Late last week the Full Federal Court delivered what should be the final word in a long-running dispute between the Privacy Commissioner and Telstra about whether data generated within a telecommunications network in the course of transmitting calls and other messages should be treated as “personal information” under the Privacy Act 1988 (Cth).
The case is of great importance as it directly affects the scope of data that will be subject to the Act and, by extension, the scope of the Privacy Commissioner’s regulatory authority. The Court was hearing an appeal by the Commissioner from an earlier decision of the Administrative Appeals Tribunal, which had found that the network data in question was not personal information because it was not information “about” a relevant individual (rather, it was information about the operation of Telstra’s network). The Court agreed with this analysis, saying that while a particular piece of data may have more than one subject matter, it will only constitute personal information under the Act if one of its subject matters is an identified or identifiable individual. The Court dismissed the Commissioner’s appeal on the basis that he had failed to show that the AAT had erred in finding that none of the network data in question was “about” a relevant individual.
Our privacy buffs have been following this case throughout its multi-year history and you can read more about the AAT’s decision here, and the Court’s decision here. You can also access the Court’s full judgment at Privacy Commissioner v Telstra Corporation Limited [2017] FCAFC 4.
