[2015] AATA 991

Division:

GENERAL DIVISION

File Number:

2015/2199

Re:

TELSTRA CORPORATION LIMITED

APPLICANT

And:

PRIVACY COMMISSIONER
RESPONDENT

And:

BEN GRUBB
JOINED PARTY

DECISION
Tribunal

Deputy President S A Forgie

Date

18 December 2015

Place

Melbourne

The Tribunal decides to:

1.

set aside the determination of the Respondent dated 1 May 2015; and

2.

substitute a determination that:

(1)

the complaint made by the Joined Party is not substantiated;

(2)

the Applicant has not breached National Privacy Principle 6.1 in

Schedule 3 to the Privacy Act 1988; and

(3)

in response to the Joined Partys request made to the Applicant

under the Privacy Act 1988 and dated 15 June 2013, the Applicant is
not required to provide any further information to the Joined Party in
addition to that which it has already provided.

[sgd].
Deputy President

Commonwealth of Australia 2015

CATCHWORDS PRIVACY National Privacy Principles personal information access

sought to mobile network data including metadata when information is about an individual
when the identity of an individual is apparent or can reasonably be ascertained
determination set aside.
LEGISLATION
Freedom of Information Act 1982: ss 4(1); 11A; 11B; 24AA; 41 and 47F
Freedom of Information Amendment (Reform) Act 2010: s 3
Privacy Act 1988: ss 6(1); 6C(1)(b); 6D-6EA; 16A(2); 16B(1) and (2); 16C(3); 36; 36(1) and
(7); 36(2A); 40(1) and (1A) and 52(1)(a) and (b), (1B) and (2)
Privacy Amendment (Enhancing Privacy Protection) Act 2012: ss 2 and 3
Telecommunications Act 1997: ss 7 and 87(1)
Telecommunications (Interception and Access) Act 1979: ss 5(1); 187A(1), (3) and (4);
187AA and 187LA
Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015: s 3
CASES
Bailey v Hinch [1989] VicRp 9; [1989] VR 78
Ben Grubb and Telstra Corporation Limited [2015] AICmr [35]
Collector of Customs v Agfa-Gevaert Ltd [1996] HCA 36; (1996) 186 CLR 389; 141 ALR
59; 43 ALD 193; 24 AAR 282
Director of Public Prosecutions (NT) v WJI [2004] HCA 47; (2004) 219 CLR 43; 210 ALR
276
Exxon Corporation v Exxon Insurance Ltd [1982] Ch 119
Jorgensen v Australian Securities and Investments Commission [2004] FCA 143; (2004)
208 ALR 73
Re Denehy and Superannuation Complaints Tribunal [2012] AATA 608; (2012) 131 ALD
413
Re Lobo and Department of Immigration and Citizenship [2011] AATA 705; (2011) 56 AAR
1; 124 ALD 238
Smallbone v New South Wales Bar Association [2011] FCA 1145; (2011) 198 FCR 17; 284
ALR 82
WL v La Trobe University [2005] VCAT 2592; (2005) 24 VAR 23
OTHER MATERIAL
Chambers 21st Century Dictionary, 1999, reprinted 2004, Chambers
Explanatory Memorandum to Privacy Bill
Privacy Report Law Reform Commission Report No. 22, AGPS Canberra, 1983, Vol 2
Second Reading Speech to Freedom of Information Bill Hansard, House of
Representatives, 1 November 1988 at 2117
REASONS FOR DECISION

1.

Under the Privacy Act 1988 (Privacy Act), Mr Ben Grubb asked for access to all metadata
information held by Telstra Corporation Limited (Telstra) regarding his mobile phone.
Telstra gave him access to a range of information but declined to give him access to its

PAGE 2 OF 46

mobile network data which includes metadata. On a complaint made to him by Mr Grubb
regarding Telstras decision, the Privacy Commissioner (Commissioner) decided on 1 May
2015 that the mobile network data is personal information as that term is defined in the
Privacy Act. He further decided that, in refusing to give Mr Grubb access to it, Telstra was
in breach of National Privacy Principle (NPP) 6.1 and directed that he give that information
to Mr Grubb. The relevant law is that which was in force before 13 October 2015.1 I have
decided that Telstras mobile network data is not information about an individual, namely
Mr Grubb, and so is not personal information. Therefore, Telstra is not in breach of NPP
6.1 in refusing to give him access to it.
REQUEST FOR DATA
2.

On 15 June 2013, Mr Grubb wrote an email to Telstra:

As you are no doubt aware under Australian law I have a general right to access
the personal information that a company holds about me. With this in mind Id like
to request all the metadata information Telstra has stored about my mobile phone
service (04).
The metadata would likely include which cell tower Im connected to at any given
time, the mobile phone number of a text I have received and the time it was
received, the time a data session finished and begun, URLs [Uniform Resource
Locators] of websites I have visited, the duration of telephone calls, who is calling
and who Ive called and so on. I assume estimated longitude and latitude positions
would be stored too. This is the type of data I would like to receive.2
TELSTRAS RESPONSE and Mr GRUBBS PRIVACY COMPLAINT

3.

In its letter of 16 July 2013 to Mr Grubb, Telstra provided the following response to his
request:
Ive confirmed that:

4.

We are unable to provide you with information regarding your location and
the details of the numbers that called and sent SMS to your service due to
privacy laws.
I advised you that you can access your outbound mobile call details via your
online billing.
I advised you that you can access the length of your data usage sessions via
online billing.
I advised you that you will need a subpoena for any of the other information
you have requested.3

On 8 August 2013, Mr Grubb lodged a complaint with the Privacy Commissioner

(Commissioner) on the basis that the law requires Telstra to give him access to data that is
1

See [11] below

Documents lodged under s 37 of the Administrative Appeals Tribunal Act 1975 (T documents); T7
at 533
3 T documents; T7 at 535
2

PAGE 3 OF 46

personal to him. No other person has matching data, he added.4 He sought neither an
apology nor compensation. His complaint was made under s 36 of the Privacy Act.
INFORMATION GIVEN TO Mr GRUBB BEFORE COMMISSIONERS DETERMINATION
5.

Following his complaint to the Commissioner, Telstra has given Mr Grubb the following
additional information, which I set out in its context:
(1)

As resolution of the complaint turned on what information fell within the

scope of Mr Grubbs request and so what was personal information, Telstra
wrote to him on 2 October 2014 saying, in part:
To assist with narrowing the issues that need to be considered and
determined by the Commissioner, we are providing you with this letter:
1.

a compact disk containing call records in respect of your account;

2.

a folder containing all bills that have been issued to you in respect of
your account;

3.

a document (Attachment 1 to this letter) listing personal information

in relation to you that is contained in our customer relationship
management system.

Telstra accepts that all of this information is personal information for the
purposes of the Privacy Act 1988.5
(a)

(b)

4
5

The Compact Disk contained an Excel spreadsheet showing call data

records in relation to all outgoing calls, Short Message Service
(SMS) messages and Multimedia Messaging Service (MMS)
messages from Mr Grubbs mobile telephone service between
17 January 2011 and 21 September 2014. The records contained
information showing the following:
(i)

the originating number, described as the A-party number,

being Mr Grubbs mobile number;

(ii)

the A-party location being the mobile cell location;

(iii)

the number of the recipient of the communication, which is

described as the B-party number;

(iv)

the date of the communication;

(v)

the time of the communication; and

(vi)

the duration of the communication in seconds in the case of a

call and, in the case of an SMS or MMS, the fact that it was
made.

The folder referred to in the letter contained copies of all bills that
related to his mobile telephone service account since it had been
opened and that Telstra had issued to him since then. Ms Jhin Chiu,
a Legal Counsel with Telstra, stated that the form of accounts had
changed over the years but that the information they contained had
generally remained the same. I set out the type of information
appearing in a bill at [(c)(iii)] below.

T documents; T7 at 527-531
Exhibit C; Exhibit JC-1
PAGE 4 OF 46

(c)

The information in Attachment 1 to Telstras letter dated 2 October

2014 and referred to in (1) of this paragraph contained information of
the following type:
(i)

Personal information held in Telstras Customer Relationship

System including details of Mr Grubbs full name, address,
date of birth, mobile number, email address(es), billing
account number, customer ID (identity), IMSI (International
Mobile Subscriber Identity), PUK (personal unlocking key),
marketing opt outs, SIM (Subscriber Identity Module)
category and password.

(ii)

A sample page of calls made from his mobile number

showing:

(iii)

(i)

Mr Grubbs number as A-party number;

(ii)

A-party location being a suburb or area;

(iii)

B-party number being the number called;

(iv)

Call date;

(v)

Call time; and

(vi)

Call duration in seconds or SMS details.

A Tax Invoice or Telstra Bill issued to Mr Grubb in the form

currently used by Telstra. It shows:

information such as his address, the billing period, the

date the bill was issued, the account number and the
bill number, the mobile number, the total due for
payment and when it was due;

his bill history in graph form, details of his previous

balance and its payment and the charges due under
his particular plan;

general information about how to restrict or bar certain

content on his mobile; and

details of the calls he had made on his mobile in the

billing period showing, for each call, the date and time
it was made, the type of call being National or National
to Telstra mobile, location, number called, rate (being
Peak or Weekend), duration in minutes and seconds,
the gross amount in dollars and the net amount in
dollars.

(2)

In a letter dated 18 November 2014, Telstra gave Mr Grubb additional data

that it regarded as personal information. That was information regarding the
colour of his handset, the handsets ID, its IMEI (International Mobile Station
Equipment Identity), his mobile device payment option and the network
type.6

(3)

Telstra wrote a third letter dated 27 January 2015 including a report of

information that it had extracted from a system that retained nine to ten
months of data at a time. The report was downloaded to a USB flash drive.
The data Telstra extracted related to the period from 19 February 2014 to

Exhibit C; Exhibit JC-2

PAGE 5 OF 46

3 December 2014 and included some material that it had previously

provided to Mr Grubb. The report included details of:
(a)

A-party number;

(b)

A-party IMEI;

(c)

A-party IMSI;

(d)

A-party Cell ID;

(e)

A-party location;

(f)

original number called;

(g)

called number;

(h)

B-party IMEI (redacted);

(i)

B-party IMSI (redacted);

(j)

B-party Cell ID (redacted);

(k)

B-party location (redacted);

(l)

call date;

(m)

call time;

(n)

call duration in seconds.7

INFORMATION NOT GIVEN TO MR GRUBB BEFORE COMMISSIONERS

DETERMINATION
6.

On the basis of Ms Chius affidavit, I find that Telstra has not given Mr Grubb access to two
classes of information. One class comprises call data records in relation to incoming calls,
SMS messages or MMS messages. The other class comprises network data retained
by Telstra in relation to communications passing through its mobile networks.8 Ms Chiu
expanded on the first:
Incoming call data records would show the following categories of information: the
A Partys number, IMEI and IMSI, the B Partys number, IMEI and IMSI, mobile cell
location information in relation to the A Party and the B Party (where the party is a
Telstra customer), and the date, time and (where applicable) duration of the
communication. This information would be shown in relation to each call, SMS
message and MMS message to the Complainants mobile telephone service since
his account was opened, whether or not the A Party had a silent line or had blocked
his or her calling number display.9
NOTICE TO PRODUCE ISSUED TO TELSTRA BY THE COMMISSIONER

7.

On 27 November 2014 and before Telstra sent its third set of information to Mr Grubb early
in 2015, the Commissioner gave Telstra a Notice to Produce the following:

Exhibit C; Exhibit JC-3 and see also T documents; T21 at 619-917

Exhibit C at [22]
9 Exhibit C at [21]
8

PAGE 6 OF 46

The information that Telstra would provide to a law enforcement agency under
warrant or court order requesting the following data and information regarding
Mr Ben Grubbs mobile telephone account :
All the metadata and telecommunications data Telstra holds about Mr Ben Grubbs
mobile telephone account which may include (but is not limited to) the following:

8.

