determined that a particular device was causing disruption to a mobile network and it had to be identified to remove the large impact the disruption was having on its customer base.  On one such occasion, the device causing the disruption was located in a sports field light tower.

    ·In such a case, the Network Infrastructure Operations group would use the customer relationship management system to look up the name of the owner of the device;

    ·Apart from that situation, the Network Infrastructure Operations group would be extremely unlikely to look up the name of a customer using the customer relationship management system.  Normally, that system is used by Telstra’s customer relationship management staff and is not used as part of the Network Infrastructure Operations group’s functions.[51]

    [51] Exhibit A at [31]-[39]

Determining whether originating party has blocked his or her calling number display

  1. Mr Tracey said that once Telstra has ceased to retain its mobile network data it would, except in the case of an individual with a silent line, be impossible for it to identify whether an individual who had called a Telstra customer had chosen to block his or her calling number display.

  1. If it were the case that Telstra had retained the relevant recorded transactions, it may be possible for it to identify whether an individual calling a Telstra customer had chosen to block his or her calling number display.  Telstra’s mobile network data would have to be interrogated and that is a task that could only be undertaken by a very small number of specialised staff within Telstra.  It would be undertaken by:

    (1)using Telstra’s network assurance system to extract the recorded transactions in relation to the call in question;

    (2)review those recorded transactions to determine if a Calling Line Identification (CLI) suppression prefix (1831) had been used when the call was made.

    (a)a caller may use that prefix either by dialling it when making a call or by selecting a calling number display blocking function on the caller’s device;

    (b)the process would require each call to be reviewed, which would be laborious and time-consuming.

Telstra’s obligations to provide information to law enforcement agencies

  1. The Operations Manager gave evidence regarding Telstra’s obligations to provide information to law enforcement agencies in relation to mobile communications.  His evidence specifically excluded other types of communications such as fixed line communications.  He has been the Operations Manager of the Law Enforcement Liaison group of Telstra since July 2011.  Before that, he was a Senior Security Investigator and Adviser in its Security Investigations and Operations group.

  1. In accordance with Telstra’s legal obligations, the Operations Manager said, the Law Enforcement Liaison group provides law enforcement agencies with various types of information it has retained in relation to mobile communications.  The Law Enforcement Liaison group does not use any systems that enables it to have access to the mobile network data to which the Network Infrastructure Operations group has access for network assurance purposes.  Therefore, the Law Enforcement Liaison group does not, and cannot, ascertain the identity of individuals from mobile network data. 

  1. The information that the Law Enforcement Liaison group (LEL group) does give to law enforcement agencies includes information in relation to mobile calls, SMS messages, MMS messages and mobile data sessions during which a mobile device may be communicating with the internet:

    (1)Mobile data sessions may be described as “General Packet Radio Service” (GPRS) sessions;

    (2)The information may include the A-party number and the B-party number, the date, time and duration of the communication and certain mobile cell location information:

    (a)Mobile cells are sites in a cellular network containing equipment involved in mobile communications.

    (b)Typically, mobile cells are located on mobile cell towers or buildings and there may be multiple cells located on each.

    (c)A mobile cell is identified by an alphanumeric identifier called a Cell Global Identity (CGI).

    (d)The mobile cell location provided “… only concerns the location of the mobile cell with which a mobile device communicates when a call is first connected and/or an SMS message is sent or received (in relation to the A Party and/or the B Party, but only where the party is a Telstra customer), and the location of the mobile cells to which a mobile device periodically connects for billing purposes during a data session.”[52]

    [52] Exhibit B at [7]

  1. In Lobo, I went on to illustrate the view I had reached with examples:

    “          To illustrate, I will mention a couple of examples.  If, for example, information in the wider context were only available from a private source, that would not be in the public arena and could not be used to decide whether the information enabled the identity of an individual to be identified as required by the definition of ‘personal information’.  If that information were in the public arena but could only be obtained after complicated and tedious searches, that would be a factor in determining whether the individual’s identity ‘can reasonably be ascertained’ (emphasis added) from the information or opinion.

    A further question arises in relation to information that is available to some members, or even one member, of the public but is not available to all.  This arises below in relation to the academic transcripts showing the names and student numbers of students at SICB and their results.  Document 734 in Category 9 is an example. … [ See [350]-[354] below] Exemption is claimed under s 41(1) for the academic results. In an age in which records are computerised and search engines increasingly sophisticated, it would not be unreasonable to expect that a person who had access to SICB’s records could use the subjects and their codes, the dates of study and the results and marks for each subject to identify the person who is the subject of the academic transcript. It seems to me that regard should be had to all resources that may be available to a member of the public in deciding whether an individual’s identity can reasonably be ascertained from the information or opinion. That may be information that is available to all members of the public or may be available only to a limited number of them. The existence or nature of the information cannot be a matter of conjecture or speculation for the individual’s identity must be something that ‘can reasonably be ascertained, from the information or opinion’. The word ‘reasonably’ effectively eliminates conjecture or speculation.”[85]

    [85] [2011] AATA 705; (2011) 56 AAR 1; 124 ALD 238 at [301]-[302]; 97-98; 329

  1. I continue to be of the same view in relation to the FOI Act but would add that it must be remembered that the publicly available range of information and means of searching it must be kept in mind in determining whether an individual’s identity can be reasonably ascertained from the information or opinion in the possession of an agency or Minister.  Workload considerations are not of themselves relevant but the complexities and difficulties involved in ascertaining the identity of the person from any information or opinion are.

