Telstra's appeal of Privacy Commissioner's determination in Grubb v Telstra

7/23/2019 Telstra's appeal of Privacy Commissioner's determination in Grubb v Telstra

http://slidepdf.com/reader/full/telstras-appeal-of-privacy-commissioners-determination-in-grubb-v 1/46

© Commonwealth of Australia 2015

[2015] AATA 991

Division: GENERAL DIVISION

File Number: 2015/2199

Re: TELSTRA CORPORATION LIMITED

APPLICANT

And: PRIVACY COMMISSIONER

RESPONDENT

And: BEN GRUBB

JOINED PARTY

DECISION

Tribunal Deputy President S A Forgie

Date 18 December 2015

Place Melbourne

The Tribunal decides to:

1. set aside the determination of the Respondent dated 1 May 2015; and

2. substitute a determination that:

(1) the complaint made by the Joined Party is not substantiated;

(2) the Applicant has not breached National Privacy Principle 6.1 in

Schedule 3 to the Privacy Act 1988 ; and

(3) in response to the Joined Party’s request made to the Applicant

under the Privacy Act 1988 and dated 15 June 2013, the Applicant is

not required to provide any further information to the Joined Party in

addition to that which it has already provided.

………[sgd]……………. Deputy President



PAGE 2 OF 46

CATCHWORDS – PRIVACY – National Privacy Principles – personal information – accesssought to mobile network data including metadata – when information is about an individual – when the identity of an individual is apparent or can reasonably be ascertained – determination set aside.

LEGISLATION

Freedom of Information Act 1982: ss 4(1); 11A; 11B; 24AA; 41 and 47FFreedom of Information Amendment (Reform) Act 2010: s 3Privacy Act 1988: ss 6(1); 6C(1)(b); 6D-6EA; 16A(2); 16B(1) and (2); 16C(3); 36; 36(1) and(7); 36(2A); 40(1) and (1A) and 52(1)(a) and (b), (1B) and (2)Privacy Amendment (Enhancing Privacy Protection) Act 2012: ss 2 and 3Telecommunications Act 1997: ss 7 and 87(1)Telecommunications (Interception and Access) Act 1979: ss 5(1); 187A(1), (3) and (4);187AA and 187LA

Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015: s 3

CASES

Bailey v Hinch [1989] VicRp 9; [1989] VR 78 Ben Grubb and Telstra Corporation Limited [2015] AICmr [35]Collector of Customs v Agfa-Gevaert Ltd [1996] HCA 36; (1996) 186 CLR 389; 141 ALR59; 43 ALD 193; 24 AAR 282Director of Public Prosecutions (NT) v WJI [2004] HCA 47; (2004) 219 CLR 43; 210 ALR276Exxon Corporation v Exxon Insurance Ltd [1982] Ch 119Jorgensen v Australian Securities and Investments Commission [2004] FCA 143; (2004)

208 ALR 73Re Denehy and Superannuation Complaints Tribunal [2012] AATA 608; (2012) 131 ALD413Re Lobo and Department of Immigration and Citizenship [2011] AATA 705; (2011) 56 AAR1; 124 ALD 238Smallbone v New South Wales Bar Association [2011] FCA 1145; (2011) 198 FCR 17; 284 ALR 82WL v La Trobe University [2005] VCAT 2592; (2005) 24 VAR 23

OTHER MATERIAL

Chambers 21st Century Dictionary, 1999, reprinted 2004, Chambers

Explanatory Memorandum to Privacy BillPrivacy Report Law Reform Commission Report No. 22, AGPS Canberra, 1983, Vol 2Second Reading Speech to Freedom of Information Bill Hansard, House ofRepresentatives, 1 November 1988 at 2117

REASONS FOR DECISION

1. Under the Privacy Act 1988 (Privacy Act), Mr Ben Grubb asked for access to all metadata

information held by Telstra Corporation Limited (Telstra) regarding his mobile phone.Telstra gave him access to a range of information but declined to give him access to its



PAGE 3 OF 46

mobile network data which includes metadata. On a complaint made to him by Mr Grubb

regarding Telstra’s decision, the Privacy Commissioner (Commissioner) decided on 1 May

2015 that the mobile network data is “ personal information” as that term is defined in the

Privacy Act. He further decided that, in refusing to give Mr Grubb access to it, Telstra was

in breach of National Privacy Principle (NPP) 6.1 and directed that he give that information

to Mr Grubb. The relevant law is that which was in force before 13 October 2015.1 I have

decided that Telstra’s mobile network data is not information about an individual, namely

Mr Grubb, and so is not personal information. Therefore, Telstra is not in breach of NPP

6.1 in refusing to give him access to it.

REQUEST FOR DATA

2. On 15 June 2013, Mr Grubb wrote an email to Telstra:

“ As you are no doubt aware under Australian law I have a general right to accessthe personal information that a company holds about me. With this in mind I’d liketo request all the metadata information Telstra has stored about my mobile phoneservice (04…).

The metadata would likely include which cell tower I’m connected to at any giventime, the mobile phone number of a text I have received and the time it wasreceived, the time a data session finished and begun, URLs [Uniform Resource Locators] of websites I have visited, the duration of telephone calls, who is callingand who I’ve called and so on. I assume estimated longitude and latitude positionswould be stored too. This is the type of data I would like to receive.”2

TELSTRA’S RESPONSE and Mr GRUBB’S PRIVACY COMPLAINT

3. In its letter of 16 July 2013 to Mr Grubb, Telstra provided the following response to his

request:

“I’ve confirmed that:

· We are unable to provide you with information regarding your location andthe details of the numbers that called and sent SMS to your service due to privacy laws.

·

I advised you that you can access your outbound mobile call details via youronline billing.· I advised you that you can access the length of your data usage sessions via

online billing.· I advised you that you will need a subpoena for any of the other information

you have requested.”3

4. On 8 August 2013, Mr Grubb lodged a complaint with the Privacy Commissioner

(Commissioner) on the basis that the law requires Telstra to give him access to data that is

1 See [11] below

2 Documents lodged under s 37 of the Administrative Appeals Tribunal Act 1975 (T documents); T7at 5333 T documents; T7 at 535



PAGE 4 OF 46

personal to him. No other person has matching data, he added.4 He sought neither an

apology nor compensation. His complaint was made under s 36 of the Privacy Act.

INFORMATION GIVEN TO Mr GRUBB BEFORE COMMISSIONER’S DETERMINATION

5. Following his complaint to the Commissioner, Telstra has given Mr Grubb the following

additional information, which I set out in its context:

(1) As resolution of the complaint turned on what information fell within thescope of Mr Grubb’s request and so what was “ personal information”, Telstrawrote to him on 2 October 2014 saying, in part:

“To assist with narrowing the issues that need to be considered anddetermined by the Commissioner, we are providing you with this letter:

1. a compact disk containing call records in respect of your account;

2. a folder containing all bills that have been issued to you in respect ofyour account;

3. a document (Attachment 1 to this letter) listing personal informationin relation to you that is contained in our customer relationshipmanagement system.

Telstra accepts that all of this information is ‘personal information’ for the purposes of the Privacy Act 1988.”5

(a) The Compact Disk contained an Excel spreadsheet showing call datarecords in relation to all outgoing calls, Short Message Service(SMS) messages and Multimedia Messaging Service (MMS)messages from Mr Grubb’s mobile telephone service between

17 January 2011 and 21 September 2014. The records containedinformation showing the following:

(i) the originating number, described as the “ A-party number ”,being Mr Grubb’s mobile number;

(ii) the A-party location being the mobile cell location;

(iii) the number of the recipient of the communication, which isdescribed as the “B-party number ”;

(iv) the date of the communication;

(v) the time of the communication; and

(vi) the duration of the communication in seconds in the case of acall and, in the case of an SMS or MMS, the fact that it wasmade.

(b) The folder referred to in the letter contained copies of all bills thatrelated to his mobile telephone service account since it had beenopened and that Telstra had issued to him since then. Ms Jhin Chiu,a Legal Counsel with Telstra, stated that the form of accounts hadchanged over the years but that the information they contained hadgenerally remained the same. I set out the type of informationappearing in a bill at […(c)(iii)] below.

4 T documents; T7 at 527-5315 Exhibit C; Exhibit JC-1



PAGE 5 OF 46

(c) The information in Attachment 1 to Telstra’s letter dated 2 October2014 and referred to in (1) of this paragraph contained information ofthe following type:

(i) Personal information held in Telstra’s Customer RelationshipSystem including details of Mr Grubb’s full name, address,

date of birth, mobile number, email address(es), billingaccount number, customer ID (identity), IMSI (InternationalMobile Subscriber Identity), PUK (personal unlocking key),marketing opt outs, SIM (Subscriber Identity Module)category and password.

(ii) A sample page of calls made from his mobile numbershowing:

(i) Mr Grubb’s number as “ A-party number ”;

(ii) A-party location being a suburb or area;

(iii) B-party number being the number called;

(iv) Call date;

(v) Call time; and

(vi) Call duration in seconds or SMS details.

(iii) A Tax Invoice or Telstra Bill issued to Mr Grubb in the formcurrently used by Telstra. It shows:

· information such as his address, the billing period, thedate the bill was issued, the account number and thebill number, the mobile number, the total due forpayment and when it was due;

· his bill history in graph form, details of his previousbalance and its payment and the charges due underhis particular plan;

· general information about how to restrict or bar certaincontent on his mobile; and

· details of the calls he had made on his mobile in thebilling period showing, for each call, the date and timeit was made, the type of call being National or Nationalto Telstra mobile, location, number called, rate (beingPeak or Weekend), duration in minutes and seconds,the gross amount in dollars and the net amount indollars.

(2) In a letter dated 18 November 2014, Telstra gave Mr Grubb additional datathat it regarded as personal information. That was information regarding thecolour of his handset, the handset’s ID, its IMEI (International Mobile StationEquipment Identity), his mobile device payment option and the networktype.6

(3) Telstra wrote a third letter dated 27 January 2015 including a report ofinformation that it had extracted from a system that retained nine to tenmonths of data at a time. The report was downloaded to a USB flash drive.The data Telstra extracted related to the period from 19 February 2014 to

6 Exhibit C; Exhibit JC-2



PAGE 6 OF 46

3 December 2014 and included some material that it had previouslyprovided to Mr Grubb. The report included details of:

(a) A-party number;

(b) A-party IMEI;

(c) A-party IMSI;(d) A-party Cell ID;

(e) A-party location;

(f) original number called;

(g) called number;

(h) B-party IMEI (redacted);

(i) B-party IMSI (redacted);

(j) B-party Cell ID (redacted);

(k) B-party location (redacted);

(l) call date;

(m) call time;

(n) call duration in seconds.7

INFORMATION NOT GIVEN TO MR GRUBB BEFORE COMMISSIONER’SDETERMINATION

6. On the basis of Ms Chiu’s affidavit, I find that Telstra has not given Mr Grubb access to two

classes of information. One class comprises call data records in relation to incoming calls,SMS messages or MMS messages. The other class comprises “… network data retained

by Telstra in relation to communications passing through its mobile networks.”8 Ms Chiu

expanded on the first:

“Incoming call data records would show the following categories of information: the

A Party’s number, IMEI and IMSI, the B Party’s number, IMEI and IMSI, mobile cell

location information in relation to the A Party and the B Party (where the party is a

Telstra customer), and the date, time and (where applicable) duration of the

communication. This information would be shown in relation to each call, SMS

message and MMS message to the Complainant’s mobile telephone service sincehis account was opened, whether or not the A Party had a silent line or had blocked

his or her calling number display.”9

NOTICE TO PRODUCE ISSUED TO TELSTRA BY THE COMMISSIONER

7. On 27 November 2014 and before Telstra sent its third set of information to Mr Grubb early

in 2015, the Commissioner gave Telstra a Notice to Produce the following:

7 Exhibit C; Exhibit JC-3 and see also T documents; T21 at 619-9178 Exhibit C at [22]9 Exhibit C at [21]



PAGE 7 OF 46

“The information that Telstra would provide to a law enforcement agency underwarrant or court order requesting the following data and information regardingMr Ben Grubb’s mobile telephone account …:

All the metadata and telecommunications data Telstra hold s about Mr Ben Grubb’smobile telephone account which may include (but is not limited to) the following:

- Subscriber information including service number and connection dates

- Carriage service records including call records, SMS records and internet

records (including date, time and duration of a communication, details of the

phone numbers of the parties involved in the communications)

- Location-based information including the cell tower Mr Grubb is connected to

at any given time, estimated longitude and latitude positions)

- Internet session information including date, time and duration of internet

sessions as well as Internet Protocol (IP) address, email logs and URLs of

websites”.10

8. On the basis of Ms Chiu’s affidavit, I find that the Commissioner subsequently narrowed the

scope of information to be produced by his Notice to Produce.11 In its response dated

11 December 2014, Telstra provided the following information:

(1) The information contained in the first document included Mr Grubb’s servicenumber, account number(s), customer ID, connection date and statementthat still active, service name, service address, billing name, statementemail, date of birth, authorised representative, SIM number, IMSI, IMEI,product being plan and mobile, SIM replacement and order submitted and

place where submitted.(a) Telstra noted that an order had been placed but it could not identify

whether it had been submitted online or over the telephone as boththe order and interaction had been archived. It had been unable toaccess that archived information due to an issue it had identified.12

(2) The second document set out Mr Grubb’s call records extending from 19February 2014 to 3 December 2014. The format is the same as that in thecall records sent to Mr Grubb by Telstra in its letter dated 27 January 2015for the same period.13

(3) Call data records in relation to incoming and outgoing calls.14 A samplepage was attached to Ms Chiu’s affidavit as part of Exhibit JC-1. I have

summarised the nature of the information shown on the document at (1)(a)of this paragraph.