Subscriber information including service number and connection dates

Carriage service records including call records, SMS records and internet
records (including date, time and duration of a communication, details of the
phone numbers of the parties involved in the communications)

Location-based information including the cell tower Mr Grubb is connected to

at any given time, estimated longitude and latitude positions)

Internet session information including date, time and duration of internet

sessions as well as Internet Protocol (IP) address, email logs and URLs of
websites.10

On the basis of Ms Chius affidavit, I find that the Commissioner subsequently narrowed the
scope of information to be produced by his Notice to Produce.11 In its response dated
11 December 2014, Telstra provided the following information:
(1)

The information contained in the first document included Mr Grubbs service

number, account number(s), customer ID, connection date and statement
that still active, service name, service address, billing name, statement
email, date of birth, authorised representative, SIM number, IMSI, IMEI,
product being plan and mobile, SIM replacement and order submitted and
place where submitted.
(a)

Telstra noted that an order had been placed but it could not identify
whether it had been submitted online or over the telephone as both
the order and interaction had been archived. It had been unable to
access that archived information due to an issue it had identified.12

(2)

The second document set out Mr Grubbs call records extending from 19
February 2014 to 3 December 2014. The format is the same as that in the
call records sent to Mr Grubb by Telstra in its letter dated 27 January 2015
for the same period.13

(3)

Call data records in relation to incoming and outgoing calls.14 A sample

page was attached to Ms Chius affidavit as part of Exhibit JC-1. I have
summarised the nature of the information shown on the document at (1)(a)
of this paragraph.

(4)

Sample longitude and latitude coordinates of mobile cells. That document

sets out information under the following headings:
(a)

CGI (computer-generated imagery);

(b)

Base Station Name;

10

Exhibit C at [13]
Exhibit C at [14]
12 T documents; T25 at 1115-1116
13 See [5(3)] above and T documents; T21 at 619-917
14 T documents; T22 at 919-1107
11

PAGE 7 OF 46

(c)

Billing name;

(d)

MSA Name (Metropolitan Statistical Areas);

(e)

State;

(f)

Antenna Latitude (GDA9415);

(g)

Antenna Bearing;

(h)

Technology;

(i)

Cell Name (LRD Code);16

(j)

Base Station Type; and

(k)

Date.17

COMMISSIONERS DETERMINATIONS
9.

After reviewing Mr Grubbs complaint, the Commissioner made two declarations on 1 May
2015. The first was that Mr Grubbs complaint was substantiated and the Telstra had
breached NPP 6.1 by failing to provide the complainant with access to personal information
in accordance with it. Under s 52(1)(b)(ii) of the Privacy Act, the Commissioner declared
that Telstra must:

10.

within 30 business days after the making of this declaration, provide the
complainant with access to the following personal information held by
Telstra in accordance with the complainants request dated 15 June 2013
and further to that already provided by Telstra to the complainant, save that
Telstra is not obliged to provide access to the phone numbers of incoming
callers:

Internet Protocol (IP) address information

Uniform Resource Locator (URL) information

Cell tower location information beyond the cell tower location

information that Telstra retains for billing purposes (to which the
complainant has been given access).

provide the complainant with access to the above information free of

charge.18

Mr Grubb said at the hearing that he was not seeking access to the phone numbers of
incoming callers.

15

GDA94 is the Geocentric Datum of Australia. It is a coordinate reference system that was adopted
nationally on 1 January 2000.
16 LRD = Link & Route Detail
17 T documents; T23 at 1109
18 Ben Grubb and Telstra Corporation Limited [2015] AICmr [35] at [172]; footnote omitted
PAGE 8 OF 46

LEGISLATIVE FRAMEWORK
Privacy Act in force immediately before 12 March 2014 amendments came into effect
11.

Between the time Mr Grubb lodged his complaint with the Commissioner in 2013 and the
time the Commissioner made his determinations in 2015, the Privacy Act has been
extensively amended. Amendments of particular relevance are those made by the Privacy
Amendment (Enhancing Privacy Protection) Act 2012 (PAEPP Act) but their application is
determined by Schedule 6. In this case, Item 16 is relevant for it relates to complaints
made to the Commissioner under s 36 of the Privacy Act before the commencement time
(12 March 201419) but only if:
immediately before that time, the Commissioner has not:

(i)
(ii)

decided under Part V of that Act not to investigate, or not to investigate

further, the act or practice; or
made a determination under section 52 of that Act in relation to the
complaint.20

In those circumstances, the complaint may be dealt with under the Privacy Act after
12 March 2014 as if the amendments made by the PAEPP Act had not been made.21
Telstras duty under the Privacy Act
12.

For the purposes of the Privacy Act, Telstra is regarded as an organisation. The word
organisation is defined to include various entities. Among them is a body corporate that is
not a small business operator.22 Telstra is not a small business operator but it is a body
corporate and so an organisation. It is common ground that Telstra does not have an
approved policy code binding it. Therefore, it must not do an act, or engage in a practice,
that breaches a National Privacy Principle (NPP).23
A.

13.

Application of NPPs

Putting aside tax file number information, credit information and credit reporting,24 the
Privacy Act applies to the collection of personal information by an organisation and to the

19

PAEPP Act; Schedule 6, Item 1 and s 2, Item 2

PAEPP Act; Schedule 6, Item 16(1)(b)
21 PAEPP Act; Schedule 6, Item 16(2) I set out the relevant amendment that has been made to the
definition of personal information at [80] below. At [19]-[25] below, I set out the amendments made
to the Telecommunications (Interception and Access) Act 1979 to add ss 187AA and 187LA and
their relevance to the definition of personal information under the Privacy Act.
22 Privacy Act; s 6C(1)(b) and see also ss 6D-6EA
23 Privacy Act; s 16A(2) The NPPs were replaced by the Australian Privacy Principles (APPs) by the
PAEPP Act with effect from 12 March 2014: see s 3, Schedule 1, Items 14 and 104 and s 2(1), Item
2.
24 Tax file numbers and credit information are the subjects of Division 4 and 5 of Part III respectively.
Part IIIA relates to credit reporting.
20

PAGE 9 OF 46

personal information collected only if certain circumstances apply. In relation to the

collection, the Privacy Act only applies if it is collected for inclusion in a record or a
generally available publication. In relation to personal information that has been collected,
it applies only if it is held by an organisation in a record.25 The word record is defined in
s 6(1) of the Privacy Act to mean:
(a)

a document; or

(b)

a database (however kept); or

(c)

a photograph or other pictorial representation of a person;

but does not include:

14.

(d)

a generally available publication; or

(e)

anything kept in a library, art gallery or museum for the purpose of reference,
study or exhibition; or

(f)

Commonwealth records as defined by subsection 3(1) of the Archives Act

1983 that are in the open access period for the purposes of that Act; or

(fa)

records (as defined in the Archives Act 1983) in the custody of the Archives
(as defined in that Act) in relation to which the Archives has entered into
arrangements with a person other than a Commonwealth institution (as
defined in that Act) providing for the extent to which Archives or other
persons are to have access to the records; or

(g)

documents placed by or on behalf of a person (other than an agency) in the

memorial collection within the meaning of the Australian War Memorial Act
1980; or

(h)

letters or other articles in the course of transmission by post.

Sections 16C to 16E modify the way in which the NPPs apply. Sections 16C and 16D
delay their application in some instances and s 16E take the collection and use of personal
information for an individuals personal, family or household affairs outside the application
of the NPPs. Section16C(3) was raised during the hearing in relation to the construction of
personal information but it was also recognised that it does not apply to exclude any
personal information that is from the scope of NPP 6. It is a transitional provision and was
included when Division 3 of Part III was added by the Privacy Amendment (Private Sector)
Act 2000 with effect from 21 December 2001. The personal information sought by
Mr Grubb has been collected since that date.

15.

Section 16C(3) provides:

National Privacy Principle 6 applies in relation to personal information collected
after the commencement of this section. That Principle also applies to personal
information collected by an organisation before that commencement and used or
disclosed by the organisation after that commencement, except to the extent that

25

Privacy Act; ss 16B(1) and (2)

PAGE 10 OF 46

compliance by the organisation with the Principle in relation to the information

would:

B.
16.

(a)

place an unreasonable administrative burden on the organisation; or

(b)

cause the organisation unreasonable expense.

NPP 6

Only some paragraphs of sub-clause 6.1 of NPP 6 come into play and I will repeat only
those paragraphs that may be relevant:
Access and correction
6.1

If an organisation holds personal information about an individual, it must

provide the individual with access to the information on request by the
individual, except to the extent that:
(a)-(b)
(c)

providing access would have an unreasonable impact upon the

privacy of other individuals; or

(d)-(f)
(g)

providing access would be unlawful;

(h)

denying access is required or authorised by or under law; or

(i)-(k)
C.
17.

Definition of personal information

Immediately before 12 March 2014, s 6(1) of the Privacy Act defines the term personal
information to mean:
information or an opinion (including information or an opinion forming part of a
database), whether true or not, and whether recorded in a material form or not,
about an individual whose identity is apparent, or can reasonably be ascertained,
from the information or opinion.

18.

For completeness, I note that the definition was repealed and substituted from that day with
the following:
personal information means information or an opinion about an identified
individual, or an individual who is reasonably identifiable:

D.
19.

(a)

whether the information or opinion is true or not; and

(b)

whether the information or opinion is recorded in a material form or not.26

Extension of duty from 13 October 2015

With effect from 13 October 2015, the Telecommunications (Interception and Access) Act
1979 (TIA Act) was amended by the Telecommunications (Interception and Access)
26

PAEPP Act; s 3, Schedule 1, Item 36

PAGE 11 OF 46

Amendment (Data Retention) Act 2015 (Data Retention Act). Both before and after that
date, Telstra has been a carriage service provider for the purposes of the TIA Act.27
20.

From 13 October 2015, the following note was added to the definition of personal
information in s 6(1) of the Privacy Act:
Note: Section 187LA of the Telecommunications (Interception and Access) Act
1979 extends the meaning of personal information to cover information kept
under Part 5-1A of that Act.28

21.

More specifically, s 187LA, which comes within Part 5-1A of the TIA Act and which also
came into effect from 13 October 2015, provides:

22.

(1)

The Privacy Act 1988 applies in relation to a service provider, as if the

service provider were an organisation within the meaning of that Act, to the
extent that the activities of the service provider relate to retained data.

(2)

Information that is kept under this Part, or information that is in a document

kept under this Part is taken, for the purposes of the Privacy Act 1988, to be
personal information about an individual if the information relates to:
(a)

the individual; or

(b)

a communication to which the individual is a party.

Part 5-1A imposes an obligation on persons it describes as service providers who operate
a service to which Part 5-1A applies to:
keep, or cause to be kept, in accordance with section 187BA and for the period
specified in in section 187C:
(a)

information of a kind specified in or under section 187AA; or

(b)

documents containing information of that kind;

relating to any communication carried by means of the service.

Note 1-3
23.

29

Since 13 October 2015, s 187A(3) of Part 5-1A provides that the Part applies to a service if:

TIA Act; s 5(1) providing that carriage service provider has the meaning given by the
Telecommunications Act 1997. Section 7 of the Telecommunications Act 1997
(Telecommunications Act) provides that the expression carriage service provider has the meaning
given by section 87. Section 87(1) set out what it describes as a basic definition before it goes on
to modify it. The basic definition is:(1) For the purposes of this Act, if a person supplies, or
proposes to supply, a listed carriage service to the public using: (a) a network unit owned by one or
more carriers; or (b) a network unit in relation to which a nominated carrier declaration is in force; the
person is a carriage service provider. Section 86 provides that, for the purposes of that
legislation, a carriage service provider is, together with a content service provider, a service
provider.
28 Data Retention Act; s 3; Schedule 1; Item 1H
29 TIA Act; s 187A(1)
27

PAGE 12 OF 46

(a)

it is a service for carrying communications, or enabling communications to

be carried, by means of guided or unguided electromagnetic energy or both;
and

(b)

it is a service:

(c)

(i)

operated by a carrier; or

(ii)

operated by an internet service provider (within the meaning of

Schedule 5 to the Broadcasting Services Act 1992); or

(iii)

of a kind for which a declaration under subsection (3A) is in force;

and

the person operating the service owns or operates, in Australia,

infrastructure that enables the provision of any of its relevant services;

but does not apply to a broadcasting service (within the meaning of the
Broadcasting Services Act 1992).
24.