  1. Although the definition of “personal information” is the same in the Privacy Act as in the FOI Act, its application differs because of the different statutory regimes established by each. Except in certain situations relating to law enforcement and the preservation of life, the Privacy Act is not a vehicle for gaining access to personal information by persons other than the individuals concerned. It is not a means by which, once access has been given to the individual concerned, personal information is made publicly available by means of publication of the sort provided under s 11A of the FOI Act. In light of that, personal information to which access is given under the Privacy Act will not be subject to general public scrutiny of the sort to which a document might be subject when access to it is granted under the FOI Act.

  1. That difference does not, however, detract from the need under the Privacy Act to review information about an individual with an eye to what is in the public domain and what might be expected to be known. That need arises when determining whether information or opinion is about an individual “whose identity … can reasonably be ascertained, from the information or opinion.” In dealing with a request under the Privacy Act, it does not follow that an organisation need scour the public domain to ascertain whether there is information that can be married with the information or opinion it holds in order to ascertain the identity of the individual. What it means is that the organisation must keep in mind what might be matters of general knowledge. If, for example, the information were along the lines of “singer and songwriter who died prematurely”, I do not think that it could be said that the identity of that individual can reasonably be ascertained from that information.  If the information were “female singer and songwriter who died prematurely”, I suggest that her identity would also not be reasonably ascertainable.  If the information were “English female singer and songwriter who was known for her eclectic mix of musical genres of soul, rhythm and blues and jazz but who died prematurely in July 2011”, I suggest that the identity of the individual can be reasonably ascertained from the information which would be regarded as part of the broad body of general knowledge.[86] 

    [86] Amy Winehouse

  1. Beyond what might be considered to be general knowledge, I do not think that regard needs to be had to the wide range of information and means of searching information that is available in the public arena in determining whether an individual’s identity is reasonably ascertainable from the information or opinion held in an organisation.  In this regard the application of the definition of “personal information” differs from that in the FOI Act. The Privacy Act regulates the collection, handling and use of information about individuals and also provides means by which those individuals may obtain access to his or her own personal information and to ask that it be corrected for accuracy, relevance and completeness. In deciding whether the identity of an individual is apparent or can reasonably be ascertained from that information, regard needs to be had to the information held by the organisation. If that were not the case, an organisation could attempt to defeat the purposes of the Privacy Act by allocating a code of some sort to each individual and keeping a separate record of that.

Mobile network data

  1. Mr Tracey’s evidence regarding the nature and content of Telstra’s mobile network data is set out at [45] to [46] above.  The nature of that data was not challenged by the Commissioner or by Mr Grubb and I accept Mr Tracey’s evidence.  In particular, I find that the mobile network data that is in issue in this case has two essential features.  The first is that it records transactions occurring between mobile devices and Telstra’s mobile network in order to manage the mobility of mobile devices through that network.  These may be various during the course of a call from a mobile device as the device may communicate with various cells as the call moves through the network.  Even if a call is not made from a mobile device, there remains communication between the mobile device and the network in order to confirm that the network connection remains.  The second feature of mobile network data is that it establishes, maintains or disconnects connections between mobile devices and the destinations that the devices and the destinations that the devices are seeking to communicate with (for example, another mobile device, a fixed service or an internet location).  Also on the basis of Mr Tracey’s evidence, I accept that Telstra does not collect all of the network data that is generated and, if it does collect it, does not generally store that data for periods longer than 30 days. 

  1. Data that is required for Telstra’s billing systems is collected but Mr Grubb has been given access to data from that system as it is information about the calls he has made and so about him.  It includes a record of the cell with which a mobile phone or other device communicates at the beginning of the call or, in the case of an SMS or MMS message, the cell involved in sending the message.  It does not record the cells with which the mobile device connects during the course of a communication.  

  1. I also accept that it may, but not always, be possible to identify a particular Telstra customer by reference to the mobile network data and other data it maintains.  That fact does not necessarily lead to the conclusion that the mobile network data is personal information.  Whether it is personal information depends upon its characterisation as being about an individual for that is what the definition of “personal information” requires. Mr Grubb submitted that, but for his making his calls or sending his SMS or MMS messages, particular data in Telstra’s mobile network data would not have been generated. That is true but it does not detract from the characterisation task that I am required to undertake. Is the information about an individual being, in this case, Mr Grubb or is it about something else? If the outcome of that characterisation is that it is not information about an individual, Telstra will not, as Mr Grubb submitted, be required to keep it secure under the Privacy Act. That is an outcome that would follow from the application of the definition in the particular circumstances of the case.