(4) Sample longitude and latitude coordinates of mobile cells. That documentsets out information under the following headings:

(a) CGI (computer-generated imagery);

(b) Base Station Name;

10 Exhibit C at [13]11 Exhibit C at [14]

12 T documents; T25 at 1115-111613 See [5(3)] above and T documents; T21 at 619-91714 T documents; T22 at 919-1107



PAGE 8 OF 46

(c) Billing name;

(d) MSA Name (Metropolitan Statistical Areas);

(e) State;

(f) Antenna Latitude (GDA9415);

(g) Antenna Bearing;

(h) Technology;

(i) Cell Name (LRD Code);16

(j) Base Station Type; and

(k) Date.17

COMMISSIONER’S DETERMINATIONS

9. After reviewing Mr Grubb’s complaint, the Commissioner made two declarations on 1 May

2015. The first was that Mr Grubb’s complaint was substantiated and the Telstra had

breached NPP 6.1 by failing to provide the complainant with access to personal information

in accordance with it. Under s 52(1)(b)(ii) of the Privacy Act, the Commissioner declared

that Telstra must:

“· within 30 business days after the making of this declaration, provide thecomplainant with access to the following personal information held byTelstra in accordance with the complainant’s request dated 15 June 2013and further to that already provided by Telstra to the complainant, save thatTelstra is not obliged to provide access to the phone numbers of incoming

callers:

· Internet Protocol (IP) address information

· Uniform Resource Locator (URL) information

· Cell tower location information beyond the cell tower locationinformation that Telstra retains for billing purposes (to which thecomplainant has been given access). …

· provide the complainant with access to the above information free ofcharge.”18

10. Mr Grubb said at the hearing that he was not seeking access to the phone numbers ofincoming callers.

15 GDA94 is the Geocentric Datum of Australia. It is a coordinate reference system that was adoptednationally on 1 January 2000.

16 LRD = Link & Route Detail17 T documents; T23 at 110918 Ben Grubb and Telstra Corporation Limited [2015] AICmr [35] at [172]; footnote omitted



PAGE 9 OF 46

LEGISLATIVE FRAMEWORK

Privacy Act in forc e immediately before 12 March 2014 amendm ents came into effect

11. Between the time Mr Grubb lodged his complaint with the Commissioner in 2013 and the

time the Commissioner made his determinations in 2015, the Privacy Act has been

extensively amended. Amendments of particular relevance are those made by the Privacy

Amendment (Enhancing Privacy Protection) Act 2012 (PAEPP Act) but their application is

determined by Schedule 6. In this case, Item 16 is relevant for it relates to complaints

made to the Commissioner under s 36 of the Privacy Act before the commencement time

(12 March 201419) but only if:

“immediately before that time, the Commissioner has not:

(i) decided under Part V of that Act not to investigate, or not to investigate

further, the act or practice; or (ii) made a determination under section 52 of that Act in relation to the

complaint.”20

In those circumstances, the complaint may be dealt with under the Privacy Act after

12 March 2014 as if the amendments made by the PAEPP Act had not been made.21

Telstra’s duty under the Privacy Act

12. For the purposes of the Privacy Act, Telstra is regarded as an organisation. The word

“organisation” is defined to include various entities. Among them is a body corporate that is

not a small business operator.22 Telstra is not a small business operator but it is a body

corporate and so an organisation. It is common ground that Telstra does not have an

approved policy code binding it. Therefore, it must not do an act, or engage in a practice,

that breaches a National Privacy Principle (NPP).23

A. Application of NPPs

13. Putting aside tax file number information, credit information and credit reporting,24 the

Privacy Act applies to the collection of personal information by an organisation and to the

19 PAEPP Act; Schedule 6, Item 1 and s 2, Item 220 PAEPP Act; Schedule 6, Item 16(1)(b)21 PAEPP Act; Schedule 6, Item 16(2) I set out the relevant amendment that has been made to thedefinition of “ personal information” at [80] below. At [19]-[25] below, I set out the amendments madeto the Telecommunications (Interception and Access) Act 1979 to add ss 187AA and 187LA andtheir relevance to the definition of “ personal information” under the Privacy Act. 22 Privacy Act; s 6C(1)(b) and see also ss 6D-6EA23 Privacy Act; s 16A(2) The NPPs were replaced by the Australian Privacy Principles (APPs) by thePAEPP Act with effect from 12 March 2014: see s 3, Schedule 1, Items 14 and 104 and s 2(1), Item

2.24 Tax file numbers and credit information are the subjects of Division 4 and 5 of Part III respectively.Part IIIA relates to credit reporting.



PAGE 10 OF 46

personal information collected only if certain circumstances apply. In relation to the

collection, the Privacy Act only applies if it is collected for inclusion in a record or a

generally available publication. In relation to personal information that has been collected,

it applies only if it is held by an organisation in a record.25 The word “record ” is defined in

s 6(1) of the Privacy Act to mean:

“(a) a document; or

(b) a database (however kept); or

(c) a photograph or other pictorial representation of a person;

but does not include:

(d) a generally available publication; or

(e) anything kept in a library, art gallery or museum for the purpose of reference,study or exhibition; or

(f) Commonwealth records as defined by subsection 3(1) of the Archives Act1983 that are in the open access period for the purposes of that Act; or

(fa) records (as defined in the Archives Act 1983 ) in the custody of the Archives(as defined in that Act) in relation to which the Archives has entered intoarrangements with a person other than a Commonwealth institution (asdefined in that Act) providing for the extent to which Archives or other persons are to have access to the records; or

(g) documents placed by or on behalf of a person (other than an agency) in thememorial collection within the meaning of the Australian War Memorial Act1980; or

(h) letters or other articles in the course of transmission by post.”

14. Sections 16C to 16E modify the way in which the NPPs apply. Sections 16C and 16D

delay their application in some instances and s 16E take the collection and use of personal

information for an individual’s personal, family or household affairs outside the application

of the NPPs. Section16C(3) was raised during the hearing in relation to the construction of

“ personal information” but it was also recognised that it does not apply to exclude any

personal information that is from the scope of NPP 6. It is a transitional provision and was

included when Division 3 of Part III was added by the Privacy Amendment (Private Sector)

Act 2000 with effect from 21 December 2001. The personal information sought by

Mr Grubb has been collected since that date.

15. Section 16C(3) provides:

“National Privacy Principle 6 applies in relation to personal information collectedafter the commencement of this section. That Principle also applies to personalinformation collected by an organisation before that commencement and used ordisclosed by the organisation after that commencement, except to the extent that

25 Privacy Act; ss 16B(1) and (2)



PAGE 11 OF 46

compliance by the organisation with the Principle in relation to the informationwould:

(a) place an unreasonable administrative burden on the organisation; or

(b) cause the organisation unreasonable expense.”

B. NPP 6

16. Only some paragraphs of sub-clause 6.1 of NPP 6 come into play and I will repeat only

those paragraphs that may be relevant:

“ Access and correction

6.1 If an organisation holds personal information about an individual, it must provide the individual with access to the information on request by theindividual, except to the extent that:

(a)-(b) … (c) providing access would have an unreasonable impact upon the

privacy of other individuals; or

(d)-(f) …

(g) providing access would be unlawful;

(h) denying access is required or authorised by or under law; or

(i)-(k) …”

C. Definition of “personal inform ation ”

17. Immediately before 12 March 2014, s 6(1) of the Privacy Act defines the term “ personal

information” to mean:

“… information or an opinion (including information or an opinion forming part of adatabase), whether true or not, and whether recorded in a material form or not,about an individual whose identity is apparent, or can reasonably be ascertained,from the information or opinion.”

18. For completeness, I note that the definition was repealed and substituted from that day with

the following:

“personal information means information or an opinion about an identifiedindividual, or an individual who is reasonably identifiable:

(a) whether the information or opinion is true or not; and

(b) whether the information or opinion is recorded in a material form or not.”26

D. Extension of duty from 13 October 2015

19. With effect from 13 October 2015, the Telecommunications (Interception and Access) Act

1979 (TIA Act) was amended by the Telecommunications (Interception and Access)

26 PAEPP Act; s 3, Schedule 1, Item 36



PAGE 12 OF 46

Amendment (Data Retention) Act 2015 (Data Retention Act). Both before and after that

date, Telstra has been a “carriage service provider ” for the purposes of the TIA Act.27

20. From 13 October 2015, the following note was added to the definition of “ personal

information” in s 6(1) of the Privacy Act:

“Note: Section 187LA of the Telecommunications (Interception and Access) Act1979 extends the meaning of personal information to cover information keptunder Part 5-1A of that Act.”28

21. More specifically, s 187LA, which comes within Part 5-1A of the TIA Act and which also

came into effect from 13 October 2015, provides:

“(1) The Privacy Act 1988 applies in relation to a service provider, as if theservice provider were an organisation within the meaning of that Act, to the

extent that the activities of the service provider relate to retained data.

(2) Information that is kept under this Part, or information that is in a documentkept under this Part is taken, for the purposes of the Privacy Act 1988, to be personal information about an individual if the information relates to:

(a) the individual; or

(b) a communication to which the individual is a party.”

22. Part 5-1A imposes an obligation on persons it describes as “service providers” who operate

a service to which Part 5-1A applies to:

“… keep, or cause to be kept, in accordance with section 187BA and for the periodspecified in in section 187C:

(a) information of a kind specified in or under section 187AA; or

(b) documents containing information of that kind;

relating to any communication carried by means of the service.

Note 1-3 …”29

23. Since 13 October 2015, s 187A(3) of Part 5-1A provides that the Part applies to a service if:

27 TIA Act; s 5(1) providing that “carriage service provider has the meaning given by theTelecommunications Act 1997 .” Section 7 of the Telecommunications Act 1997 (Telecommunications Act) provides that the expression “carr iage service provid er has the meaninggiven by section 87 .” Section 87(1) set out what it describes as a “basic definition” before it goes onto modify it. The basic definition is:“(1) For the purposes of this Act, if a person supplies, orproposes to supply, a listed carriage service to the public using: (a) a network unit owned by one ormore carriers; or (b) a network unit in relation to which a nominated carrier declaration is in force; theperson is a carr iage service prov ider .” Section 86 provides that, for the purposes of thatlegislation, a carriage service provider is, together with a content service provider, a “service

provider ”. 28 Data Retention Act; s 3; Schedule 1; Item 1H29 TIA Act; s 187A(1)



PAGE 13 OF 46

“(a) it is a service for carrying communications, or enabling communications tobe carried, by means of guided or unguided electromagnetic energy or both;and

(b) it is a service:

(i) operated by a carrier; or

(ii) operated by an internet service provider (within the meaning ofSchedule 5 to the Broadcasting Services Act 1992 ); or

(iii) of a kind for which a declaration under subsection (3A) is in force;and

(c) the person operating the service owns or operates, in Australia,infrastructure that enables the provision of any of its relevant services;

but does not apply to a broadcasting service (within the meaning of theBroadcasting Services Act 1992 ).”