Section 187AA sets out six topics of information that, since 13 October 2015, must be kept
and gives a description of the information in each. The topics are:

25.

The subscriber of, and accounts, services, telecommunications devices and

other relevant services relating to, the relevant service

The source of a communication

The destination of a communication

The date, time and duration of a communication, or of its connection to a

relevant service

The type of a communication or of a relevant service used in connection with

a communication

The location of equipment, or a line, used in connection with a

communication.

Section 187A(4) now clarifies the operation of s 187AA by providing:

This section does not require a service provider to keep, or cause to be kept:
(a)

information that is the contents or substance of a communication; or

Note: This paragraph puts beyond doubt that service providers are not
required to keep information about telecommunications content.

(b)

information that:
(i)

states an address to which a communication was sent on the

internet, from a telecommunications device, using an internet access
service provided by the service provider; and

(ii)

was obtained by the service provider only as a result of providing the

service; or

Note: This paragraph puts beyond doubt that service providers are not
required to keep information about subscribers web browsing
history.
(c)

information to the extent that it relates to a communication that is being

carried by means of another service:
PAGE 13 OF 46

(i)

that is of a kind referred to in paragraph (3)(a); and

(ii)

that is operated by another person using the relevant service

operated by the service provider;

or a document to the extent that the document contains such information; or

Note: This paragraph puts beyond doubt that service providers are not
required to keep information or documents about communications
that pass over the top of the underlying service they provide, and
that are being carried by means of other services operated by other
service providers.
(d)

information that the service provider is required to delete because of a

determination made under section 99 of the Telecommunications Act 1997,
or a document to the extent that the document contains such information; or

(e)

information about the location of a telecommunications device that is not

information used by the service provider in relation to the relevant service to
which the device is connected.

Complaints under the Privacy Act

26.

Subject to one qualification, an individual may complain to the Commissioner about an act
or practice that may be an interference with his or her privacy.30 The qualification, which is
set out in s 36(2A), is not relevant as Telstra does not have an approved privacy code.

27.

Once a complaint has been made about an act or practice that is an act or practice of an
organisation, the respondent to that complaint is the organisation.31 The Commissioner is
generally required to investigate that act or practice if that act or practice may be an
interference with the privacy of an individual.32 The one exception to the Commissioners
obligation arises if the complainant did not first complain to the respondent before making
the complaint under s 36 to the Commissioner. Even then, the Commissioner may decide
to investigate the complaint if he or she considers that it was not appropriate for the
complainant to complain to the respondent.33 The Commissioners powers and duties in
undertaking the investigation are set out in Division 1 of Part V of the Privacy Act.

28.

Division 2 of Part V set out the Commissioners powers after investigating a complaint.
They include those set out in s 52(1)(a) and (b):
After investigating a complaint, the Commissioner may:
(a)

make a determination dismissing the complaint; or

(b)

find the complaint substantiated and make a determination that includes one
or more of the following:

30

Privacy Act; s 36(1)

Privacy Act; s 36(7)
32 Privacy Act; s 40(1)
33 Privacy Act; s 40(1A)
31

PAGE 14 OF 46

(i)

29.

a declaration:
(A)

where the principal executive of an agency is the respondent

that the agency has engaged in conduct constituting an
interference with the privacy of an individual and should not
repeat or continue such conduct; or

(B)

in any other case that the respondent has engaged in

conduct constituting an interference with the privacy of an
individual and should not repeat or continue such conduct;

(ii)

a declaration that the respondent should perform any reasonable act

or course of conduct to redress any loss or damage suffered by the
complainant;

(iii)

a declaration that the complainant/ is entitled to a specified amount

by way of compensation for any loss or damage suffered by reason
of the act or practice the subject of the complaint;

(iv)

a declaration that it would be inappropriate for any further action to

be taken in the matter.

The Commissioner is required to state any findings of fact upon which the determination is
based.34 The determination is not binding or conclusive between any of the parties to the
determination.35
OUTLINE OF SUBMISSIONS

30.

At the outset of his written closing submissions on behalf of Telstra, Mr Masters submitted
that there are two key issues for determination:

31.

(a)

whether mobile network data held by Telstra in relation to the Complainants

mobile telephone service are personal information, that is, whether the
Complainants identity is apparent or can reasonably be ascertained from
the mobile network data; and

(b)

whether providing the Complainant with access to incoming call data records
held by Telstra in relation to his mobile telephone service would have an
unreasonable impact upon the privacy of other individuals.36

As Mr Grubbs identity is not apparent from, and cannot be reasonably be ascertained from,
mobile network data in relation to his mobile telephone service, the mobile network data are
not personal information, Mr Masters submitted. Furthermore, exception (c) to NPP 6.1
would apply as providing Mr Grubb with access to incoming call data records in relation to
his mobile telephone service would have an unreasonable impact upon the privacy of other
individuals. He referred to my earlier decisions in Re Lobo and Department of Immigration

34

Privacy Act; s 52(2)

Privacy Act; s 52(1B)
36 Outline of Closing Submissions of the Applicant at [1]
35

PAGE 15 OF 46

and Citizenship37 (Lobo) and Re Denehy and Superannuation Complaints Tribunal38

(Denehy).
32.

Mr Masters submitted that Mr Grubbs identity is not apparent and cannot be ascertained
when regard is had solely to the mobile network data. That data, for example, contains no
reference to a customers name or telephone number. When regard is had to information in
the public arena, Mr Grubbs identity is neither apparent nor can be easily ascertained from
that mobile network data. The only way in which the identity of an individual could be
ascertained from Telstras mobile network data would be for regard to be had to information
that is not available in the public domain i.e. information in its network assurance systems,
subscriber database and customer relationship management system.

33.

Even if it were relevant to have regard to information that is solely within Telstras
possession, it cannot be certain that the further information that would be required to
identify an individual from mobile network data would be available. The evidence,
Mr Masters submitted, supports a finding that it is retained for a maximum of 30 days but
for as few as three. Therefore, the availability of information required to ascertain the
identity of an individual from mobile network data is a matter of speculation and conjecture.
That is not enough to satisfy the definition of personal information.

34.

The process of identifying an individual from the mobile network data involves complicated
and tedious searches of the sort that could not lead to a finding that the identity of the
individual could reasonably be ascertained from that mobile network data. He referred to
the evidence of Mr Tracey.

35.

On behalf of the Privacy Commissioner, Ms Allars submitted that there is no basis for
adopting an interpretation of the expression personal information any different from that
which has been adopted when the same expression is used in the Freedom of Information
Act 1982 (FOI Act). The expression was adopted without comment in the Second Reading
Speech made in 1988 by the then Attorney-General, the Hon Lionel Bowen MP in
introducing the Privacy Bill.39 The Explanatory Memorandum had given examples but had
not addressed the issue of the whether the identity of an individual is apparent or can
reasonably be ascertained, from the information or opinion. The Law Reform Commission,

37

[2011] AATA 705; (2011) 56 AAR 1; 124 ALD 238

[2012] AATA 608; (2012) 131 ALD 413
39 Hansard, House of Representatives, 1 November 1988 at 2117
38

PAGE 16 OF 46

whose Privacy Report40 preceded the Privacy Act, had considered the issue and stated
that:
[i]f the information can easily be combined with other known information, so that the
persons identity becomes apparent, the information should be regarded as
personal information. Information should be regarded as personal information if it
is information about a natural person from which, or by use of which, the person can
be identified.41
Ms Allars submitted that my reasoning in Lobo and Denehy is consistent with this
approach.
36.

Turning to Telstras submissions, Ms Allars submitted that it had incorrectly treated the
words information or opinion in the definition of personal information as referring to the
whole of the database information it holds. The words information or opinion appearing at
the end of the definition of personal information should instead be read as referring to the
information or opinion to which access is sought under NPP 6.1. The definition is directed
to the question whether the identity of a person is apparent or can reasonably be
ascertained from the class of information that is the subject of the request made under NPP
6.1. The words apparent or can reasonably be ascertained do not authorise an
organisation to give a response along the lines of the size of the tasks being such that it
would substantially and unreasonably divert its resources from its other operations. That
would be a response permitted under s 24AA of the FOI Act but not under the Privacy Act.

37.

In applying the exception in NPP 6.1(c), a two-step approach is required. The first is to
enquire whether the identity of any other individuals would be apparent or reasonably
ascertainable from the persona information of the requester. That enquiry would be made
on the assumption that the personal information as being in the public arena. The second
would be to ask whether giving access to the person making the request would have an
unreasonable impact on other individuals. These two steps, Ms Allars submitted, were
taken by Yates J in Smallbone v New South Wales Bar Association42 (Smallbone).

38.

Ms Allars rejected any suggestion that Telstra could refuse to disclose the information on
the basis that the identity of an individual was only apparent or could reasonably be
ascertained from information or material that it has in its possession but which it refuses to
place in the public arena. Even if I were to accept that Telstras approach were correct, the
evidence does not support it in the circumstances of this matter. It is immaterial that

40

Report No. 22, AGPS Canberra, 1983, Vol 2 at [1196]-[1198]

Report No. 22, AGPS Canberra, 1983, Vol 2 at [1198]
42 [2011] FCA 1145; (2011) 198 FCR 17; 284 ALR 82
41

PAGE 17 OF 46

personal information has been deleted from Telstras database because the issue is
whether the identity of the person requesting the information is apparent or reasonably
identifiable from the current information held. The deleted data ceases to be the subject of
the request for access. The data that is the subject of the request is the data held by
Telstra when its request is determined.
39.

Mr Grubb submitted that the Privacy Act gives individuals a right to their personal
information and a further right to have that personal information corrected if it is inaccurate,
incomplete or out-of-date. Whether it is known as data or metadata, the information that he
generates while using Telstra services, Mr Grubb submitted, is personal information. If he
were not to exist, nor would that data. Therefore, that data is information about him and
personal to him. He should be given access to it under the Privacy Act.

40.

At the heart of Mr Grubbs submission is the proposition that, if a person were to trawl
through the data held by Telstra, that person would be able to identify Mr Grubb from it. To
illustrate his submission, Mr Grubb referred to data released by AOL as anonymised search
query logs conducted by a large number of its users. AOL released the information for
research purposes but made it publicly available. Among those to whom it was available
was the New York Times. It used the information released by AOL on particular users to
follow their searches and, using the information from those searches, to identify them.

41.

The same would be true of him, Mr Grubb submitted. Google, he said, uses encryption on
searches. That means that information about his search would arrive at Telstra in a
sanitised form. If he were to use a search engine that did not have encryption, his name
would appear in the URL or metadata. That URL would be stored by Telstra for an
unknown period of time. Every site that he visits reveals a little of his identity. One site
may, or may not, identify him but, when all the information is combined, metadata patterns
are formed. There would be a very high likelihood that it would be possible to identify the
person who made the searches.

42.

If Telstra can associate metadata with a specific account, Mr Grubb said, then it is personal
information about that account holder. If Telstra can give law enforcement access to
metadata such as URLs, IP (Internet Protocol) addresses and cell tower information, why is
it that Telstra cannot give him the same metadata, he asked. Metadata generated by him is
personal information.

PAGE 18 OF 46

THE EVIDENCE
43.

As the issue in this case concerned information held by Telstra in relation to Mr Grubbs
mobile telephone service, the evidence was directed to mobile communications and not to
communications over fixed line or other services.
Telstras mobile network data

44.