  1. Had Mr Grubb not made the calls or sent the messages he did on his mobile device, Telstra would not have generated certain mobile network data.  It generated that data in order to transmit his calls and his messages.  Once his call or message was transmitted from the first cell that received it from his mobile device, the data that was generated was directed to delivering the call or message to its intended recipient.  That data is no longer about Mr Grubb or the fact that he made a call or sent a message or about the number or address to which he sent it.  It is not about the content of the call or the message.  The data is all about the way in which Telstra delivers the call or the message.  That is not about Mr Grubb.  It could be said that the mobile network data relates to the way in which Telstra delivers the service or product for which Mr Grubb pays.  That does not make the data information about Mr Grubb.  It is information about the service it provides to Mr Grubb but not about him. 

  1. I have considered also the IP address allocated to the mobile device which Mr Grubb used.  On the basis of the evidence of Mr Tracey and the Operations Manager, I am satisfied that an IP address is not information about an individual.  Certainly, it is allocated to an individual’s mobile device so that a particular communication on the internet can be delivered by the Internet Service Provider to that particular mobile device but, I find, an IP address is not allocated exclusively to a particular mobile device and a particular mobile device is not allocated a single IP address over the course of its working life.  It changes and may change frequently in the course of a communication.  The connection between the person using a mobile device and an IP address is, therefore, ephemeral.  In the context of this case, it is not about the person but about the means by which data is transmitted from a person’s mobile device over the internet and a message sent to, or a connection made, with another person’s mobile device. 

Law enforcement

  1. Mr Grubb has asked why he cannot have the same information as that available to law enforcement agencies. The answer is that the entitlements of Mr Grubb and those of law enforcement agencies are the subject of different legislative regimes. Each regime seeks to achieve a balance of policy considerations and desirable outcomes. Those policy considerations include protection of an individual’s privacy, search and rescue, security and law enforcement issues and public safety. The various regimes represent a balance of the various relevant considerations as arrived at by the Parliament. NPP 6.1 is an example of the way in which that balance is achieved. I have set I have set out NPP 6.1(c), (g) and (h) at [16] above.[87]  It shows that an organisation’s obligation to provide an individual with access to personal information about him or her is balanced by considerations of the sort to which I have referred. 

    [87] The other paragraphs read: “6.1          If an organisation holds personal information about an individual, it must provide the individual with access to the information on request by the individual, except to the extent that: (a) in the case of personal information other than health information – providing access would pose a serious threat to the life or health of any individual; or (b) in the case of health information – providing access would pose a serious threat to the life or health of any individual; or (c) …; or (d) the request for access is frivolous or vexatious; or (e) the information relates to existing or anticipated proceedings between the organisation and the individual, and the information would not be accessible by the process of discovery in those proceedings; or (f) providing access would reveal the intentions of the organisation in relation to negotiations with the individual in such a way as to prejudice those negotiations; or (g) …; or (h) …; or (i) providing access would be likely to prejudice an investigation of possible unlawful activity; or (j) providing access would be likely to prejudice: (i) the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law; or (ii) the enforcement of laws relating to the confiscation of the proceeds of crime; or (iii) the protection of the public revenue; or (iv) the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct; or (v) the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of its orders; by or on behalf of an enforcement body; or (k) an enforcement body performing a lawful security function asks the organisation not to provide access to the information on the basis that providing access would be likely to cause damage to the security of Australia.

  1. The amendment of the TIA Act by the Data Retention Act, which came into force on 13 October 2015, and the consequent deeming of certain information to be personal information about an individual represents an adjustment of the balance among the different public and private interests.  I have not given any consideration to whether I would, or would not, have reached a different outcome had the amended legislation applied in the circumstances of this case.  It was agreed between the parties that it did not apply and it is not the role of the Tribunal to consider matters entirely in the abstract.

DECISION

  1. For the reasons I have given, I set aside the decision of the Commissioner dated 1 May 2015. In its place, I substitute a decision that Mr Grubb’s complaint to the Commissioner and dated 15 June 2013 is not substantiated. As a consequence, I set aside the Commissioner’s declaration under s 52 of the Privacy Act and substitute a determination that Telstra has not breached NPP 6.1 and is not required to provide further information to Mr Grubb in response to his request.

I certify that the one hundred and sixteen preceding paragraphs are a true copy of the reasons for the decision herein of
Deputy President S A Forgie,

Signed:           ………..................[sgd].....................................

Personal Assistant

Date of Hearing   7 and 8 October 2015

Date of Decision  18 December 2015

Counsel for the Applicant                   Mr J Masters

Solicitor for the Applicant                   Ms J Chiu and Ms N McKinley
Telstra Corporation Limited

Counsel for the Respondent              Ms M Allars SC

Solicitor for the Respondent              Mr L Holcombe and Ms K Mihalic
HWL Ebsworth Lawyers

Joined Party  Mr B Grubb, self-represented


Actions
Download as PDF Download as Word Document