24. Section 187AA sets out six topics of information that, since 13 October 2015, must be kept

and gives a description of the information in each. The topics are:

“1 The subscriber of, and accounts, services, telecommunications devices andother relevant services relating to, the relevant service”

“2 The source of a communication”

“3 The destination of a communication”

“4 The date, time and duration of a communication, or of its connection to arelevant service”

“5 The type of a communication or of a relevant service used in connection witha communication”

“6 The location of equipment, or a line, used in connection with acommunication”.

25. Section 187A(4) now clarifies the operation of s 187AA by providing:

“This section does not require a service provider to keep, or cause to be kept:

(a) information that is the contents or substance of a communication; or

Note: This paragraph puts beyond doubt that service providers are not

required to keep information about telecommunications content.(b) information that:

(i) states an address to which a communication was sent on theinternet, from a telecommunications device, using an internet accessservice provided by the service provider; and

(ii) was obtained by the service provider only as a result of providing the

service; or

Note: This paragraph puts beyond doubt that service providers are notrequired to keep information about subscribers’ web browsinghistory.

(c) information to the extent that it relates to a communication that is beingcarried by means of another service:



PAGE 14 OF 46

(i) that is of a kind referred to in paragraph (3)(a); and

(ii) that is operated by another person using the relevant serviceoperated by the service provider;

or a document to the extent that the document contains such information; or

Note: This paragraph puts beyond doubt that service providers are notrequired to keep information or documents about communicationsthat pass ‘over the top’ of the underlying servic e they provide, andthat are being carried by means of other services operated by otherservice providers.

(d) information that the service provider is required to delete because of a

determination made under section 99 of the Telecommunications Act 1997,

or a document to the extent that the document contains such information; or

(e) information about the location of a telecommunications device that is not

information used by the service provider in relation to the relevant service to

which the device is connected.”

Comp laints under the Privacy Act

26. Subject to one qualification, an individual may complain to the Commissioner about an act

or practice that may be an interference with his or her privacy.30 The qualification, which is

set out in s 36(2A), is not relevant as Telstra does not have an approved privacy code.

27. Once a complaint has been made about an act or practice that is an act or practice of an

organisation, the respondent to that complaint is the organisation.31 The Commissioner is

generally required to investigate that act or practice if that act or practice may be an

interference with the privacy of an individual.32 The one exception to the Commissioner’s

obligation arises if the complainant did not first complain to the respondent before making

the complaint under s 36 to the Commissioner. Even then, the Commissioner may decide

to investigate the complaint if he or she considers that it was not appropriate for the

complainant to complain to the respondent.33 The Commissioner’s powers and duties in

undertaking the investigation are set out in Division 1 of Part V of the Privacy Act.

28. Division 2 of Part V set out the Commissioner’s powers after investigating a complaint.

They include those set out in s 52(1)(a) and (b):

“ After investigating a complaint, the Commissioner may:

(a) make a determination dismissing the complaint; or

(b) find the complaint substantiated and make a determination that includes oneor more of the following:

30 Privacy Act; s 36(1)

31 Privacy Act; s 36(7)32 Privacy Act; s 40(1)33 Privacy Act; s 40(1A)



PAGE 15 OF 46

(i) a declaration:

(A) where the principal executive of an agency is the respondent – that the agency has engaged in conduct constituting aninterference with the privacy of an individual and should notrepeat or continue such conduct; or

(B) in any other case – that the respondent has engaged inconduct constituting an interference with the privacy of anindividual and should not repeat or continue such conduct;

(ii) a declaration that the respondent should perform any reasonable actor course of conduct to redress any loss or damage suffered by thecomplainant;

(iii) a declaration that the complainant/ is entitled to a specified amountby way of compensation for any loss or damage suffered by reasonof the act or practice the subject of the complaint;

(iv) a declaration that it would be inappropriate for any further action to

be taken in the matter.”

29. The Commissioner is required to state any findings of fact upon which the determination is

based.34 The determination is not binding or conclusive between any of the parties to the

determination.35

OUTLINE OF SUBMISSIONS

30. At the outset of his written closing submissions on behalf of Telstra, Mr Masters submitted

that there are two key issues for determination:

“(a) whether mobile network data held by Telstra in relation to the Complainant’smobile telephone service are ‘ personal information’, that is, whether theComplainant’s identity is apparent or can reasonably be ascertained fromthe mobile network data; and

(b) whether providing the Complainant with access to incoming call data recordsheld by Telstra in relation to his mobile telephone service would have anunreasonable impact upon the privacy of other individuals.”36

31. As Mr Grubb’s identity is not apparent from, and cannot be reasonably be ascertained from,

mobile network data in relation to his mobile telephone service, the mobile network data are

not “ personal information”, Mr Masters submitted. Furthermore, exception (c) to NPP 6.1

would apply as providing Mr Grubb with access to incoming call data records in relation to

his mobile telephone service would have an unreasonable impact upon the privacy of other

individuals. He referred to my earlier decisions in Re Lobo and Department of Immigration

34 Privacy Act; s 52(2)35 Privacy Act; s 52(1B)36 Outline of Closing Submissions of the Applicant at [1]



PAGE 16 OF 46

and Citizenship37 (Lobo) and Re Denehy and Superannuation Complaints Tribunal 38

(Denehy ).

32. Mr Masters submitted that Mr Grubb’s identity is not apparent and cannot be ascertained

when regard is had solely to the mobile network data. That data, for example, contains no

reference to a customer’s name or telephone number. When regard is had to information in

the public arena, Mr Grubb’s identity is neither apparent nor can be easily ascertained from

that mobile network data. The only way in which the identity of an individual could be

ascertained from Telstra’s mobile network data would be for regard to be had to information

that is not available in the public domain i.e. information in its network assurance systems,

subscriber database and customer relationship management system.

33. Even if it were relevant to have regard to information that is solely within Telstra’spossession, it cannot be certain that the further information that would be required to

identify an individual from mobile network data would be available. The evidence,

Mr Masters submitted, supports a finding that it is retained for a maximum of 30 days but

for as few as three. Therefore, the availability of information required to ascertain the

identity of an individual from mobile network data is a matter of speculation and conjecture.

That is not enough to satisfy the definition of “ personal information”.

34. The process of identifying an individual from the mobile network data involves complicatedand tedious searches of the sort that could not lead to a finding that the identity of the

individual could reasonably be ascertained from that mobile network data. He referred to

the evidence of Mr Tracey.

35. On behalf of the Privacy Commissioner, Ms Allars submitted that there is no basis for

adopting an interpretation of the expression “ personal information” any different from that

which has been adopted when the same expression is used in the Freedom of Information

Act 1982 (FOI Act). The expression was adopted without comment in the Second Reading

Speech made in 1988 by the then Attorney-General, the Hon Lionel Bowen MP in

introducing the Privacy Bill.39 The Explanatory Memorandum had given examples but had

not addressed the issue of the whether the identity of an individual is “apparent or can

reasonably be ascertained, from the information or opinion.” The Law Reform Commission,

37 [2011] AATA 705; (2011) 56 AAR 1; 124 ALD 23838 [2012] AATA 608; (2012) 131 ALD 41339 Hansard , House of Representatives, 1 November 1988 at 2117



PAGE 17 OF 46

whose Privacy Report 40 preceded the Privacy Act, had considered the issue and stated

that:

“[i]f the information can easily be combined with other known information, so that the person’s identity becomes apparent, the information should be regarded as

personal information. Information should be regarded as ‘personal information’ if itis information about a natural person from which, or by use of which, the person canbe identified.”41

Ms Allars submitted that my reasoning in Lobo and Denehy is consistent with this

approach.

36. Turning to Telstra’s submissions, Ms Allars submitted that it had incorrectly treated the

words “information or opinion” in the definition of “ personal information” as referring to the

whole of the database information it holds. The words “information or opinion” appearing atthe end of the definition of “ personal information” should instead be read as referring to the

“information or opinion” to which access is sought under NPP 6.1. The definition is directed

to the question whether the identity of a person is apparent or can reasonably be

ascertained from the class of information that is the subject of the request made under NPP

6.1. The words “apparent or can reasonably be ascertained ” do not authorise an

organisation to give a response along the lines of the size of the task’s being such that it

would substantially and unreasonably divert its resources from its other operations. That

would be a response permitted under s 24AA of the FOI Act but not under the Privacy Act.

37. In applying the exception in NPP 6.1(c), a two-step approach is required. The first is to

enquire whether the identity of any other individuals would be apparent or reasonably

ascertainable from the persona information of the requester. That enquiry would be made

on the assumption that the personal information as being in the public arena. The second

would be to ask whether giving access to the person making the request would have an

unreasonable impact on other individuals. These two steps, Ms Allars submitted, were

taken by Yates J in Smallbone v New South Wales Bar Association42

(Smallbone).

38. Ms Allars rejected any suggestion that Telstra could refuse to disclose the information on

the basis that the identity of an individual was only apparent or could reasonably be

ascertained from information or material that it has in its possession but which it refuses to

place in the public arena. Even if I were to accept that Telstra’s approach were correct, the

evidence does not support it in the circumstances of this matter. It is immaterial that

40 Report No. 22, AGPS Canberra, 1983, Vol 2 at [1196]-[1198]41 Report No. 22, AGPS Canberra, 1983, Vol 2 at [1198]42 [2011] FCA 1145; (2011) 198 FCR 17; 284 ALR 82



PAGE 18 OF 46

personal information has been deleted from Telstra’s database because the issue is

whether the identity of the person requesting the information is apparent or reasonably

identifiable from the current information held. The deleted data ceases to be the subject of

the request for access. The data that is the subject of the request is the data held by

Telstra when its request is determined.

39. Mr Grubb submitted that the Privacy Act gives individuals a right to their personal

information and a further right to have that personal information corrected if it is inaccurate,

incomplete or out-of-date. Whether it is known as data or metadata, the information that he

generates while using Telstra services, Mr Grubb submitted, is personal information. If he

were not to exist, nor would that data. Therefore, that data is information about him and

personal to him. He should be given access to it under the Privacy Act.

40. At the heart of Mr Grubb’s submission is the proposition that, if a person were to trawl

through the data held by Telstra, that person would be able to identify Mr Grubb from it. To

illustrate his submission, Mr Grubb referred to data released by AOL as anonymised search

query logs conducted by a large number of its users. AOL released the information for

research purposes but made it publicly available. Among those to whom it was available

was the New York Times. It used the information released by AOL on particular users to

follow their searches and, using the information from those searches, to identify them.

41. The same would be true of him, Mr Grubb submitted. Google, he said, uses encryption on

searches. That means that information about his search would arrive at Telstra in a

“sanitised ” form. If he were to use a search engine that did not have encryption, his name

would appear in the URL or metadata. That URL would be stored by Telstra for an

unknown period of time. Every site that he visits reveals a little of his identity. One site

may, or may not, identify him but, when all the information is combined, metadata patterns

are formed. There would be a very high likelihood that it would be possible to identify the

person who made the searches.

42. If Telstra can associate metadata with a specific account, Mr Grubb said, then it is personal

information about that account holder. If Telstra can give law enforcement access to

metadata such as URLs, IP (Internet Protocol) addresses and cell tower information, why is

it that Telstra cannot give him the same metadata, he asked. Metadata generated by him is

personal information.



PAGE 19 OF 46

THE EVIDENCE

43. As the issue in this case concerned information held by Telstra in relation to Mr Grubb’s

mobile telephone service, the evidence was directed to mobile communications and not to

communications over fixed line or other services.