Since 2013, Mr Gerard John Tracey has been the General Manager of Telstras Complex
Analysis and Investigations team in its Network Infrastructure Operations group. His role
requires him to provide operational support for Telstras delivery of its products and
services. Before holding his current position, Mr Tracey was the Network Technology
Manager of the Mobility Analysis and Investigations team in the Network Infrastructure
Operations group. He holds a Bachelor of Engineering and a Bachelor of Information from
the Queensland University of Technology.

45.

Mr Tracey gave evidence regarding Telstras mobile network data. He explained that this
data is a collection of recorded transactions that occur between mobile devices and
Telstras mobile network in order to:

46.

(1)

manage the mobility of mobile devices as they move through the network;
and

(2)

establish, maintain or disconnect connections between mobile devices and

the destinations that the devices and the destinations that the devices are
seeking to communicate with (for example, another mobile device, a fixed
service or an internet location).

Telstra does not regard data used by Telstra for its billing purposes as mobile network data.
It keeps the two separate and distinct. The data in the billing systems has been configured
for the purpose of billing customers.

47.

Mr Tracey explained Telstras retention policy regarding its mobile network data:
(1)

Telstra is likely to hold multiple network data records in relation to a single

mobile device over a period of only a few seconds after the device has been
turned on to connect to, and communicate with, Telstras network.

(2)

Telstras mobile network data is retained for no more than about 30 days
and, in some instances, for only three days.

(3)

The network data is retained for network assurance purposes. That means
that Telstra uses the data to ensure that its networks are optimally delivering
the services that customers are paying to use as well as to investigate and
address faults in the networks.

PAGE 19 OF 46

Interrogation of Telstras mobile network data

48.

Telstras Network Infrastructure Operations group accesses mobile network data using
approximately 13 different network assurance systems, Mr Tracey said. Access to, and an
understanding of, each of the 13 network assurance systems is required before the
recorded transactions between a customers mobile device and Telstras network may be
interpreted and explained. In all, only some 12 staff have that access and knowledge. All
of them are located in the Network Infrastructure Operations group. Mr Tracey explained
the way in which the network assurance systems work:
Telstras network assurance systems have been designed for the purpose of
monitoring and ensuring the operation of Telstras network, and not for the purpose
of billing customers (which is the purpose of Telstras billing systems). Because of
the way in which the network assurance systems have been configured, the
collection and storage of any particular network data by Telstra are not certain or
guaranteed. Some transactions are randomly missed and not gathered or stored.
This is because the network assurance systems have been designed to deliver an
assurance capability, but without a level of capacity and robustness akin to those of
Telstras networks and billing systems.43

49.

Mr Tracey said that there are many different types of information that Telstra could
theoretically identify and isolate by interrogating mobile network data using its network
assurance schemes. He gave the following as examples together with those in the
following paragraph. None of the information in these examples is, Mr Tracey said,
identified, isolated or extracted by Telstra as part of its normal business operations.44 The
first examples he set out were:

50.

(a)

whether a particular call to a mobile device was unanswered;

(b)

the reason why a particular call from a mobile device was diverted (for
example, whether a call was diverted to voicemail because the caller did not
answer, was on another call, was out of coverage or declined the call);

(c)

the length of a particular Short Message Service (SMS) message sent or

received by a mobile device (that is, the number of characters in the SMS
message);

(d)

whether a particular call from a mobile device was to a prepaid mobile

device;

(e)

whether a particular call from a mobile device was made using Telstras 2G
network, 3G network or 4G network.45

In addition to these examples, Mr Tracey referred to three others which he said could be
identified and isolated in relation to mobile communications only by interrogating the

43

Exhibit A at [17]
Exhibit A at [25]
45 Exhibit A at [18]
44

PAGE 20 OF 46

network data by using Telstras network assurance systems. He added an explanation to

each. The three other examples are:
(1)

Uniform Resource Locators (URLs) involved in mobile data

communications
A URL is an identifier, such as a webpage reference, used to locate a
resource on the Internet. An example of a URL is http://www.telstra.com.
The URL is analogous to the name used when addressing a postal
envelope.46

(2)

Internet Protocol (IP) addresses allocated to mobile devices;

An IP address is a numerical identifier assigned to an entity (for example, a
mobile device, a network element, an internet site or a server) that
communicates using the Internet Protocol. The Internet Protocol is the
communications protocol used to communicate with the Internet. An
example of an IP address is . An IP address is analogous to a street
address used when addressing a postal envelope. Mobile data
communication occurs between the two entities, which are each allocated an
IP address. The IP address allocated to the requesting entity is called the
source IP address and the address allocated to the target destination is
called the destination IP address. Generally, the requesting entity is a
mobile device, and the target entity is either a network element or an Internet
site. A mobile device may have multiple IP addresses allocated to it over
time. Similarly, a particular IP address may be allocated to multiple mobile
devices over time.47

(3)

mobile cell location information beyond the mobile cell location information
that Telstra retains for billing purposes.
Mobile cell location information relates to the location of mobile cells
involved in mobile communications. Telstras mobile network comprises a
collection of mobile cells, which each provide radio coverage to a particular
geographical area. Telstra geographically groups cells to form what is called
a location area. As a mobile device moves through a location area, it may
communicate with multiple cells in that area by handing over between cells.
The cell with which a mobile device communicates is not necessarily the cell
geographically closest to the mobile device. Rather, the device will
communicate with the cell that provides the best signal strength.48

Distinguishing between Telstras mobile network data and its billing systems
51.

Mr Tracey described what he understands to be the difference between the information

held on Telstras billing systems and that in its mobile network data record:
Telstras billing systems only record the cell with which a customers device
communicates at the commencement of the call and, in the case of an SMS
message or MMS message, the cell involved in the sending of that communication.
For billing purposes, Telstras billing systems also record the cells with which a
device communicates at periodic points during a data session. A data session is a
period that commences when a device connects to the mobile network to enable
46

Exhibit A at [19] and [20]

Exhibit A at [19] and [21]
48 Exhibit A at [19] and [22]
47

PAGE 21 OF 46

data communication using the Internet Protocol (for example, downloading content
from the Internet) to be made, and continues until the device disconnects or is
required to re-establish a new data session (for example, if the device loses
coverage, or is powered off). This is the mobile cell location information that Telstra
retains for billing purposes.
By contrast, Telstras mobile network data record other mobile cell location
information in relation to mobile communications for network assurance purposes.
For example, when a mobile device is not involved in a chargeable communication
but it is nevertheless moving through the network, it will initiate communication with
a mobile cell when it detects that the cell is part of a new location area. By
chargeable communication, I mean a communication in relation to which a customer
may be billed by Telstra. A mobile device will also periodically communicate with
the network to confirm that it is still connected to the network. The mobile cell
location information that may be recorded in Telstras mobile network data, and
which is retained for network assurance purposes, includes records of such
communications. It also includes information in relation to other cells with which a
mobile device communicates during a call (that is, other than the cell with which the
device communicates at the commencement of the call).49
Organisation of Telstras mobile network data
52.

Mr Tracey gave evidence about the manner in which Telstras mobile network data is
organised. It is neither ordered nor indexed by reference to particular customers, their
names or telephone numbers or by devices, he said. Instead, network data is
fundamentally grouped according to network entities. Network entities, he said, are
elements within Telstras network. The grouping is based on various protocols that are
used to establish, maintain or disconnect connections with the network. Each protocol uses
a numeric identifier. A unique numeric identifier will appear in and identify a particular
mobile network data record in relation to a mobile communication. Each protocol and its
numeric identifier relates to a different interface between network entities i.e. to a different
function performed by the network.

53.

Numeric identifiers used to identify mobile network data may be an International Mobile
Subscriber Identity (IMSI) or a Non-IMSI Identifier.
(1)

49

IMSI
(a)

An IMSI is allocated to, and identifies, a Subscriber Identity Module

(SIM) card. The same IMSI will remain allocated to a particular SIM
card.

(b)

As an example of its role, an IMSI is always used within the core

switching voice network used to set up a voice call.

(c)

An IMSI is likely to have multiple Non-IMSI Identifiers, such as a

TMSI, P-TMSI and GUTI, allocated to it.

Exhibit A at [23]-[24]
PAGE 22 OF 46

(2)

Non-IMSI Identifier
(a)

Non-IMSI Identifiers include a Temporary Mobile Subscriber Identity

(TMSI), the Packet-Temporary Mobile Subscriber Identity (P-TMSI),
the SAE Temporary Mobile Subscriber Identity (S-TMSI), the
Temporary Logical Link Identity (TLLI) and the Globally Unique
Temporary UE Identity (GUTI).

(b)

One type of Non-IMSI Identifiers, a TMSI, is always used over radio

interfaces such as the interface between a mobile device and a
mobile cell tower.

(c)

Non-IMSI Identifiers are allocated dynamically and will reference

multiple IMSIs over time.

(d)

The allocation of a Non-IMSI Identifier to an IMSI is a transaction that

may be recorded in Telstras mobile network data.
(i)

The timing of that allocation is random in that it cannot be

accurately predicted with any certainty.

(ii)

The timing of the allocation may be dictated by a range of

factors including, but not limited to, when the relevant device
was turned on, when the device was moved between
geographical areas, when the device moved between
networks (2G, 3G or 4G) and when any operational fault with
the device or the network occurred.

(iii)

Some allocations of a Non-IMSI Identifier to an IMSI are

transactions that are randomly missed and not collected or
stored.

Retention of Telstras mobile network data

54.

In his affidavit, Mr Tracey said that 30 days is generally the maximum period for which
Telstra retains its mobile network data and that it may be as short as three days.50
The process of identifying a customers identity using mobile network data

55.

In explaining whether a customers identity could be ascertained from mobile network data
by using a Non-IMSI Identifier, Mr Tracey dealt first with the situation in which Telstra had
not retained the relevant mobile network data. In that case there would be no record of the
transaction allocating the Non-IMSI Identifier. It would be impossible both from a
theoretical and practical point of view.

56.

If the mobile network data had been retained, Mr Tracey said, and if the transaction
recording the allocation of the Non-IMSI Identifier were identified, it would be possible to
ascertain the relevant IMSI as the IMSI would appear in a recorded transaction. Given that

50

Exhibit A at [32]
PAGE 23 OF 46

an IMSI is allocated to a particular SIM card, the customers identity could then be
ascertained. The task would:
(1)

have to be done by recursively reviewing historical network data and

searching for a particular transaction recording the allocation of the NonIMSI Identifier to an IMSI:
(a)

the process is possible in theoretical terms but impossible in practical

terms given the immense volume of data that would need to be
recursively reviewed in order to identify the relevant transaction;

(2)

require access to Telstras subscriber database in order to find the telephone

number assigned to the SIM card to which the IMSI was allocated;

(3)

require access to Telstras customer relationship management system in

order to find the name of the customer using the telephone number; and

(4)

have to be undertaken by a person within Telstras Network Infrastructure

Operations group because he or she would have to have access to Telstras
network assurance systems in order identify a specific transaction of that
sort as well as access to Telstras subscriber database and customer
relationship management system:
(a)

Telstras network assurance systems, its subscriber database and

customer relationship management system are accessible only by
authorised Telstra staff and representatives and not by members of
the public;

(b)

Only four or so people within Telstra would have the capacity to

identify, unaided by others, a customers name with a Non-IMSI
Identifier because only four have access to all three sources of
information and each is located within the Complex Analysis and
Investigations team in the Network Infrastructure Operations group;
(i)

It is extremely rare that a member of the Network

Infrastructure Operations group would ever look up a
telephone number of a customer on the subscriber database
using an IMSI.

(ii)

The Network Infrastructure Operations group may look

up an IMSI using a telephone number when
investigating a complaint received from a customer in
relation to an issue at a particular location at a
particular time;

Mr Tracey could recall fewer than ten occasions on which the

Network Infrastructure Operations group had looked up a
telephone number using an IMSI. Those occasions generally
arose because Telstra had determined that a particular
device was causing disruption to a mobile network and it had
to be identified to remove the large impact the disruption was
having on its customer base. On one such occasion, the
device causing the disruption was located in a sports field
light tower.