Telstra’s mobile network data

44. Since 2013, Mr Gerard John Tracey has been the General Manager of Telstra’s Complex

Analysis and Investigations team in its Network Infrastructure Operations group. His role

requires him to provide operational support for Telstra’s delivery of its products and

services. Before holding his current position, Mr Tracey was the Network Technology

Manager of the Mobility Analysis and Investigations team in the Network Infrastructure

Operations group. He holds a Bachelor of Engineering and a Bachelor of Information fromthe Queensland University of Technology.

45. Mr Tracey gave evidence regarding Telstra’s mobile network data. He explained that this

data is a collection of recorded transactions that occur between mobile devices and

Telstra’s mobile network in order to:

(1) manage the mobility of mobile devices as they move through the network;and

(2) establish, maintain or disconnect connections between mobile devices andthe destinations that the devices and the destinations that the devices areseeking to communicate with (for example, another mobile device, a fixedservice or an internet location).

46. Telstra does not regard data used by Telstra for its billing purposes as mobile network data.

It keeps the two separate and distinct. The data in the billing systems has been configured

for the purpose of billing customers.

47. Mr Tracey explained Telstra’s retention policy regarding its mobile network data:

(1) Telstra is likely to hold multiple network data records in relation to a singlemobile device over a period of only a few seconds after the device has beenturned on to connect to, and communicate with, Telstra’s network.

(2) Telstra’s mobile network data is retained for no more than about 30 daysand, in some instances, for only three days.

(3) The network data is retained for network assurance purposes. That meansthat Telstra uses the data to ensure that its networks are optimally deliveringthe services that customers are paying to use as well as to investigate andaddress faults in the networks.



PAGE 20 OF 46

Interrogation of Telstra’s mobile network data

48. Telstra’s Network Infrastructure Operations group accesses mobile network data using

approximately 13 different network assurance systems, Mr Tracey said. Access to, and an

understanding of, each of the 13 network assurance systems is required before the

recorded transactions between a customer’s mobile device and Telstra’s network may be

interpreted and explained. In all, only some 12 staff have that access and knowledge. All

of them are located in the Network Infrastructure Operations group. Mr Tracey explained

the way in which the network assurance systems work:

“Telstra’s network assurance systems have been designed for the purpose ofmonitoring and ensuring the operation of Telstra’s network, and not for the purposeof billing customers (which is the purpose of Telstra’s billing systems). Because ofthe way in which the network assurance systems have been configured, the

collection and storage of any particular network data by Telstra are not certain orguaranteed. Some transactions are randomly ‘missed’ and not gathered or stored.This is because the network assurance systems have been designed to deliver anassurance capability, but without a level of capacity and robustness akin to those ofTelstra’s networks and billing systems.”43

49. Mr Tracey said that there are many different types of information that Telstra could

theoretically identify and isolate by interrogating mobile network data using its network

assurance schemes. He gave the following as examples together with those in the

following paragraph. None of the information in these examples is, Mr Tracey said,

identified, isolated or extracted by Telstra as part of its normal business operations.44 The

first examples he set out were:

“(a) whether a particular call to a mobile device was unanswered;

(b) the reason why a particular call from a mobile device was diverted (forexample, whether a call was diverted to voicemail because the caller did notanswer, was on another call, was out of coverage or declined the call);

(c) the length of a particular Short Message Service (SMS) message sent orreceived by a mobile device (that is, the number of characters in the SMSmessage);

(d) whether a particular call from a mobile device was to a prepaid mobiledevice;

(e) whether a particular call from a mobile device was made using Telstra’s 2Gnetwork, 3G network or 4G network.”45

50. In addition to these examples, Mr Tracey referred to three others which he said could be

identified and isolated in relation to mobile communications only by interrogating the

43 Exhibit A at [17]44 Exhibit A at [25]45 Exhibit A at [18]



PAGE 21 OF 46

network data by using Telstra’s network assurance systems. He added an explanation to

each. The three other examples are:

(1) “Uniform Resource Locators (URLs) involved in mobile datacommunications”

“ A URL is an identifier, such as a webpage reference, used to locate aresource on the Internet. An example of a URL is http://www.telstra.com. The URL is analogous to the name used when addressing a postalenvelope.”46

(2) “Internet Protocol (IP) addresses allocated to mobile devices;

“ An IP address is a numerical identifier assigned to an entity (for example, amobile device, a network element, an internet site or a server) thatcommunicates using the Internet Protocol. The Internet Protocol is thecommunications protocol used to communicate with the Internet. Anexample of an IP address is …. An IP address is analogous to a street

address used when addressing a postal envelope. Mobile datacommunication occurs between the two entities, which are each allocated anIP address. The IP address allocated to the requesting entity is called the‘source’ IP address and the address allocated to the target destination iscalled the ‘destination’ IP address. Generally, the requesting entity is amobile device, and the target entity is either a network element or an Internetsite. A mobile device may have multiple IP addresses allocated to it overtime. Similarly, a particular IP address may be allocated to multiple mobiledevices over time.”47

(3) “mobile cell location information beyond the mobile cell location informationthat Telstra retains for billing purposes.”

“Mobile cell location information relates to the location of mobile cellsinvolved in mobile communications. Telstra’s mobile network comprises acollection of mobile cells, which each provide radio coverage to a particulargeographical area. Telstra geographically groups cells to form what is calleda ‘location area’. As a mobile device moves through a location area, it maycommunicate with multiple cells in that area by ‘handing over’ between cells.The cell with which a mobile device communicates is not necessarily the cellgeographically closest to the mobile device. Rather, the device willcommunicate with the cell that provides the best signal strength.”48

Distinguishing between Telstra’s mobile network data and its billing systems

51. Mr Tracey described what he understands to be the difference between the information

held on Telstra’s billing systems and that in its mobile network data record:

“Telstra’s billing systems only record the cell with which a customer’s devicecommunicates at the commencement of the call and, in the case of an SMSmessage or MMS message, the cell involved in the sending of that communication.For billing purposes, Tel stra’s billing systems also record the cells with which adevice communicates at periodic points during a data session. A data session is a period that commences when a device connects to the mobile network to enable

46 Exhibit A at [19] and [20]47 Exhibit A at [19] and [21]48 Exhibit A at [19] and [22]

http://www.telstra.com/






PAGE 22 OF 46

data communication using the Internet Protocol (for example, downloading contentfrom the Internet) to be made, and continues until the device disconnects or isrequired to re-establish a new data session (for example, if the device losescoverage, or is powered off). This is the mobile cell location information that Telstraretains for billing purposes.

By contrast, Telstra’s mobile network data record other mobile cell locationinformation in relation to mobile communications for network assurance purposes.For example, when a mobile device is not involved in a chargeable communicationbut it is nevertheless moving through the network, it will initiate communication witha mobile cell when it detects that the cell is part of a ‘new’ location area. Bychargeable communication, I mean a communication in relation to which a customermay be billed by Telstra. A mobile device will also periodically communicate withthe network to confirm that it is still connected to the network. The mobile celllocation information that may be recorded in Telstra’s mobile network data, andwhich is retained for network assurance purposes, includes records of suchcommunications. It also includes information in relation to other cells with which amobile device communicates during a call (that is, other than the cell with which the

device communicates at the commencement of the call).”49

Organisation of Telstra’s mob i le network data

52. Mr Tracey gave evidence about the manner in which Telstra’s mobile network data is

organised. It is neither ordered nor indexed by reference to particular customers, their

names or telephone numbers or by devices, he said. Instead, network data is

fundamentally grouped according to network entities. Network entities, he said, are

elements within Telstra’s network. The grouping is based on various protocols that are

used to establish, maintain or disconnect connections with the network. Each protocol uses

a numeric identifier. A unique numeric identifier will appear in and identify a particular

mobile network data record in relation to a mobile communication. Each protocol and its

numeric identifier relates to a different interface between network entities i.e. to a different

function performed by the network.

53. Numeric identifiers used to identify mobile network data may be an International Mobile

Subscriber Identity (IMSI) or a Non-IMSI Identifier.

(1) IMSI

(a) An IMSI is allocated to, and identifies, a Subscriber Identity Module(SIM) card. The same IMSI will remain allocated to a particular SIMcard.

(b) As an example of its role, an IMSI is always used within the core

switching voice network used to set up a voice call.

(c) An IMSI is likely to have multiple Non-IMSI Identifiers, such as a

TMSI, P-TMSI and GUTI, allocated to it.

49 Exhibit A at [23]-[24]



PAGE 23 OF 46

(2) Non-IMSI Identifier

(a) Non-IMSI Identifiers include a Temporary Mobile Subscriber Identity

(TMSI), the Packet-Temporary Mobile Subscriber Identity (P-TMSI),

the SAE Temporary Mobile Subscriber Identity (S-TMSI), the

Temporary Logical Link Identity (TLLI) and the Globally Unique

Temporary UE Identity (GUTI).

(b) One type of Non-IMSI Identifiers, a TMSI, is always used over radio

interfaces such as the interface between a mobile device and a

mobile cell tower.

(c) Non-IMSI Identifiers are allocated dynamically and will reference

multiple IMSIs over time.

(d) The allocation of a Non-IMSI Identifier to an IMSI is a transaction that

may be recorded in Telstra’s mobile network data.

(i) The timing of that allocation is random in that it cannot beaccurately predicted with any certainty.

(ii) The timing of the allocation may be dictated by a range of

factors including, but not limited to, when the relevant device

was turned on, when the device was moved between

geographical areas, when the device moved between

networks (2G, 3G or 4G) and when any operational fault with

the device or the network occurred.

(iii) Some allocations of a Non-IMSI Identifier to an IMSI aretransactions that are randomly missed and not collected orstored.

Retention of Telstra’s mobile network data

54. In his affidavit, Mr Tracey said that 30 days is generally the maximum period for which

Telstra retains its mobile network data and that it may be as short as three days. 50

The process of identifying a customer’s identity using mobile network data

55. In explaining whether a customer’s identity could be ascertained from mobile network data

by using a Non-IMSI Identifier, Mr Tracey dealt first with the situation in which Telstra had

not retained the relevant mobile network data. In that case there would be no record of the

transaction allocating the Non-IMSI Identifier. It would be impossible both from a

theoretical and practical point of view.

56. If the mobile network data had been retained, Mr Tracey said, and if the transaction

recording the allocation of the Non-IMSI Identifier were identified, it would be possible to

ascertain the relevant IMSI as the IMSI would appear in a recorded transaction. Given that

50 Exhibit A at [32]



PAGE 24 OF 46

an IMSI is allocated to a particular SIM card, the customer’s identity could then be

ascertained. The task would:

(1) have to be done by recursively reviewing historical network data andsearching for a particular transaction recording the allocation of the Non-

IMSI Identifier to an IMSI:

(a) the process is possible in theoretical terms but impossible in practicalterms given the immense volume of data that would need to berecursively reviewed in order to identify the relevant transaction;

(2) require access to Telstra’s subscriber database in or der to find the telephonenumber assigned to the SIM card to which the IMSI was allocated;

(3) require access to Telstra’s customer relationship management system inorder to find the name of the customer using the telephone number; and

(4) have to be undertaken by a person within Telstra’s Network InfrastructureOperations group because he or she would have to have access to Telstra’s

network assurance systems in order identify a specific transaction of thatsort as well as access to Telstra’s subscriber database and customerrelationship management system:

(a) Telstra’s network assurance systems, its subscriber database andcustomer relationship management system are accessible only byauthorised Telstra staff and representatives and not by members ofthe public;

(b) Only four or so people within Telstra would have the capacity toidentify, unaided by others, a customer’s name with a Non-IMSIIdentifier because only four have access to all three sources ofinformation and each is located within the Complex Analysis and

Investigations team in the Network Infrastructure Operations group;

(i) It is extremely rare that a member of the NetworkInfrastructure Operations group would ever look up atelephone number of a customer on the subscriber databaseusing an IMSI.

· The Network Infrastructure Operations group may lookup an IMSI using a telephone number wheninvestigating a complaint received from a customer inrelation to an issue at a particular location at aparticular time;

(ii) Mr Tracey could recall fewer than ten occasions on which theNetwork Infrastructure Operations group had looked up atelephone number using an IMSI. Those occasions generallyarose because Telstra had determined that a particulardevice was causing disruption to a mobile network and it hadto be identified to remove the large impact the disruption washaving on its customer base. On one such occasion, thedevice causing the disruption was located in a sports fieldlight tower.