In such a case, the Network Infrastructure Operations

group would use the customer relationship
management system to look up the name of the owner
of the device;

PAGE 24 OF 46

Apart from that situation, the Network Infrastructure

Operations group would be extremely unlikely to look
up the name of a customer using the customer
relationship management system. Normally, that
system is used by Telstras customer relationship
management staff and is not used as part of the
Network Infrastructure Operations groups functions.51

Determining whether originating party has blocked his or her calling number display
57.

Mr Tracey said that once Telstra has ceased to retain its mobile network data it would,
except in the case of an individual with a silent line, be impossible for it to identify whether
an individual who had called a Telstra customer had chosen to block his or her calling
number display.

58.

If it were the case that Telstra had retained the relevant recorded transactions, it may be
possible for it to identify whether an individual calling a Telstra customer had chosen to
block his or her calling number display. Telstras mobile network data would have to be
interrogated and that is a task that could only be undertaken by a very small number of
specialised staff within Telstra. It would be undertaken by:
(1)

using Telstras network assurance system to extract the recorded

transactions in relation to the call in question;

(2)

review those recorded transactions to determine if a Calling Line

Identification (CLI) suppression prefix (1831) had been used when the call
was made.
(a)

a caller may use that prefix either by dialling it when making a call or
by selecting a calling number display blocking function on the callers
device;

(b)

the process would require each call to be reviewed, which would be

laborious and time-consuming.

Telstras obligations to provide information to law enforcement agencies

59.

The Operations Manager gave evidence regarding Telstras obligations to provide

information to law enforcement agencies in relation to mobile communications. His
evidence specifically excluded other types of communications such as fixed line
communications. He has been the Operations Manager of the Law Enforcement Liaison
group of Telstra since July 2011. Before that, he was a Senior Security Investigator and
Adviser in its Security Investigations and Operations group.

60.

In accordance with Telstras legal obligations, the Operations Manager said, the Law
Enforcement Liaison group provides law enforcement agencies with various types of
51

Exhibit A at [31]-[39]
PAGE 25 OF 46

information it has retained in relation to mobile communications. The Law Enforcement

Liaison group does not use any systems that enables it to have access to the mobile
network data to which the Network Infrastructure Operations group has access for network
assurance purposes. Therefore, the Law Enforcement Liaison group does not, and cannot,
ascertain the identity of individuals from mobile network data.
61.

The information that the Law Enforcement Liaison group (LEL group) does give to law
enforcement agencies includes information in relation to mobile calls, SMS messages,
MMS messages and mobile data sessions during which a mobile device may be
communicating with the internet:

62.

(1)

Mobile data sessions may be described as General Packet Radio Service

(GPRS) sessions;

(2)

The information may include the A-party number and the B-party number,
the date, time and duration of the communication and certain mobile cell
location information:
(a)

Mobile cells are sites in a cellular network containing equipment

involved in mobile communications.

(b)

Typically, mobile cells are located on mobile cell towers or buildings

and there may be multiple cells located on each.

(c)

A mobile cell is identified by an alphanumeric identifier called a Cell

Global Identity (CGI).

(d)

The mobile cell location provided only concerns the location of

the mobile cell with which a mobile device communicates when a call
is first connected and/or an SMS message is sent or received (in
relation to the A Party and/or the B Party, but only where the party is
a Telstra customer), and the location of the mobile cells to which a
mobile device periodically connects for billing purposes during a data
session.52

In cross-examination, the Operations Manager said that the statement I have set out at
(2)(d) in the preceding paragraph is true in terms of a retained data request by law
enforcement agencies. Information regarding this information is available prospectively to
law enforcement agencies who use their powers to ask for it.

63.

Information that is not provided to law enforcement agencies or is rarely provided was
described by the Operations Manager:
(1)

52

To the best of [the Operations Managers] knowledge, the Law Enforcement

Liaison group has, except for the location of the mobile cell to which a call is
first connected, never given law enforcement agencies information about
any other mobile cells to which a mobile device may be connected during a
call.

Exhibit B at [7]
PAGE 26 OF 46

(2)

64.

Except in extremely rare instances, the Law Enforcement Liaison group

does not give law enforcement agencies with Internet Protocol (IP)
addresses allocated to mobile devices or Uniform Resource Locators (URLs)
involved in mobile data communications.

The Operations Manager expanded on the second point in the previous paragraph
because, at first sight, it appears to contradict an answer prepared by Telstra to a question
on notice from the Parliamentary Joint Committee on Intelligence and Security (PJCIS) in
December 2012. The document is headed Data disclosed to law enforcement and
national security agencies and forms Appendix H to the PJCISs 2013 report entitled
Report of the Inquiry into Potential Reforms of Australias National Security Legislation.53
The document describes four types of data disclosure together with the data classification
and the authority for its release.54 The first type of data disclosure is described, in part, as:
Any telecommunications data or meta data but not the content or substance of a
communication. It may include:

65.

Internet Protocol (IP) addresses and Uniform Resource Locators (URLs) to

the extent that they do not identify the content of a communication, and

A similar statement appears in the description of the second type of data disclosure:
Anything relating to, but not the content or substance of, a communication. It can
include:

Internet Protocol (IP) addresses and Uniform Resource Locators (URLs) to

the extent that they do not identify the content of a communication, and

66.

The Operations Manager said in his affidavit that he had prepared these answers and that
the statements:
relate to telecommunications data or meta data generally (including, for
example, fixed line data), and not specifically to mobile data. I confirm my earlier
statement in this affidavit that Telstras Law Enforcement Liaison group does not
(other than in extremely rare instances that have occurred) provide law enforcement
agencies with IP addresses allocated to mobile devices or URLs involved in mobile
data communications. I also confirm my earlier statement in this affidavit that, to the
best of my knowledge, the Law Enforcement Liaison group has never provided a

53

Exhibit B; Exhibit GW-1

The authority for release is identified by reference to specified provisions of the TIA Act and the
Telecommunications Act 1997.
54

PAGE 27 OF 46

law enforcement agency with mobile cell location information beyond the mobile cell
location information referred to in paragraph 7 above.55
67.

In cross-examination, the Operations Manager told Ms Allars that, if the LEL group receives
a retrospective retained data request, it provides:
a retained record that we have in relationship to a communication, so its a
record thats held in the past. We will not provide additional CGIs in relationship to
that communication, only the initial CGI that managed that connectivity to the
network.56
The reason for its not doing so is that it is not available to LEL. He did not know whether it
was available to other groups within Telstra.
THE AUTHORITIES

68.

The authorities to which I have been referred have considered either the definition of
personal information in the context of privacy legislation in the Commonwealth or a State
or in the FOI Act or a related issue.
Personal information: Victorian privacy legislation - WL v La Trobe University

69.

In WL v La Trobe University57 (WL), Deputy President Coghlan considered whether the

Victorian Civil and Administrative Tribunal (VCAT) had jurisdiction to consider a matter
referred to it by Victorias Privacy Commissioner (VPC). If WL had not made a valid
complaint to the VPC, the VPC could not make a valid referral to VCAT. La Trobe
University (La Trobe) had been collaborating with other research institutions in a
longitudinal study known as the Australian Longitudinal Study of Health and Relationships.
WLs partner had been a participant in that study and completed a survey by telephone.
The telephone used was owned by WL and some of the questions asked had concerned
WL. As WL complained to La Trobe the day after the survey, it still held the data and was
able to locate it on its database by reference to the contact telephone number. La Trobe
deleted all of the information obtained from WLs partner within six days. WL complained
on the basis that her information had been given in response to some of the questions
while using her publicly listed telephone number.

70.

Section 25 of the Information Privacy Act 2000 (Vic) (IPA) provided that:

Exhibit B at [13] I have set out the information referred to in [7] of the Operations Managers
affidavit at [61(2)(d)] above.
56 Transcript at 38
57 [2005] VCAT 2592; (2005) 24 VAR 23; Deputy President Coghlan
55

PAGE 28 OF 46

An individual in respect of whom personal information is, or has at any time been,
held by an organisation may complain to the Privacy Commissioner about an act or
practice that may be an interference with the privacy of the individual.
The expression personal information is defined in the same terms as it is defined in s 6(1)
of the Privacy Act. The initial issue became, therefore, whether La Trobe held, or had at
any time held, personal information about WL.
71.

Deputy President Coghlan found that there was nothing in the data from which WLs
identity was apparent. In deciding whether WLs identity was reasonably ascertainable
from the data, she said:
The gravamen of the applicants case is that a cross-match of answers to questions
which isolate so many personal characteristics of the applicant, such as to
distinguish the applicant from other individuals, with a cross-matching of telephone
numbers, would identify the applicant with certainty.58
Deputy President Coghlan went on to find that WLs identity could not be gleaned simply by
reference to the information collected. She continued:
At best, the identity might be ascertainable by the organisation first cross-matching
its own databases then using extraneous materials such as electronic white pages
which can match a phone number to a name. It might then be possible in
conjunction with the specific answers to questions, to narrow the potential identity of
the partner. But even then, in light of Professor Pitts evidence, the thrust of which
was that one could not with certainty conclude that the interviewees partner was the
same person whose phone number had been called, it could never be said that the
partner was the person whose phone number was used.59

72.

As to whether WLs identity could reasonably be ascertained, from information or

opinion Deputy President thought that the use of some extraneous material or information
might be contemplated. Support for that view was to be found in the judgment of Gobbo J
in Bailey v Hinch60 in the context of s 4(1)(a) of the Judicial Proceedings Reports Act 1958.
That section provided:
(1)

A person shall not in relation to any proceedings or any court or before

justices in respect of an offence of a sexual or unnatural kind publish or
cause to be published in any newspaper or document or in any broadcast by
means of wireless telegraphy or television
(a)

the name address or school or any other particulars likely to lead to

the identification of any person against or in respect of whom the
offence is alleged to have been committed (whether or not that
person is a witness in the proceedings); or

(b)

58

[2005] VCAT 2592; (2005) 24 VAR 23 at [24]; 30

[2005] VCAT 2592; (2005) 24 VAR 23 at [33]; 31
60 [1989] VicRp 9; [1989] VR 78
59

PAGE 29 OF 46

73.

Mr Hinch, a journalist, had reported the name of the Judge in a particular case. In
convicting both Mr Hinch and the broadcaster, the Magistrate had found that naming the
Judge in the particular circumstances of the case was likely to lead to identification of the
wife of the accused, who was the victim. A better informed member of the public, the
Magistrate had found, could look up the Judges name in the law list, find the name of the
accused and therefore discover the name of the victim. In the course of giving his reasons
for dismissing the appeal from the conviction and sentence imposed on Mr Hinch and the
broadcaster, Gobbo J said:
There is much force in the argument that a publication that leads or is likely to lead
to the name of the victim does not necessarily mean that this is equivalent to
identification of the victim. This would seem to be so, for example, where the name
of the defendant is John Smith and nothing more is revealed or likely to be revealed.
In such a case, where it is known that the accused was alleged to have raped his
wife, all that would be known was that the victim's name was Mrs. John Smith. As a
matter of construction, I am of the view that the mere surname of the victim cannot
automatically be equated with identification. In the John Smith type of example, it is
difficult to see how it could, though it could amount to identification if the case took
place in a small town where there was only one or there were very few Smiths
residing. With a less common name, it may be that the mere name is enough.
Further, I do not accept that publication of particulars likely to lead to ascertainment
of only the name of the victim cannot amount to identification.
In my view, the operation of the words in question is a matter of fact in each case. It
is not open to me to decide this matter as though I can reconsider this issue and
then replace the Magistrates decision with my own if my view of the facts differs
from his view.61

74.