· In such a case, the Network Infrastructure Operationsgroup would use the customer relationship

management system to look up the name of the ownerof the device;



PAGE 25 OF 46

· Apart from that situation, the Network InfrastructureOperations group would be extremely unlikely to lookup the name of a customer using the customerrelationship management system. Normally, thatsystem is used by Telstra’s customer relationshipmanagement staff and is not used as part of theNetwork Infrastructure Operations group’s functions.51

Determin ing whether originat ing party has blocked his or her cal ling num ber display

57. Mr Tracey said that once Telstra has ceased to retain its mobile network data it would,

except in the case of an individual with a silent line, be impossible for it to identify whether

an individual who had called a Telstra customer had chosen to block his or her calling

number display.

58. If it were the case that Telstra had retained the relevant recorded transactions, it may be

possible for it to identify whether an individual calling a Telstra customer had chosen to

block his or her calling number display. Telstra’s mobile network data would have to be

interrogated and that is a task that could only be undertaken by a very small number of

specialised staff within Telstra. It would be undertaken by:

(1) using Telstra’s network assurance system to extract the recordedtransactions in relation to the call in question;

(2) review those recorded transactions to determine if a Calling Line

Identification (CLI) suppression prefix (1831) had been used when the callwas made.

(a) a caller may use that prefix either by dialling it when making a call orby selecting a calling number display blocking function on the caller’sdevice;

(b) the process would require each call to be reviewed, which would belaborious and time-consuming.

Telstra’s obligations to provide information to law enforcement agencies

59. The Operations Manager gave evidence regarding Telstra’s obligations to provideinformation to law enforcement agencies in relation to mobile communications. His

evidence specifically excluded other types of communications such as fixed line

communications. He has been the Operations Manager of the Law Enforcement Liaison

group of Telstra since July 2011. Before that, he was a Senior Security Investigator and

Adviser in its Security Investigations and Operations group.

60. In accordance with Telstra’s legal obligations, the Operations Manager said, the Law

Enforcement Liaison group provides law enforcement agencies with various types of

51 Exhibit A at [31]-[39]



PAGE 26 OF 46

information it has retained in relation to mobile communications. The Law Enforcement

Liaison group does not use any systems that enables it to have access to the mobile

network data to which the Network Infrastructure Operations group has access for network

assurance purposes. Therefore, the Law Enforcement Liaison group does not, and cannot,

ascertain the identity of individuals from mobile network data.

61. The information that the Law Enforcement Liaison group (LEL group) does give to law

enforcement agencies includes information in relation to mobile calls, SMS messages,

MMS messages and mobile data sessions during which a mobile device may be

communicating with the internet:

(1) Mobile data sessions may be described as “General Packet Radio Service”(GPRS) sessions;

(2) The information may include the A-party number and the B-party number,the date, time and duration of the communication and certain mobile celllocation information:

(a) Mobile cells are sites in a cellular network containing equipmentinvolved in mobile communications.

(b) Typically, mobile cells are located on mobile cell towers or buildingsand there may be multiple cells located on each.

(c) A mobile cell is identified by an alphanumeric identifier called a CellGlobal Identity (CGI).

(d) The mobile cell location provided “… only concerns the location of

the mobile cell with which a mobile device communicates when a callis first connected and/or an SMS message is sent or received (inrelation to the A Party and/or the B Party, but only where the party isa Telstra customer), and the location of the mobile cells to which amobile device periodically connects for billing purposes during a datasession.”52

62. In cross-examination, the Operations Manager said that the statement I have set out at

(2)(d) in the preceding paragraph is true in terms of a retained data request by law

enforcement agencies. Information regarding this information is available prospectively to

law enforcement agencies who use their powers to ask for it.

63. Information that is not provided to law enforcement agencies or is rarely provided was

described by the Operations Manager:

(1) To the best of [the Operations Manager’s] knowledge, the Law EnforcementLiaison group has, except for the location of the mobile cell to which a call isfirst connected, never given law enforcement agencies information aboutany other mobile cells to which a mobile device may be connected during acall.

52 Exhibit B at [7]



PAGE 27 OF 46

(2) Except in extremely rare instances, the Law Enforcement Liaison groupdoes not give law enforcement agencies with Internet Protocol (IP)addresses allocated to mobile devices or Uniform Resource Locators (URLs)involved in mobile data communications.

64. The Operations Manager expanded on the second point in the previous paragraph

because, at first sight, it appears to contradict an answer prepared by Telstra to a question

on notice from the Parliamentary Joint Committee on Intelligence and Security (PJCIS) in

December 2012. The document is headed “Data disclosed to law enforcement and

national security agencies” and forms Appendix H to the PJCIS’s 2013 report entitled

“Report of the Inquiry into Potential Reforms of Australia’s National Security Legislation”.53

The document describes four types of data disclosure together with the data classification

and the authority for its release.54 The first type of data disclosure is described, in part, as:

“ Any telecommunications data or meta data but not the content or substance of acommunication. It may include:

…

· Internet Protocol (IP) addresses and Uniform Resource Locators (URLs) tothe extent that they do not identify the content of a communication, and

· …”

65. A similar statement appears in the description of the second type of data disclosure:

“ Anything relating to, but not the content or substance of, a communication. It can

include:

…

· Internet Protocol (IP) addresses and Uniform Resource Locators (URLs) tothe extent that they do not identify the content of a communication, and

…”

66. The Operations Manager said in his affidavit that he had prepared these answers and that

the statements:

“… relate to ‘telecommunications data or meta data’ generally (including, forexample, fixed line data), and not specifically to mobile data. I confirm my earlierstatement in this affidavit that Telstra’s Law Enforcement Liaison group does not(other than in extremely rare instances that have occurred) provide law enforcementagencies with IP addresses allocated to mobile devices or URLs involved in mobiledata communications. I also confirm my earlier statement in this affidavit that, to thebest of my knowledge, the Law Enforcement Liaison group has never provided a

53 Exhibit B; Exhibit GW-154 The authority for release is identified by reference to specified provisions of the TIA Act and theTelecommunications Act 1997 .



PAGE 28 OF 46

law enforcement agency with mobile cell location information beyond the mobile celllocation information referred to in paragraph 7 above.”55

67. In cross-examination, the Operations Manager told Ms Allars that, if the LEL group receives

a “retrospective retained data request ”, it provides:

“… a retained record that we have in relationship to a communication, so it’s arecord that’s held in the past. We will not provide additional CGIs in relationship tothat communication, only the initial CGI that managed that connectivity to thenetwork.”56

The reason for its not doing so is that it is not available to LEL. He did not know whether it

was available to other groups within Telstra.

THE AUTHORITIES

68. The authorities to which I have been referred have considered either the definition of

“ personal information” in the context of privacy legislation in the Commonwealth or a State

or in the FOI Act or a related issue.

“Personal information” : Victor ian privacy legis lat ion - WL v La Trobe Universi ty

69. In WL v La Trobe University 57 (WL), Deputy President Coghlan considered whether the

Victorian Civil and Administrative Tribunal (VCAT) had jurisdiction to consider a matter

referred to it by Victoria’s Privacy Commissioner (VPC). If WL had not made a valid

complaint to the VPC, the VPC could not make a valid referral to VCAT. La Trobe

University (La Trobe) had been collaborating with other research institutions in a

longitudinal study known as the Australian Longitudinal Study of Health and Relationships.

WL’s partner had been a participant in that study and completed a survey by telephone.

The telephone used was owned by WL and some of the questions asked had concerned

WL. As WL complained to La Trobe the day after the survey, it still held the data and was

able to locate it on its database by reference to the contact telephone number. La Trobe

deleted all of the information obtained from WL’s partner within six days. WL complained

on the basis that her information had been given in response to some of the questions

while using her publicly listed telephone number.

70. Section 25 of the Information Privacy Act 2000 (Vic) (IPA) provided that:

55 Exhibit B at [13] I have set out the information referred to in [7] of the Operations Manager’s

affidavit at [61(2)(d)] above.56 Transcript at 3857 [2005] VCAT 2592; (2005) 24 VAR 23; Deputy President Coghlan



PAGE 29 OF 46

“ An individual in respect of whom personal information is, or has at any time been,held by an organisation may complain to the Privacy Commissioner about an act or practice that may be an interference with the privacy of the individual.”

The expression “ personal information” is defined in the same terms as it is defined in s 6(1)

of the Privacy Act. The initial issue became, therefore, whether La Trobe held, or had at

any time held, personal information about WL.

71. Deputy President Coghlan found that there was nothing in the data from which WL’s

identity was apparent. In deciding whether WL’s identity was reasonably ascertainable

from the data, she said:

“The gravamen of the applicant’s case is that a cross-match of answers to questionswhich isolate so many personal characteristics of the applicant, such as to

distinguish the applicant from other individuals, with a cross-matching of telephonenumbers, would identify the applicant with certainty.”58

Deputy President Coghlan went on to find that WL’s identity could not be gleaned simply by

reference to the information collected. She continued:

“ At best, the identity might be ascertainable by the organisation first cross-matchingits own databases then using extraneous materials such as electronic white pageswhich can match a ‘phone number to a name. It might then be possible inconjunction with the specific answers to questions, to narrow the potential identity ofthe partner. But even then, in light of Professor Pitt’s evidence, the thrust of which

was that one could not with certainty conclude that the interviewee’s partner was thesame person whose ‘phone number had been called, it could never be said that the partner was the person whose ‘phone number was used.”59

72. As to whether WL’s identity could “… reasonably be ascertained, from information or

opinion” Deputy President thought that the use of some extraneous material or information

might be contemplated. Support for that view was to be found in the judgment of Gobbo J

in Bailey v Hinch60 in the context of s 4(1)(a) of the Judicial Proceedings Reports Act 1958 .

That section provided:

“(1) A person shall not in relation to any proceedings or any court or before justices in respect of an offence of a sexual or unnatural kind publish orcause to be published in any newspaper or document or in any broadcast bymeans of wireless telegraphy or television –

(a) the name address or school or any other particulars likely to lead tothe identification of any person against or in respect of whom theoffence is alleged to have been committed (whether or not that person is a witness in the proceedings); or

(b) …”

58 [2005] VCAT 2592; (2005) 24 VAR 23 at [24]; 3059 [2005] VCAT 2592; (2005) 24 VAR 23 at [33]; 3160 [1989] VicRp 9; [1989] VR 78



PAGE 30 OF 46

73. Mr Hinch, a journalist, had reported the name of the Judge in a particular case. In

convicting both Mr Hinch and the broadcaster, the Magistrate had found that naming the

Judge in the particular circumstances of the case was likely to lead to identification of the

wife of the accused, who was the victim. A better informed member of the public, the

Magistrate had found, could look up the Judge’s name in the law list, find the name of the

accused and therefore discover the name of the victim. In the course of giving his reasons

for dismissing the appeal from the conviction and sentence imposed on Mr Hinch and the

broadcaster, Gobbo J said:

“There is much force in the argument that a publication that leads or is likely to leadto the name of the victim does not necessarily mean that this is equivalent toidentification of the victim. This would seem to be so, for example, where the nameof the defendant is John Smith and nothing more is revealed or likely to be revealed.

In such a case, where it is known that the accused was alleged to have raped hiswife, all that would be known was that the victim's name was Mrs. John Smith. As amatter of construction, I am of the view that the mere surname of the victim cannotautomatically be equated with identification. In the John Smith type of example, it isdifficult to see how it could, though it could amount to identification if the case took place in a small town where there was only one or there were very few Smithsresiding. With a less common name, it may be that the mere name is enough.Further, I do not accept that publication of particulars likely to lead to ascertainmentof only the name of the victim cannot amount to identification.