This was a view adopted by Deputy President Coghlan in WL when she concluded:
Even allowing for the use of external information, the legislation requires an
element of reasonableness about whether a persons identity can be ascertained
from the information and this will depend upon all the circumstances in each
particular case. Here, the alleged process of ascertainment would require inquiries
from different databases, cross-matching and then cross-matching with an external
database and even then the making of any possible connections would not identify
with certainty. Even on the most favourable view to the applicant, this is beyond
what is reasonable.62
In view of this finding, she did not need to consider whether or not the information held by
La Trobe had been about WL.

61
62

[1989] VicRp 9; [1989] VR 78 at 93

[2005] VCAT 2592; (2005) 24 VAR 23 at [52]; 34
PAGE 30 OF 46

Personal information FOI Act

75.

I will begin with a reference to s 41 and the definition of personal information as they have
appeared in the FOI Act at the time the following two cases were decided. For
completeness, I have added the amendments made more recently.

76.

A.

Relevant exemption and definition

A.1

Section 41 and reference to personal affairs as enacted in 1982

When it was originally enacted, the FOI Act did not refer to personal information. Instead,
reference was made to personal affairs, which was not an expression that was defined.
Sections 41(1) and (2) provided:
(1)
A document is an exempt document if its disclosure under this Act would
involve the unreasonable disclosure of information relating to the personal affairs of
any person (including a deceased person).
(2)
Subject to sub-section (3), the provisions of sub-section (1) do not have
effect in relation to a request by a person for access to a document by reason only
of the inclusion in the document of matter relating to that person.
A.2

77.

Section 41 amended and personal information defined in 1991

Section 41 was amended by the Freedom of Information Amendment Act 1991 (1991 FOIA
Act). Sections 41(1) and (2) then read:

78.

(1)

A document is an exempt document if its disclosure under this Act would

involve the unreasonable disclosure of personal information about any
person (including a deceased person).

(2)

Subject to subsection (3), the provisions of subsection (1) do not have effect
in relation to a request by a person for access to a document by reason only
of the inclusion in the document of matter relating to that person.

At the same time, the 1991 FOIA Act amended s 4(1) to include a definition of the
expression personal information. It read:
personal information means information or an opinion (including an opinion
forming part of a database), whether true or not, and whether recorded in a material
form or not, about an individual whose identity is apparent, or can reasonably be
ascertained, from the information or opinion.
A.3

79.

Section 41 repealed and replaced by s 47F from 1 May 2011

Section 41 was repealed and replaced by s 47F with effect from 1 May 2011.63 Section
47F(1) differed from s 47(1) only to the extent necessary to accommodate its classification

63

Freedom of Information Amendment (Reform) Act 2010 (FOIAR Act); s 3, Schedule 3, Part 2, Item
33 and s 2(1), Item 6
PAGE 31 OF 46

as a conditional exemption only and so subject to a further public interest test before
access could be refused.64 It was, however, qualified by the addition of a new sub-section
requiring an agency or Minister to have regard to certain matters in coming to a decision
under s 47(1). The relevant sub-sections are ss 47(1) and (2) and they then read:

A.4
80.

(1)

A document is conditionally exempt if its disclosure under this Act would

involve the unreasonable disclosure of personal information about any
person (including a deceased person).

(2)

In determining whether the disclosure of the document would involve the

unreasonable disclosure of personal information, an agency or Minister must
have regard to the following matters:
(a)

the extent to which the information is well known;

(b)

whether the person to whom the information relates is known to be

(or to have been) associated with the matters dealt with in the
document;

(c)

the availability of the information from publicly accessible sources;

(d)

any other matters that an agency or Minister considers relevant.

Definition of personal information amended from 12 March 2014

With effect from 12 March 2014,65 the definition of personal information was amended by
the PAEPP Act66 to read:
personal information has the same meaning as in the Privacy Act 1988.
The definition in the Privacy Act is set out at [18] above. It is in the same form as the
definition inserted in 1991 in the FOI Act and removed by the PAEPP Act. Section 47F was
not amended.
B.

81.

Re Lobo and Department of Immigration and Citizenship

In Lobo, I considered the meaning of the expression personal information as it appeared

in the FOI Act after its introduction by the 1991 FOIA Act and before its amendment on
12 March 2014 to reflect the definition in the Privacy Act. I made the following observations
regarding the definition:
(1)

[T]he personal information protected from access by s 41(1) is simply

information or an opinion about an individual whose identity is apparent or
can reasonably be ascertained. It is not information or an opinion about a
particular part of a persons life. Consequently, the information protected
from disclosure by the exemption is not limited to information about their
private or domestic affairs. The protection extends, for example, to
information or opinion about their work or employment. Provided the

64

FOI Act; s 11A(5) as read with s 11B

PAEPP Act; s 2, Item 3
66 PAEPP Act; s 3, Schedule 5, Item 36
65

PAGE 32 OF 46

information or opinion is about an individual and the identity of that

individual is apparent or can reasonably be ascertained, it is protected from
disclosure under the FOI Act. It matters not whether it is true or not.67
(2)

82.

When is information about an individual? Among the ordinary

meanings of the word about are those relating to its use in reference to
time, distance, quantity and position. Another meaning relates to substance
or quality and that is the meaning in which it is used in s 41(1). The meaning
is that of concerning or relating to someone or something; on the subject of
them or it.68

I note that in Jorgensen v Australian Securities and Investments Commission,69 Weinberg J

did not question the Australian Securities and Investments Commissions (ASICs) decision
not to challenge the Tribunals finding that the private telephone numbers, and home
addresses of ASIC officers were exempt from disclosure under the FOI Act by virtue of
being personal information.70 In Lobo, I considered the reasons for decision in WL and the
authorities to which Deputy President Coghlan had referred in the course of considering
whether academic transcripts showing students names, student numbers and results were
exempt under s 41(1). I concluded:
In an age in which records are computerised and search engines increasingly
sophisticated, it would not be unreasonable to expect that a person who had access
to SICBs [the Colleges] records could use the subjects and their codes, the details
of study and the results and marks for each subject to identify the person who is the
subject of the academic transcript. It seems to me that regard should be had to all
resources that may be available to a member of the public in deciding whether an
individuals identity can reasonably be ascertained from the information or opinion.
That may be information that is available to all members of the public or may be
available only to a limited number of them. The existence or nature of the
information cannot be a matter of conjecture or speculation for the individuals
identity must be something that can reasonably be ascertained, from the
information or opinion. The word reasonably effectively eliminates conjecture or
speculation.71
B.

83.

Re Denehy and Superannuation Complaints Tribunal

Among the questions considered in Denehy was whether disclosure to Ms Denehy of her
late fathers personal information would be unreasonable. I applied the reasoning I had set
out in Lobo.

67

[2011] AATA 705; (2011) 56 AAR 1; 124 ALD 238 at [288]; 93; 325
[2011] AATA 705; (2011) 56 AAR 1; 124 ALD 238 at [289]; 93; 325
69 [2004] FCA 143; (2004) 208 ALR 73
70 [2004] FCA 143; (2004) 208 ALR 73 at [43]; 83
71 [2011] AATA 705; (2011) 56 AAR 1; 124 ALD 238 at [302]; 97-98; 329
68

PAGE 33 OF 46

Unreasonable impact upon privacy of others: Privacy Act - Smallbone v New South
Wales Bar Association
84.

In Smallbone Yates J considered whether the New South Wales Bar Association (NSWBA)
was required, under the Privacy Act, to give Mr Smallbone access to information it had
collected about him in relation to his application for appointment as Senior Counsel.
Information had been given by members of two groups known as the Consultation Group
and the Judicial Consultation Group. The NSWBA is an organisation within the meaning of
the Privacy Act and there was no dispute between it and Mr Smallbone that the information
it held was personal information for the purposes of the Privacy Act and the NPPs. The
issue was whether the NSWBA was obliged to give it to Mr Smallbone in light of NPP
6.1(c), which provides:
If an organisation holds personal information about an individual, it must provide
the individual with access to the information on request by the individual, except to
the extent that:
(a)-(b)
(c)

providing access would have an unreasonable impact upon the privacy of

other individuals;

(d)-(k)
85.

Mr Smallbone had submitted that he needed to know the identity of those who had provided
information about him so that he might exercise his rights under NPPs 6.5 and 6.6. Those
rights related to whether the information about him was accurate, complete and up to date.
As Yates J observed, the exception provided by NPP 6.1(c) is not necessarily an absolute
exemption for it is qualified by the words except to the extent that one or other of the
circumstances described in the following paragraphs (a) to (k) applies. He said:
What is required is that access to the information be provided except to the
extent that it would have the unreasonable impact to which NPP 6.1(c) refers.
Whether providing access to the information would have that unreasonable
impact is essentially a matter of practical judgment having regard to all the
circumstances of the case. In short, a factual evaluation is involved.
In C v Insurance Company [2006] PrivCmrA 3 the Commissioner identified
the following factors as being relevant to the assessment of whether the provision of
access to documents containing the personal information of third parties would have
an unreasonable impact on the privacy of those individuals:

Whether the individual would expect that his or her information would be
disclosed to a third party, including whether an assurance of confidentiality
was provided.

The extent of the impact on the individuals privacy.

Whether any public interest reasons for providing access to the information
outweigh any expectation of confidentiality.

PAGE 34 OF 46

Whether masking the identifying details of the third parties would sufficiently
protect the privacy of these individuals.

Those considerations are helpful indicators of some of the considerations that might
be involved in a particular evaluation of the application of NPP 6.1(c). They are not,
however, the only relevant considerations. Another relevant consideration is the
nature of the information that is held by the organisation and the form in which that
information is held.72
86.

The word privacy is used in NPP 6.1(c) but it is not defined either there or in the Privacy
Act generally. Yates J concluded:
As used in NPP 6.1(c) in respect of the privacy of other individuals, the word
must bear its ordinary English meaning as denoting the state of being private. In my
view the expression the privacy of other individuals as used in NPP 6.1(c) would
comprehend and include an individuals expression of opinion that was proffered so
as to be confined to or intended only for the person or persons to whom the opinion
was expressed. The applicant did not seek to contend otherwise.
I am satisfied, therefore, that disclosure of the identity of members of the
Consultation Group and the Judicial Consultation Group who provided information
about the applicant would impact on the privacy of those members. Given the
circumstances in which the information was sought and the circumstances in which
it came to be provided, as well as the nature of the information itself, I am satisfied
that granting access to the applicant of that information would have an
unreasonable impact upon the privacy of those members. Thus, to that extent, by
operation of NPP 6.1(c), the respondent is not obliged to provide access to the
applicant to that information.73

87.

His Honour went on to accept the general thrust of a submission made on behalf of the
NSWBA to the effect that, even if not identified by name, the identity of a member of the
Judicial Consultation Group might still be disclosed if, for example, that member were the
only judicial officer from a designated and disclosed court providing a response. By a
process of elimination based on professional experience, Mr Smallbone would be able to
identify the judicial officer providing information. If there were only one response from a
particular court, the identity of the judicial officer is likely to be revealed. If there are only a
small number of responses from a disclosed and designated court, Mr Smallbone was likely
to know those with whom he had direct professional experience and so identify those who
had not expressed an opinion favourable to him. Yates J concluded that, in those
circumstances, giving Mr Smallbone access to information that designated the court to
which the members of the Judicial Consultation Group have been appointed would be an
unreasonable impact upon the privacy of those individuals.

72
73

[2011] FCA 1145; (2011) 198 FCR 17; 284 ALR 82 at [47]-[50]; 27-28; 92-93
[2011] FCA 1145; (2011) 198 FCR 17; 284 ALR 82 at [56]-[57]; 28-29; 93-94
PAGE 35 OF 46

88.

The responses received from judicial officers of the Supreme Court were in a different
category. Yates J considered that their number was such that to give Mr Smallbone access
to them would not have an unreasonable impact upon the privacy of members of the
Judicial Consultation Group who were appointed to that court. He reached the same
conclusion in relation to the individuals appointed to the Consultation Group and in relation
to the presentation of the information by reference to broad sub-categories of those
providing the information e.g. judicial, senior counsel, junior counsel and solicitors.
CONSIDERATION

89.