In my view, the operation of the words in question is a matter of fact in each case. Itis not open to me to decide this matter as though I can reconsider this issue and

then replace the Magistrate’s decision with my own if my view of the facts differsfrom his view.”61

74. This was a view adopted by Deputy President Coghlan in WL when she concluded:

“Even allowing for the use of external information, the legislation requires anelement of reasonableness about whether a person’s identity can be ascertainedfrom the information and this will depend upon all the circumstances in each particular case. Here, the alleged process of ascertainment would require inquiriesfrom different databases, cross-matching and then cross-matching with an externaldatabase and even then the making of any possible connections would not identify

with certainty. Even on the most favourable view to the applicant, this is beyondwhat is reasonable.”62

In view of this finding, she did not need to consider whether or not the information held by

La Trobe had been “about ” WL.

61 [1989] VicRp 9; [1989] VR 78 at 9362 [2005] VCAT 2592; (2005) 24 VAR 23 at [52]; 34



PAGE 31 OF 46

“Personal information” – FOI Ac t

75. I will begin with a reference to s 41 and the definition of “ personal information” as they have

appeared in the FOI Act at the time the following two cases were decided. For

completeness, I have added the amendments made more recently.

A. Relevant exemption and definition

A.1 Section 41 and reference to “personal affairs ” as enacted in 1982

76. When it was originally enacted, the FOI Act did not refer to “ personal information”. Instead,

reference was made to “ personal affairs”, which was not an expression that was defined.

Sections 41(1) and (2) provided:

“(1) A document is an exempt document if its disclosure under this Act would

involve the unreasonable disclosure of information relating to the personal affairs ofany person (including a deceased person).

(2) Subject to sub-section (3), the provisions of sub-section (1) do not haveeffect in relation to a request by a person for access to a document by reason onlyof the inclusion in the document of matter relating to that person.”

A.2 Section 41 amended and “personal information ” defined in 1991

77. Section 41 was amended by the Freedom of Information Amendment Act 1991 (1991 FOIA

Act). Sections 41(1) and (2) then read:

“(1) A document is an exempt document if its disclosure under this Act wouldinvolve the unreasonable disclosure of personal information about any person (including a deceased person).

(2) Subject to subsection (3), the provisions of subsection (1) do not have effectin relation to a request by a person for access to a document by reason onlyof the inclusion in the document of matter relating to that person.”

78. At the same time, the 1991 FOIA Act amended s 4(1) to include a definition of the

expression “ personal information”. It read:

“‘personal information’ means information or an opinion (including an opinionforming part of a database), whether true or not, and whether recorded in a materialform or not, about an individual whose identity is apparent, or can reasonably beascertained, from the information or opinion.”

A.3 Section 41 repealed and replaced by s 47F from 1 May 2011

79. Section 41 was repealed and replaced by s 47F with effect from 1 May 2011.63 Section

47F(1) differed from s 47(1) only to the extent necessary to accommodate its classification

63 Freedom of Information Amendment (Reform) Act 2010 (FOIAR Act); s 3, Schedule 3, Part 2, Item33 and s 2(1), Item 6



PAGE 32 OF 46

as a conditional exemption only and so subject to a further public interest test before

access could be refused.64 It was, however, qualified by the addition of a new sub-section

requiring an agency or Minister to have regard to certain matters in coming to a decision

under s 47(1). The relevant sub-sections are ss 47(1) and (2) and they then read:

“(1) A document is conditionally exempt if its disclosure under this Act wouldinvolve the unreasonable disclosure of personal information about any person (including a deceased person).

(2) In determining whether the disclosure of the document would involve theunreasonable disclosure of personal information, an agency or Minister musthave regard to the following matters:

(a) the extent to which the information is well known;

(b) whether the person to whom the information relates is known to be(or to have been) associated with the matters dealt with in the

document;(c) the availability of the information from publicly accessible sources;

(d) any other matters that an agency or Minister considers relevant.”

A.4 Definition of “personal inform ation ” amended from 12 March 2014

80. With effect from 12 March 2014,65 the definition of “ personal information” was amended by

the PAEPP Act66 to read:

“personal information has the same meaning as in the Privacy Act 1988.”

The definition in the Privacy Act is set out at [18] above. It is in the same form as the

definition inserted in 1991 in the FOI Act and removed by the PAEPP Act. Section 47F was

not amended.

B. Re Lob o and Department of Immig rat ion and Cit izenship

81. In Lobo, I considered the meaning of the expression “ personal information” as it appeared

in the FOI Act after its introduction by the 1991 FOIA Act and before its amendment on

12 March 2014 to reflect the definition in the Privacy Act. I made the following observations

regarding the definition:

(1) “… [T]he personal information protected from access by s 41(1) is simplyinformation or an opinion about an individual whose identity is apparent orcan reasonably be ascertained. It is not information or an opinion about a particular part of a person’s life. Consequently, the information protectedfrom disclosure by the exemption is not limited to information about their private or domestic affairs. The protection extends, for example, toinformation or opinion about their work or employment. Provided the

64 FOI Act; s 11A(5) as read with s 11B65 PAEPP Act; s 2, Item 366 PAEPP Act; s 3, Schedule 5, Item 36



PAGE 33 OF 46

information or opinion is ‘about an individual’ and the identity of thatindividual is ‘apparent or can reasonably be ascertained’, it is protected fromdisclosure under the FOI Act. It matters not whether it is true or not.”67

(2) “ When is information ‘about an individual’? Among the ordinarymeanings of the word ‘about’ are those relating to its use in reference to

time, distance, quantity and position. Another meaning relates to substanceor quality and that is the meaning in which it is used in s 41(1). The meaningis that of ‘concerning or relating to someone or something; on the subject ofthem or it’.”68

82. I note that in Jorgensen v Australian Securities and Investments Commission,69 Weinberg J

did not question the Australian Securities and Investments Commission’s (ASIC’s) decision

not to challenge the Tribunal’s finding that the private telephone numbers, and home

addresses of ASIC officers were exempt from disclosure under the FOI Act by virtue of

being personal information.70

In Lobo, I considered the reasons for decision in WL and theauthorities to which Deputy President Coghlan had referred in the course of considering

whether academic transcripts showing students’ names, student numbers and results were

exempt under s 41(1). I concluded:

“… In an age in which records are computerised and search engines increasinglysophisticated, it would not be unreasonable to expect that a person who had accessto SICB’s [the College’s] records could use the subjects and their codes, the detailsof study and the results and marks for each subject to identify the person who is thesubject of the academic transcript. It seems to me that regard should be had to allresources that may be available to a member of the public in deciding whether anindividual’s identity can reasonably be ascertained from the information or opinion.That may be information that is available to all members of the public or may beavailable only to a limited number of them. The existence or nature of theinformation cannot be a matter of conjecture or speculation for the individual’sidentity must be something that ‘c an reasonably be ascertained, from theinformation or opinion’. The word ‘reasonably’ effectively eliminates conjecture orspeculation.”71

B. Re Denehy and Superannuat ion Comp laints Tribunal

83. Among the questions considered in Denehy was whether disclosure to Ms Denehy of her

late father’s personal information would be unreasonable. I applied the reasoning I had set

out in Lobo.

67 [2011] AATA 705; (2011) 56 AAR 1; 124 ALD 238 at [288]; 93; 32568 [2011] AATA 705; (2011) 56 AAR 1; 124 ALD 238 at [289]; 93; 325

69 [2004] FCA 143; (2004) 208 ALR 7370 [2004] FCA 143; (2004) 208 ALR 73 at [43]; 8371 [2011] AATA 705; (2011) 56 AAR 1; 124 ALD 238 at [302]; 97-98; 329



PAGE 34 OF 46

Unreasonable impact upon priv acy of others: Privacy Act - Smallbone v New Sou th

Wales Bar Asso ciat ion

84. In Smallbone Yates J considered whether the New South Wales Bar Association (NSWBA)

was required, under the Privacy Act, to give Mr Smallbone access to information it had

collected about him in relation to his application for appointment as Senior Counsel.

Information had been given by members of two groups known as the Consultation Group

and the Judicial Consultation Group. The NSWBA is an organisation within the meaning of

the Privacy Act and there was no dispute between it and Mr Smallbone that the information

it held was personal information for the purposes of the Privacy Act and the NPPs. The

issue was whether the NSWBA was obliged to give it to Mr Smallbone in light of NPP

6.1(c), which provides:

“If an organisation holds personal information about an individual, it must providethe individual with access to the information on request by the individual, except tothe extent that:

(a)-(b) …

(c) providing access would have an unreasonable impact upon the privacy ofother individuals; …

(d)-(k) …”

85. Mr Smallbone had submitted that he needed to know the identity of those who had provided

information about him so that he might exercise his rights under NPPs 6.5 and 6.6. Those

rights related to whether the information about him was accurate, complete and up to date.

As Yates J observed, the exception provided by NPP 6.1(c) is not necessarily an absolute

exemption for it is qualified by the words “except to the extent that ” one or other of the

circumstances described in the following paragraphs (a) to (k) applies. He said:

“… What is required is that access to the information be provided except to theextent that it would have the unreasonable impact to which NPP 6.1(c) refers.

Whether providing access to the information would have that unreasonableimpact is essentially a matter of practical judgment having regard to all the

circumstances of the case. In short, a factual evaluation is involved.In C v Insurance Company [2006] PrivCmrA 3 the Commissioner identified

the following factors as being relevant to the assessment of whether the provision ofaccess to documents containing the personal information of third parties would havean unreasonable impact on the privacy of those individuals:

· Whether the individual would expect that his or her information would bedisclosed to a third party, including whether an assurance of confidentialitywas provided.

· The extent of the impact on the individual’s privacy.

· Whether any public interest reasons for providing access to the information

outweigh any expectation of confidentiality.



PAGE 35 OF 46

· Whether masking the identifying details of the third parties would sufficiently protect the privacy of these individuals.

Those considerations are helpful indicators of some of the considerations that mightbe involved in a particular evaluation of the application of NPP 6.1(c). They are not, however, the only relevant considerations. Another relevant consideration is the

nature of the information that is held by the organisation and the form in which thatinformation is held.”72

86. The word “ privacy ” is used in NPP 6.1(c) but it is not defined either there or in the Privacy

Act generally. Yates J concluded:

“… As used in NPP 6.1(c) in respect of ‘ t he privacy of other individuals’ , the wordmust bear its ordinary English meaning as denoting the state of being private. In myview the expression ‘ the privacy of other individuals’ as used in NPP 6.1(c) wouldcomprehend and include an individual’s expression of opinion that was proffered soas to be confined to or intended only for the person or persons to whom the opinion

was expressed. The applicant did not seek to contend otherwise.

I am satisfied, therefore, that disclosure of the identity of members of theConsultation Group and the Judicial Consultation Group who provided informationabout the applicant would impact on the privacy of those members. Given thecircumstances in which the information was sought and the circumstances in whichit came to be provided, as well as the nature of the information itself, I am satisfiedthat granting access to the applicant of that information would have anunreasonable impact upon the privacy of those members. Thus, to that extent, byoperation of NPP 6.1(c), the respondent is not obliged to provide access to theapplicant to that information.”73

87. His Honour went on to accept the general thrust of a submission made on behalf of the

NSWBA to the effect that, even if not identified by name, the identity of a member of the

Judicial Consultation Group might still be disclosed if, for example, that member were the

only judicial officer from a designated and disclosed court providing a response. By a

process of elimination based on professional experience, Mr Smallbone would be able to

identify the judicial officer providing information. If there were only one response from a

particular court, the identity of the judicial officer is likely to be revealed. If there are only a

small number of responses from a disclosed and designated court, Mr Smallbone was likely

to know those with whom he had direct professional experience and so identify those who

had not expressed an opinion favourable to him. Yates J concluded that, in those

circumstances, giving Mr Smallbone access to information that designated the court to

which the members of the Judicial Consultation Group have been appointed would be an

unreasonable impact upon the privacy of those individuals.

72 [2011] FCA 1145; (2011) 198 FCR 17; 284 ALR 82 at [47]-[50]; 27-28; 92-9373 [2011] FCA 1145; (2011) 198 FCR 17; 284 ALR 82 at [56]-[57]; 28-29; 93-94



PAGE 36 OF 46

88. The responses received from judicial officers of the Supreme Court were in a different

category. Yates J considered that their number was such that to give Mr Smallbone access

to them would not have an unreasonable impact upon the privacy of members of the

Judicial Consultation Group who were appointed to that court. He reached the same

conclusion in relation to the individuals appointed to the Consultation Group and in relation

to the presentation of the information by reference to broad sub-categories of those

providing the information e.g. judicial, senior counsel, junior counsel and solicitors.

CONSIDERATION

89. Reference was made at various times in the course of the case to the test in my reasons for

decision in Lobo and to whether or not it had been met. I am uncomfortable with my

reasons being regarded as formulating a test of some sort for any test is found in the

relevant provisions of the Privacy Act. It is to the words of that legislation to which I must

have regard together with any interpretation by the courts. Putting that to one side, none of

the authorities considered the threshold question raised by the definition of “ personal

information” regarding whether information was “about an individual ”. That is a question

that I must consider.

Principles of statutory interpretation

90. It is clear from the authorities that, in interpreting a statutory provision, it is important not to

become so focused on the individual words of which it is comprised that the meaning of the

whole is lost. Regard must be had to both as is apparent from the following passage from

the judgment of the High Court in Collector of Customs v Agfa-Gevaert Ltd 74 ( Agfa-

Gevaert ):

“… The meaning attributed to individual words in a phrase ultimately dictates theeffect or construction that one gives to the phrase when taken as a whole and theapproach that one adopts in determining the meaning of the individual words of that phrase is bound up in the syntactical construction of the phrase in question. In R

v Brown … [[1996] AC 543 at 561], a recent House of Lords decision, LordHoffmann said:

‘The fallacy in the Crown’s argument is, I think, one common amonglawyers, namely to treat the words of an English sentence as building blockswhose meaning cannot be affected by the rest of the sentence … This is notthe way language works. The unit of communication by means of languageis the sentence and not the parts of which it is composed. The significanceof individual words is affected by other words and the syntax of the whole.’

74 [1996] HCA 36; (1996) 186 CLR 389; 141 ALR 59; 43 ALD 193; 24 AAR 282; Brennan CJ,Dawson, Toohey, Gaudron and McHugh JJ



PAGE 37 OF 46

… [T]he notions of meaning and construction are interdependent …”75

91. This point was illustrated by the High Court’s reference in Agfa-Gevaert to the English

Court of Appeal’s judgment in Exxon Corporation v Exxon Insurance Ltd .76 In that case:

“… the English Court of Appeal had to consider whether the made-up trade name‘Exxon’ was an ‘original literary work’ within the meaning of s 2(1) of the Copyright Act 1956 (UK). The Court accepted that it was original, that it was literary in thesense that it was composed of letters and had a written form, and that it was a workbecause much time and effort had been expended in inventing it. Nevertheless, theCourt held it was not an ‘original literary work’. As Oliver LJ put it: …[Exxon [1982]Ch 119 at 144]:

‘But “original literary work” as used in the statute is a composite expr ession,and for my part I do not think that the right way to apply a compositeexpression is, or at any rate is necessarily, to ascertain whether a particularsubject matters falls within the meaning of each of the constituent parts, and

then to say that the whole expression is merely the sum of the total of theconstituent parts. In my judgment it is not necessary, in construing astatutory expression, to take leave of one’s common sense.’ ”77

The definition: “personal information”

92. The definition of “ personal information” is expressed in terms of a sentence. That sentence

includes three adjectival or relative clauses. It begins with a description of what “ personal

information” means i.e. “personal information means information or an opinion (including

information or an opinion forming part of a data base) …”. There are two adjectival clauses

qualifying the information or an opinion. The first is that information or opinion is included

“… whether true or not, and whether recorded in a material form or not …” and the second

is that “… about an individual …”. The final adjectival clause qualifies the “individual ”. That

is, the information or opinion is about an individual “whose identity is apparent, or can

reasonably be ascertained, from the information or opinion.”

93. While it is true that the definition of “ personal information” is the same in both the Privacy

Act and the FOI Act, the way in which it becomes relevant arises at different times in each

legislative scheme. I am concerned particularly with NPP 6.1 of the Privacy Act. It comes

into consideration only when a particular individual has made a request to an organisation

for access to personal information about him or herself. The organisation will search for

information or opinion, whether it is true or not and whether recorded in a material form or

75 [1996] HCA 36; (1996) 186 CLR 389; 141 ALR 59; 43 ALD 193; 24 AAR 282 at 396-397; 64; 198;287-288 and see also Director of Public Prosecutions (NT) v WJI [2004] HCA 47; (2004) 219 CLR43; 210 ALR 276; Gleeson CJ, Gummow, Kirby and Heydon JJ; Hayne J dissenting and seeparticularly [84]; 70; 296 per Kirby J

76 [1982] Ch 11977 [1996] HCA 36; (1996) 186 CLR 389; 141 ALR 59; 43 ALD 193; 24 AAR 282 at 399-400; 66-67;200; 290



PAGE 38 OF 46

not, about that particular individual. In deciding whether it is about that particular individual,

it will need to decide whether his or her identity is apparent, or can reasonably be

ascertained, from the information or opinion. If it is about that individual, the individual will,

subject to the qualifications in paragraphs NPP 6.1(a) to (k), be entitled to access to it from

the organisation. If one or more of the qualifications does apply, the individual’s right to the

personal information is qualified to the extent that it does.

94. An individual may also request access to personal information about him or herself under

the FOI Act. The search and identification task would be the same as under the Privacy

Act with the tasks of search for information and its characterisation as personal information

as the essential first steps. A request may be made under the FOI Act for information that

is not limited to personal information but which may include personal information. In that

case, an agency will first locate the documents meeting the terms of that request. Having

located them, it will then ask whether disclosure of them, or parts of them, under the FOI

Act would or might have an effect or outcome, or more than one, that the agency would

consider undesirable. If the answer is that disclosure would or might have such an effect or

outcome, the next question an agency must ask itself is whether the effect or outcome is

within the scope of one of those described in the exemption provisions in Part IV of the FOI

Act. Section 47F relating to personal information is an example of such a provision.

95. Although it may seem trite to do so, I make the point that, when applying the definition of

“ personal information” under either the FOI Act or the Privacy Act, the questions that are

asked must be framed in terms of the definition. They cannot be asked against a different

frame of reference that has, as its starting point, the question: is it possible to use this

information or opinion or to marry it with other information by using a computerised search

engine or in some other way to ascertain the identity of an individual. The starting point

must be whether the information or opinion is about an individual. If it is not, that is an end

of the matter and it does not matter whether that information or opinion could be married

with other information to identify a particular individual.

96. I will explain this further below but will begin with the example I put forward at the hearing.

That had its foundation in the litany of issues that arose, and were ultimately corrected, in

the three year warranty period following my purchasing a new car. The dealer from whom I

bought the car also services it. It would have records of the various faults that I reported in

the warranty period and that were ultimately corrected together with records of the parts

that were ordered from the manufacturer in the course of the repairs. One set of faults

required the replacement of what I understand to be the equivalent of a motherboard. The

service records noting the problems related, or possibly related, to the motherboard, the



PAGE 39 OF 46

order for its replacement and its replacement are information about the motherboard or the

car and the repairs. It is not information about me. That is so even if the service records

referred to the registration number of my car and even my name. That is so even if the

registration number and name did not appear on the records. Assuming that the problems

my car suffered were not endemic in relation to the particular make and model, it would be

reasonable to expect that it would be easy enough to marry the date of the order with the

date on which the car was brought in for service and the motherboard replaced. A link

could be made between the service records and the record kept at reception or other

records showing my name and the time at which I had taken the care in for service. The

fact that the information can be traced back to me from the service records or the order

form does not, however, change the nature of the information. It is information about the

car, the motherboard or the repairs but not about me.

A. “about an indiv idual ”

97. Although its timing in the process may differ between the FOI Act and the Privacy Act, the

initial task of characterisation remains the same. Is the information or opinion, whether true

or not and whether recorded in material form or not, “about an individual ”? Under the

Privacy Act, that characterisation will no doubt take place almost contemporaneously with

whether the information or opinion is about the particular individual requesting it but,

despite that, it is in fact a separate step in the characterisation process. What is

information or opinion “about an individual ”? The relevant meaning among the ordinary

meanings of the word “about ” is:

“… 1 concerning or relating to someone or something; on the subject of them or it.…”78

Therefore, the first step is to ask whether the information or opinion is about an individual.

If it is not, that is an end of the matter. If it is, the second step in the characterisation

process is to ask whether the identity of that individual “… is apparent or can reasonably be

ascertained, from the information or opinion.”

98. Whether information or opinion is about an individual requires an analysis of the subject

matter of that information or opinion. It is clear from the Explanatory Memorandum

accompanying the Privacy Bill when it was introduced in the House of Representatives on

1 November 1988 that the range of what was considered to be personal information, and so

necessarily about an individual, was:

78 Chambers 21st Century Dictionary, 1999, reprinted 2004, Chambers (Chambers)



PAGE 40 OF 46

“… infinite and would include, for example, information relating to the person’s physical description, residence, place of work, business and business activities,employment, occupation, investments and property holdings, relationship to other persons, recreational interests and political, philosophical or religious beliefs. …”79

In the context of the same definition in the FOI Act, an individual’s private telephone

number has been said to be personal information.80

99. These are all matters that can be said to concern or to relate to an individual or to be on the

subject of them. There is a connection between an individual and the information that

means that it is “about ” that individual. Just how strong need that connection be between

the two for it to be about an individual? Putting the issue another way, how tenuous can

the link be before information or opinion is not about an individual but about something else

or, if still about an individual, not about a particular individual but another? If I were toimagine a road accident in which a car ran a red light and hit a pedestrian who was walking

with a green light, the report of the accident itself naming the driver, the pedestrian and the

circumstances of the accident could, as a whole, be said to be about the driver, the

pedestrian, the circumstances of the accident, the witnesses, the state of the road surface

and the weather and so on.

100. On further analysis, parts of the report will be about the driver, parts about the pedestrian,

parts about the road conditions and so on. The fact that the pedestrian was taken to

hospital in an ambulance would, for example, be characterised as about the about the

pedestrian as would information that he or she was admitted to hospital with certain

injuries. The treatment of the pedestrian in hospital is another matter as is his or her name,

address, medical history and prognosis. The pedestrian would not needed to have been

undergoing treatment but for the action of the driver. Assuming the relevant records are

available in my hypothetical example, the identity of the driver could be traced back by

matching up the admission records with the ambulance records and the accident report.

Does that mean that this information about the driver? It seems to me that the connectionis too tenuous. The information is about the pedestrian and not about the driver.

101. Presumably, the driver will be told about the injuries suffered by the pedestrian and his or

her name if and when he or she is charged with offences arising out of the accident. That,

however, will be a consequence of a different legal regime and have nothing to do with

characterising whether the information is about the driver or the pedestrian in the context of

79 Explanatory Memorandum at [33]80 Jorgensen v Australian Securities and Investment Commission [2004] FCA 143; (2004) 208 ALR73 at [43]; 83 per Weinberg J



PAGE 41 OF 46

the definition of “ personal information” in the context of the Privacy Act. The same is true if

and when the pedestrian institutes civil proceedings for damages against the driver.

B. Identity is “apparent, or can reasonably ascertained, from the information o r

opin ion ”

102. The ordinary meanings of the word “apparent ” include that of “… being easy to see or

understand …”81 from the information or opinion. That will certainly be the case if the

individual is named in the information or opinion. It will be easy to see or understand the

identity having regard to the information or opinion as a “source or origin …”82 itself and so

“f rom the information or opinion” (emphasis added).