Reference was made at various times in the course of the case to the test in my reasons for
decision in Lobo and to whether or not it had been met. I am uncomfortable with my
reasons being regarded as formulating a test of some sort for any test is found in the
relevant provisions of the Privacy Act. It is to the words of that legislation to which I must
have regard together with any interpretation by the courts. Putting that to one side, none of
the authorities considered the threshold question raised by the definition of personal
information regarding whether information was about an individual. That is a question
that I must consider.
Principles of statutory interpretation

90.

It is clear from the authorities that, in interpreting a statutory provision, it is important not to
become so focused on the individual words of which it is comprised that the meaning of the
whole is lost. Regard must be had to both as is apparent from the following passage from
the judgment of the High Court in Collector of Customs v Agfa-Gevaert Ltd74 (AgfaGevaert):
The meaning attributed to individual words in a phrase ultimately dictates the
effect or construction that one gives to the phrase when taken as a whole and the
approach that one adopts in determining the meaning of the individual words of that
phrase is bound up in the syntactical construction of the phrase in question. In R
v Brown [[1996] AC 543 at 561], a recent House of Lords decision, Lord
Hoffmann said:
The fallacy in the Crowns argument is, I think, one common among
lawyers, namely to treat the words of an English sentence as building blocks
whose meaning cannot be affected by the rest of the sentence This is not
the way language works. The unit of communication by means of language
is the sentence and not the parts of which it is composed. The significance
of individual words is affected by other words and the syntax of the whole.

74

[1996] HCA 36; (1996) 186 CLR 389; 141 ALR 59; 43 ALD 193; 24 AAR 282; Brennan CJ,
Dawson, Toohey, Gaudron and McHugh JJ
PAGE 36 OF 46

 [T]he notions of meaning and construction are interdependent 75

91.

This point was illustrated by the High Courts reference in Agfa-Gevaert to the English
Court of Appeals judgment in Exxon Corporation v Exxon Insurance Ltd.76 In that case:
the English Court of Appeal had to consider whether the made-up trade name
Exxon was an original literary work within the meaning of s 2(1) of the Copyright
Act 1956 (UK). The Court accepted that it was original, that it was literary in the
sense that it was composed of letters and had a written form, and that it was a work
because much time and effort had been expended in inventing it. Nevertheless, the
Court held it was not an original literary work. As Oliver LJ put it: [Exxon [1982]
Ch 119 at 144]:
But original literary work as used in the statute is a composite expression,
and for my part I do not think that the right way to apply a composite
expression is, or at any rate is necessarily, to ascertain whether a particular
subject matters falls within the meaning of each of the constituent parts, and
then to say that the whole expression is merely the sum of the total of the
constituent parts. In my judgment it is not necessary, in construing a
statutory expression, to take leave of ones common sense.77
The definition: personal information

92.

The definition of personal information is expressed in terms of a sentence. That sentence

includes three adjectival or relative clauses. It begins with a description of what personal
information means i.e. personal information means information or an opinion (including
information or an opinion forming part of a data base) . There are two adjectival clauses
qualifying the information or an opinion. The first is that information or opinion is included
whether true or not, and whether recorded in a material form or not and the second
is that about an individual . The final adjectival clause qualifies the individual. That
is, the information or opinion is about an individual whose identity is apparent, or can
reasonably be ascertained, from the information or opinion.

93.

While it is true that the definition of personal information is the same in both the Privacy
Act and the FOI Act, the way in which it becomes relevant arises at different times in each
legislative scheme. I am concerned particularly with NPP 6.1 of the Privacy Act. It comes
into consideration only when a particular individual has made a request to an organisation
for access to personal information about him or herself. The organisation will search for
information or opinion, whether it is true or not and whether recorded in a material form or
75

[1996] HCA 36; (1996) 186 CLR 389; 141 ALR 59; 43 ALD 193; 24 AAR 282 at 396-397; 64; 198;
287-288 and see also Director of Public Prosecutions (NT) v WJI [2004] HCA 47; (2004) 219 CLR
43; 210 ALR 276; Gleeson CJ, Gummow, Kirby and Heydon JJ; Hayne J dissenting and see
particularly [84]; 70; 296 per Kirby J
76 [1982] Ch 119
77 [1996] HCA 36; (1996) 186 CLR 389; 141 ALR 59; 43 ALD 193; 24 AAR 282 at 399-400; 66-67;
200; 290
PAGE 37 OF 46

not, about that particular individual. In deciding whether it is about that particular individual,
it will need to decide whether his or her identity is apparent, or can reasonably be
ascertained, from the information or opinion. If it is about that individual, the individual will,
subject to the qualifications in paragraphs NPP 6.1(a) to (k), be entitled to access to it from
the organisation. If one or more of the qualifications does apply, the individuals right to the
personal information is qualified to the extent that it does.
94.

An individual may also request access to personal information about him or herself under
the FOI Act. The search and identification task would be the same as under the Privacy
Act with the tasks of search for information and its characterisation as personal information
as the essential first steps. A request may be made under the FOI Act for information that
is not limited to personal information but which may include personal information. In that
case, an agency will first locate the documents meeting the terms of that request. Having
located them, it will then ask whether disclosure of them, or parts of them, under the FOI
Act would or might have an effect or outcome, or more than one, that the agency would
consider undesirable. If the answer is that disclosure would or might have such an effect or
outcome, the next question an agency must ask itself is whether the effect or outcome is
within the scope of one of those described in the exemption provisions in Part IV of the FOI
Act. Section 47F relating to personal information is an example of such a provision.

95.

Although it may seem trite to do so, I make the point that, when applying the definition of
personal information under either the FOI Act or the Privacy Act, the questions that are
asked must be framed in terms of the definition. They cannot be asked against a different
frame of reference that has, as its starting point, the question: is it possible to use this
information or opinion or to marry it with other information by using a computerised search
engine or in some other way to ascertain the identity of an individual. The starting point
must be whether the information or opinion is about an individual. If it is not, that is an end
of the matter and it does not matter whether that information or opinion could be married
with other information to identify a particular individual.

96.

I will explain this further below but will begin with the example I put forward at the hearing.
That had its foundation in the litany of issues that arose, and were ultimately corrected, in
the three year warranty period following my purchasing a new car. The dealer from whom I
bought the car also services it. It would have records of the various faults that I reported in
the warranty period and that were ultimately corrected together with records of the parts
that were ordered from the manufacturer in the course of the repairs. One set of faults
required the replacement of what I understand to be the equivalent of a motherboard. The
service records noting the problems related, or possibly related, to the motherboard, the
PAGE 38 OF 46

order for its replacement and its replacement are information about the motherboard or the
car and the repairs. It is not information about me. That is so even if the service records
referred to the registration number of my car and even my name. That is so even if the
registration number and name did not appear on the records. Assuming that the problems
my car suffered were not endemic in relation to the particular make and model, it would be
reasonable to expect that it would be easy enough to marry the date of the order with the
date on which the car was brought in for service and the motherboard replaced. A link
could be made between the service records and the record kept at reception or other
records showing my name and the time at which I had taken the care in for service. The
fact that the information can be traced back to me from the service records or the order
form does not, however, change the nature of the information. It is information about the
car, the motherboard or the repairs but not about me.
A.
97.

about an individual

Although its timing in the process may differ between the FOI Act and the Privacy Act, the
initial task of characterisation remains the same. Is the information or opinion, whether true
or not and whether recorded in material form or not, about an individual? Under the
Privacy Act, that characterisation will no doubt take place almost contemporaneously with
whether the information or opinion is about the particular individual requesting it but,
despite that, it is in fact a separate step in the characterisation process. What is
information or opinion about an individual? The relevant meaning among the ordinary
meanings of the word about is:
1 concerning or relating to someone or something; on the subject of them or it.
78
Therefore, the first step is to ask whether the information or opinion is about an individual.
If it is not, that is an end of the matter. If it is, the second step in the characterisation
process is to ask whether the identity of that individual is apparent or can reasonably be
ascertained, from the information or opinion.

98.

Whether information or opinion is about an individual requires an analysis of the subject

matter of that information or opinion. It is clear from the Explanatory Memorandum
accompanying the Privacy Bill when it was introduced in the House of Representatives on
1 November 1988 that the range of what was considered to be personal information, and so
necessarily about an individual, was:

78

Chambers 21st Century Dictionary, 1999, reprinted 2004, Chambers (Chambers)

PAGE 39 OF 46

 infinite and would include, for example, information relating to the persons
physical description, residence, place of work, business and business activities,
employment, occupation, investments and property holdings, relationship to other
persons, recreational interests and political, philosophical or religious beliefs. 79
In the context of the same definition in the FOI Act, an individuals private telephone
number has been said to be personal information.80
99.

These are all matters that can be said to concern or to relate to an individual or to be on the
subject of them. There is a connection between an individual and the information that
means that it is about that individual. Just how strong need that connection be between
the two for it to be about an individual? Putting the issue another way, how tenuous can
the link be before information or opinion is not about an individual but about something else
or, if still about an individual, not about a particular individual but another? If I were to
imagine a road accident in which a car ran a red light and hit a pedestrian who was walking
with a green light, the report of the accident itself naming the driver, the pedestrian and the
circumstances of the accident could, as a whole, be said to be about the driver, the
pedestrian, the circumstances of the accident, the witnesses, the state of the road surface
and the weather and so on.

100.

On further analysis, parts of the report will be about the driver, parts about the pedestrian,
parts about the road conditions and so on. The fact that the pedestrian was taken to
hospital in an ambulance would, for example, be characterised as about the about the
pedestrian as would information that he or she was admitted to hospital with certain
injuries. The treatment of the pedestrian in hospital is another matter as is his or her name,
address, medical history and prognosis. The pedestrian would not needed to have been
undergoing treatment but for the action of the driver. Assuming the relevant records are
available in my hypothetical example, the identity of the driver could be traced back by
matching up the admission records with the ambulance records and the accident report.
Does that mean that this information about the driver? It seems to me that the connection
is too tenuous. The information is about the pedestrian and not about the driver.

101.

Presumably, the driver will be told about the injuries suffered by the pedestrian and his or
her name if and when he or she is charged with offences arising out of the accident. That,
however, will be a consequence of a different legal regime and have nothing to do with
characterising whether the information is about the driver or the pedestrian in the context of

79

Explanatory Memorandum at [33]

Jorgensen v Australian Securities and Investment Commission [2004] FCA 143; (2004) 208 ALR
73 at [43]; 83 per Weinberg J
80

PAGE 40 OF 46

the definition of personal information in the context of the Privacy Act. The same is true if
and when the pedestrian institutes civil proceedings for damages against the driver.
B.

102.

Identity is apparent, or can reasonably ascertained, from the information or

opinion

The ordinary meanings of the word apparent include that of being easy to see or
understand 81 from the information or opinion. That will certainly be the case if the
individual is named in the information or opinion. It will be easy to see or understand the
identity having regard to the information or opinion as a source or origin 82 itself and so
from the information or opinion (emphasis added).

103.

If the individual is not named, the question then becomes whether his or her identity can
reasonably be ascertained from the information or opinion. In Lobo, I considered whether
that question is asked solely by reference to what is in the information or opinion, or
whether regard can be had to wider sources. I did so in the context of accesss being
granted under the FOI Act to a person other than the individual or individuals about whom
information appears in the document under consideration.83 I said that, in those
circumstances, the document in which the information or opinion appears:
becomes part of the information that is available to the public. If the identity of
an individual is apparent or can reasonably be ascertained by reading both the
information in the document and that which is already available in the public arena,
the information or opinion in the requested document is no less the source or
origin of the identification. It is the source or origin of information that gains its
meaning from the context in which it is disclosed. As the definition of personal
information requires that an individuals identity is apparent or can reasonably be
ascertained from the information or opinion, the context in which that is ascertained
must also be defined by reference to the information that is apparent in the public
arena or can reasonably be ascertained from it.84

104.