103. If the individual is not named, the question then becomes whether his or her identity “ … can

reasonably be ascertained f rom the information or opinion.” In Lobo, I considered whetherthat question is asked solely by reference to what is in the information or opinion, or

whether regard can be had to wider sources. I did so in the context of access’s being

granted under the FOI Act to a person other than the individual or individuals about whom

information appears in the document under consideration.83 I said that, in those

circumstances, the document in which the information or opinion appears:

“… becomes part of the information that is available to the public. If the identity ofan individual is apparent or can reasonably be ascertained by reading both theinformation in the document and that which is already available in the public arena,the ‘ information or opinion’ in the requested document is no less the ‘ source ororigin’ of the identification. It is the source or origin of information that gains itsmeaning from the context in which it is disclosed. As the d efinition of ‘ personalinformation’ requires that an individual’s identity is apparent or can reasonably beascertained from the information or opinion, the context in which that is ascertainedmust also be defined by reference to the information that is apparent in the publicarena or can reasonably be ascertained from it.”84

104. In Lobo, I went on to illustrate the view I had reached with examples:

“ To illustrate, I will mention a couple of examples. If, for example, information

in the wider context were only available from a private source, that would not be inthe public arena and could not be used to decide whether the information enabledthe identity of an individual to be identified as required by the definition of ‘ personalinformation’ . If that information were in the public arena but could only be obtainedafter complicated and tedious searches, that would be a factor in determining

81 Chambers82 Chambers (meaning 10)83 Had the document contained personal information of the individual making the request, the issuewould not have arisen for the exemption in what was then s 41 and is now a conditional exemption

under s 47F does not arise by reason only of the inclusion of matter relating to that individual: FOI Act; s 41(2) and now s 47F(3).84 [2011] AATA 705; (2011) 56 AAR 1; 124 ALD 238 at [300]; 97; 329



PAGE 42 OF 46

whether t he individual’s identity ‘ can reasonably be ascertained ’ (emphasis added)from the information or opinion.

A further question arises in relation to information that is available to somemembers, or even one member, of the public but is not available to all. This arisesbelow in relation to the academic transcripts showing the names and student

numbers of students at SICB and their results. Document 734 in Category 9 is anexample. … [ See [350]-[354] below] Exemption is claimed under s 41(1) for theacademic results. In an age in which records are computerised and search enginesincreasingly sophisticated, it would not be unreasonable to expect that a personwho had access to SICB’s records could use the subjects and their codes, the datesof study and the results and marks for each subject to identify the person who is thesubject of the academic transcript. It seems to me that regard should be had to allresources that may be available to a member of the public in deciding whether anindividual’s identity can reasonably be ascertained from the information or opinion.That may be information that is available to all members of the public or may beavailable only to a limited number of them. The existence or nature of theinformation cannot be a matter of conjecture or speculation for the individual’s

i dentity must be something that ‘ can reasonably be ascertained, from theinformation or opinion’. The word ‘ reasonably ’ effectively eliminates conjecture orspeculation.”85

105. I continue to be of the same view in relation to the FOI Act but would add that it must be

remembered that the publicly available range of information and means of searching it must

be kept in mind in determining whether an individual’s identity can be reasonably

ascertained from the information or opinion in the possession of an agency or Minister.

Workload considerations are not of themselves relevant but the complexities and difficulties

involved in ascertaining the identity of the person from any information or opinion are.

106. Although the definition of “ personal information” is the same in the Privacy Act as in the FOI

Act, its application differs because of the different statutory regimes established by each.

Except in certain situations relating to law enforcement and the preservation of life, the

Privacy Act is not a vehicle for gaining access to personal information by persons other

than the individuals concerned. It is not a means by which, once access has been given to

the individual concerned, personal information is made publicly available by means of

publication of the sort provided under s 11A of the FOI Act. In light of that, personal

information to which access is given under the Privacy Act will not be subject to general

public scrutiny of the sort to which a document might be subject when access to it is

granted under the FOI Act.

107. That difference does not, however, detract from the need under the Privacy Act to review

information about an individual with an eye to what is in the public domain and what might

be expected to be known. That need arises when determining whether information or

85 [2011] AATA 705; (2011) 56 AAR 1; 124 ALD 238 at [301]-[302]; 97-98; 329



PAGE 43 OF 46

opinion is about an individual “whose identity … can reasonably be ascertained, from the

information or opinion.” In dealing with a request under the Privacy Act, it does not follow

that an organisation need scour the public domain to ascertain whether there is information

that can be married with the information or opinion it holds in order to ascertain the identity

of the individual. What it means is that the organisation must keep in mind what might be

matters of general knowledge. If, for example, the information were along the lines of

“singer and songwriter who died prematurely ”, I do not think that it could be said that the

identity of that individual can reasonably be ascertained from that information. If the

information were “female singer and songwriter who died prematurely ”, I suggest that her

identity would also not be reasonably ascertainable. If the information were “English female

singer and songwriter who was known for her eclectic mix of musical genres of soul, rhythm

and blues and jazz but who died prematurely in July 2011”, I suggest that the identity of the

individual can be reasonably ascertained from the information which would be regarded as

part of the broad body of general knowledge.86

108. Beyond what might be considered to be general knowledge, I do not think that regard

needs to be had to the wide range of information and means of searching information that

is available in the public arena in determining whether an individual’s identity is reasonably

ascertainable from the information or opinion held in an organisation. In this regard the

application of the definition of “ personal information” differs from that in the FOI Act. The

Privacy Act regulates the collection, handling and use of information about individuals and

also provides means by which those individuals may obtain access to his or her own

personal information and to ask that it be corrected for accuracy, relevance and

completeness. In deciding whether the identity of an individual is apparent or can

reasonably be ascertained from that information, regard needs to be had to the information

held by the organisation. If that were not the case, an organisation could attempt to defeat

the purposes of the Privacy Act by allocating a code of some sort to each individual and

keeping a separate record of that.

Mobi le network data

109. Mr Tracey’s evidence regarding the nature and content of Telstra’s mobile network data is

set out at [45] to [46] above. The nature of that data was not challenged by the

Commissioner or by Mr Grubb and I accept Mr Tracey’s evidence. In particular, I find that

the mobile network data that is in issue in this case has two essential features. The first is

that it records transactions occurring between mobile devices and Telstra’s mobile network

in order to manage the mobility of mobile devices through that network. These may be

86 Amy Winehouse



PAGE 44 OF 46

various during the course of a call from a mobile device as the device may communicate

with various cells as the call moves through the network. Even if a call is not made from a

mobile device, there remains communication between the mobile device and the network in

order to confirm that the network connection remains. The second feature of mobile

network data is that it establishes, maintains or disconnects connections between mobile

devices and the destinations that the devices and the destinations that the devices are

seeking to communicate with (for example, another mobile device, a fixed service or an

internet location). Also on the basis of Mr Tracey’s evidence, I accept that Telstra does not

collect all of the network data that is generated and, if it does collect it, does not generally

store that data for periods longer than 30 days.

110. Data that is required for Telstra’s billing systems is collected but Mr Grubb has been given

access to data from that system as it is information about the calls he has made and so

about him. It includes a record of the cell with which a mobile phone or other device

communicates at the beginning of the call or, in the case of an SMS or MMS message, the

cell involved in sending the message. It does not record the cells with which the mobile

device connects during the course of a communication.

111. I also accept that it may, but not always, be possible to identify a particular Telstra

customer by reference to the mobile network data and other data it maintains. That fact

does not necessarily lead to the conclusion that the mobile network data is personal

information. Whether it is personal information depends upon its characterisation as being

about an individual for that is what the definition of “ personal information” requires.

Mr Grubb submitted that, but for his making his calls or sending his SMS or MMS

messages, particular data in Telstra’s mobile network data would not have been generated.

That is true but it does not detract from the characterisation task that I am required to

undertake. Is the information about an individual being, in this case, Mr Grubb or is it about

something else? If the outcome of that characterisation is that it is not information about an

individual, Telstra will not, as Mr Grubb submitted, be required to keep it secure under the

Privacy Act. That is an outcome that would follow from the application of the definition in

the particular circumstances of the case.

112. Had Mr Grubb not made the calls or sent the messages he did on his mobile device, Telstra

would not have generated certain mobile network data. It generated that data in order to

transmit his calls and his messages. Once his call or message was transmitted from the

first cell that received it from his mobile device, the data that was generated was directed to

delivering the call or message to its intended recipient. That data is no longer about

Mr Grubb or the fact that he made a call or sent a message or about the number or address



PAGE 45 OF 46

to which he sent it. It is not about the content of the call or the message. The data is all

about the way in which Telstra delivers the call or the message. That is not about

Mr Grubb. It could be said that the mobile network data relates to the way in which Telstra

delivers the service or product for which Mr Grubb pays. That does not make the data

information about Mr Grubb. It is information about the service it provides to Mr Grubb but

not about him.

113. I have considered also the IP address allocated to the mobile device which Mr Grubb used.

On the basis of the evidence of Mr Tracey and the Operations Manager, I am satisfied that

an IP address is not information about an individual. Certainly, it is allocated to an

individual’s mobile device so that a particular communication on the internet can be

delivered by the Internet Service Provider to that particular mobile device but, I find, an IP

address is not allocated exclusively to a particular mobile device and a particular mobile

device is not allocated a single IP address over the course of its working life. It changes

and may change frequently in the course of a communication. The connection between the

person using a mobile device and an IP address is, therefore, ephemeral. In the context of

this case, it is not about the person but about the means by which data is transmitted from

a person’s mobile device over the internet and a message sent to, or a connection made,

with another person’s mobile device.

Law enforcement

114. Mr Grubb has asked why he cannot have the same information as that available to law

enforcement agencies. The answer is that the entitlements of Mr Grubb and those of law

enforcement agencies are the subject of different legislative regimes. Each regime seeks

to achieve a balance of policy considerations and desirable outcomes. Those policy

considerations include protection of an individual’s privacy, search and rescue, security and

law enforcement issues and public safety. The various regimes represent a balance of the

various relevant considerations as arrived at by the Parliament. NPP 6.1 is an example of

the way in which that balance is achieved. I have set I have set out NPP 6.1(c), (g) and (h)

at [16] above.87 It shows that an organisation’s obligation to provide an individual with

87 The other paragraphs read: “6.1 If an organisation holds personal information about anindividual, it must provide the individual with access to the information on request by the individual,except to the extent that: (a) in the case of personal information other than health information – providing access would pose a serious threat to the life or health of any individual; or (b) in the case ofhealth information – providing access would pose a serious threat to the life or health of any individual;or (c) …; or (d) the request for access is frivolous or vexatious; or (e) the information relates to existingor anticipated proceedings between the organisation and the individual, and the information would not

be accessible by the process of discovery in those proceedings; or (f) providing access would revealthe intentions of the organisation in relation to negotiations with the individual in such a way as to prejudice those negotiations; or (g) …; or (h) …; or (i) providing access would be likely to prejudice an



access to personal information about him or her is balanced by considerations of the sort to

which I have referred.

115. The amendment of the TIA Act by the Data Retention Act, which came into force on

13 October 2015, and the consequent deeming of certain information to be personal

information about an individual represents an adjustment of the balance among the

different public and private interests. I have not given any consideration to whether I would,

or would not, have reached a different outcome had the amended legislation applied in the

circumstances of this case. It was agreed between the parties that it did not apply and it is

not the role of the Tribunal to consider matters entirely in the abstract.

DECISION

116. For the reasons I have given, I set aside the decision of the Commissioner dated 1 May

2015. In its place, I substitute a decision that Mr Grubb’s complaint to the Commissioner

and dated 15 June 2013 is not substantiated. As a consequence, I set aside the

Commissioner’s declaration under s 52 of the Privacy Act and substitute a determination

that Telstra has not breached NPP 6.1 and is not required to provide further information to

Mr Grubb in response to his request.

I certify that the one hundred and sixteen preceding paragraphs are a truecopy of the reasons for the decision herein of

Deputy President S A Forgie,Signed: ………..................[sgd].....................................Personal Assistant

Date of Hearing 7 and 8 October 2015

Date of Decision 18 December 2015

Counsel for the Applicant Mr J Masters

Solicitor for the Applicant Ms J Chiu and Ms N McKinleyTelstra Corporation Limited

Counsel for the Respondent Ms M Allars SC

Solicitor for the Respondent Mr L Holcombe and Ms K MihalicHWL Ebsworth Lawyers

Joined Party Mr B Grubb, self-represented

investigation of possible unlawful activity; or (j) providing access would be likely to prejudice: (i) the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a lawimposing a penalty or sanction or breaches of a prescribed law; or (ii) the enforcement of laws relatingto the confiscation of the proceeds of crime; or (iii) the protection of the public revenue; or (iv) the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;