In Lobo, I went on to illustrate the view I had reached with examples:

To illustrate, I will mention a couple of examples. If, for example, information

in the wider context were only available from a private source, that would not be in
the public arena and could not be used to decide whether the information enabled
the identity of an individual to be identified as required by the definition of personal
information. If that information were in the public arena but could only be obtained
after complicated and tedious searches, that would be a factor in determining

81

Chambers
Chambers (meaning 10)
83 Had the document contained personal information of the individual making the request, the issue
would not have arisen for the exemption in what was then s 41 and is now a conditional exemption
under s 47F does not arise by reason only of the inclusion of matter relating to that individual: FOI
Act; s 41(2) and now s 47F(3).
84 [2011] AATA 705; (2011) 56 AAR 1; 124 ALD 238 at [300]; 97; 329
82

PAGE 41 OF 46

whether the individuals identity can reasonably be ascertained (emphasis added)

from the information or opinion.
A further question arises in relation to information that is available to some
members, or even one member, of the public but is not available to all. This arises
below in relation to the academic transcripts showing the names and student
numbers of students at SICB and their results. Document 734 in Category 9 is an
example. [ See [350]-[354] below] Exemption is claimed under s 41(1) for the
academic results. In an age in which records are computerised and search engines
increasingly sophisticated, it would not be unreasonable to expect that a person
who had access to SICBs records could use the subjects and their codes, the dates
of study and the results and marks for each subject to identify the person who is the
subject of the academic transcript. It seems to me that regard should be had to all
resources that may be available to a member of the public in deciding whether an
individuals identity can reasonably be ascertained from the information or opinion.
That may be information that is available to all members of the public or may be
available only to a limited number of them. The existence or nature of the
information cannot be a matter of conjecture or speculation for the individuals
identity must be something that can reasonably be ascertained, from the
information or opinion. The word reasonably effectively eliminates conjecture or
speculation.85
105.

I continue to be of the same view in relation to the FOI Act but would add that it must be
remembered that the publicly available range of information and means of searching it must
be kept in mind in determining whether an individuals identity can be reasonably
ascertained from the information or opinion in the possession of an agency or Minister.
Workload considerations are not of themselves relevant but the complexities and difficulties
involved in ascertaining the identity of the person from any information or opinion are.

106.

Although the definition of personal information is the same in the Privacy Act as in the FOI
Act, its application differs because of the different statutory regimes established by each.
Except in certain situations relating to law enforcement and the preservation of life, the
Privacy Act is not a vehicle for gaining access to personal information by persons other
than the individuals concerned. It is not a means by which, once access has been given to
the individual concerned, personal information is made publicly available by means of
publication of the sort provided under s 11A of the FOI Act. In light of that, personal
information to which access is given under the Privacy Act will not be subject to general
public scrutiny of the sort to which a document might be subject when access to it is
granted under the FOI Act.

107.

That difference does not, however, detract from the need under the Privacy Act to review
information about an individual with an eye to what is in the public domain and what might
be expected to be known. That need arises when determining whether information or

85

[2011] AATA 705; (2011) 56 AAR 1; 124 ALD 238 at [301]-[302]; 97-98; 329
PAGE 42 OF 46

opinion is about an individual whose identity can reasonably be ascertained, from the
information or opinion. In dealing with a request under the Privacy Act, it does not follow
that an organisation need scour the public domain to ascertain whether there is information
that can be married with the information or opinion it holds in order to ascertain the identity
of the individual. What it means is that the organisation must keep in mind what might be
matters of general knowledge. If, for example, the information were along the lines of
singer and songwriter who died prematurely, I do not think that it could be said that the
identity of that individual can reasonably be ascertained from that information. If the
information were female singer and songwriter who died prematurely, I suggest that her
identity would also not be reasonably ascertainable. If the information were English female
singer and songwriter who was known for her eclectic mix of musical genres of soul, rhythm
and blues and jazz but who died prematurely in July 2011, I suggest that the identity of the
individual can be reasonably ascertained from the information which would be regarded as
part of the broad body of general knowledge.86
108.

Beyond what might be considered to be general knowledge, I do not think that regard
needs to be had to the wide range of information and means of searching information that
is available in the public arena in determining whether an individuals identity is reasonably
ascertainable from the information or opinion held in an organisation. In this regard the
application of the definition of personal information differs from that in the FOI Act. The
Privacy Act regulates the collection, handling and use of information about individuals and
also provides means by which those individuals may obtain access to his or her own
personal information and to ask that it be corrected for accuracy, relevance and
completeness. In deciding whether the identity of an individual is apparent or can
reasonably be ascertained from that information, regard needs to be had to the information
held by the organisation. If that were not the case, an organisation could attempt to defeat
the purposes of the Privacy Act by allocating a code of some sort to each individual and
keeping a separate record of that.
Mobile network data

109.

Mr Traceys evidence regarding the nature and content of Telstras mobile network data is
set out at [45] to [46] above. The nature of that data was not challenged by the
Commissioner or by Mr Grubb and I accept Mr Traceys evidence. In particular, I find that
the mobile network data that is in issue in this case has two essential features. The first is
that it records transactions occurring between mobile devices and Telstras mobile network
in order to manage the mobility of mobile devices through that network. These may be
86

Amy Winehouse
PAGE 43 OF 46

various during the course of a call from a mobile device as the device may communicate
with various cells as the call moves through the network. Even if a call is not made from a
mobile device, there remains communication between the mobile device and the network in
order to confirm that the network connection remains. The second feature of mobile
network data is that it establishes, maintains or disconnects connections between mobile
devices and the destinations that the devices and the destinations that the devices are
seeking to communicate with (for example, another mobile device, a fixed service or an
internet location). Also on the basis of Mr Traceys evidence, I accept that Telstra does not
collect all of the network data that is generated and, if it does collect it, does not generally
store that data for periods longer than 30 days.
110.

Data that is required for Telstras billing systems is collected but Mr Grubb has been given
access to data from that system as it is information about the calls he has made and so
about him. It includes a record of the cell with which a mobile phone or other device
communicates at the beginning of the call or, in the case of an SMS or MMS message, the
cell involved in sending the message. It does not record the cells with which the mobile
device connects during the course of a communication.

111.

I also accept that it may, but not always, be possible to identify a particular Telstra
customer by reference to the mobile network data and other data it maintains. That fact
does not necessarily lead to the conclusion that the mobile network data is personal
information. Whether it is personal information depends upon its characterisation as being
about an individual for that is what the definition of personal information requires.
Mr Grubb submitted that, but for his making his calls or sending his SMS or MMS
messages, particular data in Telstras mobile network data would not have been generated.
That is true but it does not detract from the characterisation task that I am required to
undertake. Is the information about an individual being, in this case, Mr Grubb or is it about
something else? If the outcome of that characterisation is that it is not information about an
individual, Telstra will not, as Mr Grubb submitted, be required to keep it secure under the
Privacy Act. That is an outcome that would follow from the application of the definition in
the particular circumstances of the case.

112.

Had Mr Grubb not made the calls or sent the messages he did on his mobile device, Telstra
would not have generated certain mobile network data. It generated that data in order to
transmit his calls and his messages. Once his call or message was transmitted from the
first cell that received it from his mobile device, the data that was generated was directed to
delivering the call or message to its intended recipient. That data is no longer about
Mr Grubb or the fact that he made a call or sent a message or about the number or address
PAGE 44 OF 46

to which he sent it. It is not about the content of the call or the message. The data is all
about the way in which Telstra delivers the call or the message. That is not about
Mr Grubb. It could be said that the mobile network data relates to the way in which Telstra
delivers the service or product for which Mr Grubb pays. That does not make the data
information about Mr Grubb. It is information about the service it provides to Mr Grubb but
not about him.
113.

I have considered also the IP address allocated to the mobile device which Mr Grubb used.
On the basis of the evidence of Mr Tracey and the Operations Manager, I am satisfied that
an IP address is not information about an individual. Certainly, it is allocated to an
individuals mobile device so that a particular communication on the internet can be
delivered by the Internet Service Provider to that particular mobile device but, I find, an IP
address is not allocated exclusively to a particular mobile device and a particular mobile
device is not allocated a single IP address over the course of its working life. It changes
and may change frequently in the course of a communication. The connection between the
person using a mobile device and an IP address is, therefore, ephemeral. In the context of
this case, it is not about the person but about the means by which data is transmitted from
a persons mobile device over the internet and a message sent to, or a connection made,
with another persons mobile device.
Law enforcement

114.

Mr Grubb has asked why he cannot have the same information as that available to law
enforcement agencies. The answer is that the entitlements of Mr Grubb and those of law
enforcement agencies are the subject of different legislative regimes. Each regime seeks
to achieve a balance of policy considerations and desirable outcomes. Those policy
considerations include protection of an individuals privacy, search and rescue, security and
law enforcement issues and public safety. The various regimes represent a balance of the
various relevant considerations as arrived at by the Parliament. NPP 6.1 is an example of
the way in which that balance is achieved. I have set I have set out NPP 6.1(c), (g) and (h)
at [16] above.87 It shows that an organisations obligation to provide an individual with
The other paragraphs read: 6.1
If an organisation holds personal information about an
individual, it must provide the individual with access to the information on request by the individual,
except to the extent that: (a) in the case of personal information other than health information
providing access would pose a serious threat to the life or health of any individual; or (b) in the case of
health information providing access would pose a serious threat to the life or health of any individual;
or (c) ; or (d) the request for access is frivolous or vexatious; or (e) the information relates to existing
or anticipated proceedings between the organisation and the individual, and the information would not
be accessible by the process of discovery in those proceedings; or (f) providing access would reveal
the intentions of the organisation in relation to negotiations with the individual in such a way as to
prejudice those negotiations; or (g) ; or (h) ; or (i) providing access would be likely to prejudice an
87

PAGE 45 OF 46

access to personal information about him or her is balanced by considerations of the sort to
which I have referred.
115.

The amendment of the TIA Act by the Data Retention Act, which came into force on
13 October 2015, and the consequent deeming of certain information to be personal
information about an individual represents an adjustment of the balance among the
different public and private interests. I have not given any consideration to whether I would,
or would not, have reached a different outcome had the amended legislation applied in the
circumstances of this case. It was agreed between the parties that it did not apply and it is
not the role of the Tribunal to consider matters entirely in the abstract.
DECISION

116.

For the reasons I have given, I set aside the decision of the Commissioner dated 1 May
2015. In its place, I substitute a decision that Mr Grubbs complaint to the Commissioner
and dated 15 June 2013 is not substantiated. As a consequence, I set aside the
Commissioners declaration under s 52 of the Privacy Act and substitute a determination
that Telstra has not breached NPP 6.1 and is not required to provide further information to
Mr Grubb in response to his request.
I certify that the one hundred and sixteen preceding paragraphs are a true
copy of the reasons for the decision herein of
Deputy President S A Forgie,
Signed:
..................[sgd].....................................
Personal Assistant
Date of Hearing

7 and 8 October 2015

Date of Decision

18 December 2015

Counsel for the Applicant

Mr J Masters

Solicitor for the Applicant

Ms J Chiu and Ms N McKinley

Telstra Corporation Limited

Counsel for the Respondent

Ms M Allars SC

Solicitor for the Respondent

Mr L Holcombe and Ms K Mihalic

HWL Ebsworth Lawyers

Joined Party

Mr B Grubb, self-represented

investigation of possible unlawful activity; or (j) providing access would be likely to prejudice: (i) the
prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law
imposing a penalty or sanction or breaches of a prescribed law; or (ii) the enforcement of laws relating
to the confiscation of the proceeds of crime; or (iii) the protection of the public revenue; or (iv) the
prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;
or (v) the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of
its orders; by or on behalf of an enforcement body; or (k) an enforcement body performing a lawful
security function asks the organisation not to provide access to the information on the basis that
providing access would be likely to cause damage to the security of Australia.
PAGE 46 OF 46