Privacy Commissioner v Telstra Corporation Limited

Federal Court of Australia (Full Court)|2017-01-19|Before: Mr J, Mr P, Edelman JJ, Dowsett J

the appeal be dismissed;
the application filed on 19 July 2016 by the Australian Privacy Foundation and the New South Wales Council for Civil Liberties be dismissed; and
the applicant pay the costs of the respondent to be taxed if not agreed. Note: Entry of orders is dealt with in Rule 39.32 of the Federal Court Rules 2011.

DOWSETT J: 1 I have read the reasons prepared by Kenny and Edelman JJ and am in respectful agreement with those reasons and the proposed orders. I wish only to stress two matters. 2 In my view Mr Grubb's application was, from the start, based on a misconception. He requested access to "... all the metadata information Telstra has stored about my mobile phone service ...". Clearly enough, he was entitled, pursuant to National Privacy Principle 6 in Sch 3 to the Privacy Act 1988 (Cth) (the "Privacy Act"), only to "personal information" about him. He was not entitled to access to "all of the metadata information Telstra has stored about my mobile phone service ...". He was entitled only to access to personal information about him, concerning such telephone service. 3 As Kenny and Edelman JJ demonstrate, the definition of the term "personal information" in s 6 of the Privacy Act clearly contemplates identification of information or opinion concerning the relevant applicant. Hence, in this case, Telstra had to decide whether it held information or opinion "about Mr Grubb" before it enquired as to whether his identity was apparent, or could reasonably be ascertained from such information or opinion. In other words, personal information is information or opinion: about the relevant applicant; and from which his identity is apparent or could reasonably be ascertained. 4 It seems that the underlying intention of National Privacy Principle 6 is to ensure that a person has access to information held by a relevant entity, which information may become known to third parties. I certify that the preceding four (4) numbered paragraphs are a true copy of the Reasons for Judgment herein of the Honourable Justice Dowsett.

Introduction 5 This appeal was described by the parties as one which concerns access under the Privacy Act 1988 (Cth) to what was loosely described as "metadata". Metadata is not a defined term in the Privacy Act and is not a term used in any of the relevant provisions, although it is commonly used to mean data that provides information about data. The real issue on this appeal is a very narrow question of statutory construction concerning the meaning of the words "about an individual" as they applied in the Privacy Act prior to 12 March 2014. The Privacy Commissioner submitted that those words were redundant. Therefore, he submitted, the Administrative Appeals Tribunal (AAT) erred by applying those words to the facts before it. The Privacy Commissioner submitted that the matter should be remitted to the AAT so that the statutory test could be applied without any weight being placed on those statutory words (ts 58). 6 The background to this appeal is a request by a journalist, Mr Grubb, for access to all metadata regarding his mobile phone held by Telstra Corporation Limited (Telstra). Telstra gave him some information but refused to give him access to its mobile network data, which includes metadata. On 8 August 2013, Mr Grubb filed a complaint with the Office of the Australian Information Commissioner (the OAIC) under s 36(1) of the Privacy Act. The investigation was conducted by the OAIC, and the declarations were made by Privacy Commissioner. The Privacy Commissioner held that Telstra's refusal was a breach of National Privacy Principle 6.1 of Sch 3 of the Privacy Act. Telstra applied to the AAT to set aside the Privacy Commissioner's determination. A Deputy President of the AAT held that the information was not "personal information" and set aside the determination. The reason for this conclusion was that the information was not "about an individual" (ie Mr Grubb) within the terms of National Privacy Principle 6.1 of Sch 3 of the Privacy Act. This is an appeal from the AAT's decision by the Privacy Commissioner. 7 For the reasons below, the appeal must be dismissed.

The information provided by Telstra and the information it refused to provide 8 On 15 June 2013, Mr Grubb sent an email to Telstra which requested "all the metadata information Telstra has stored about my mobile phone service". He continued: The metadata would likely include which cell tower I'm connected to at any given time, the mobile phone number of a text I have received and the time it was received, the time a data session finished and begun, URLs [Uniform Resource Locators] of websites I have visited, the duration of telephone calls, who is calling and who I've called and so on. I assume estimated longitude and latitude positions would be stored too. 9 On 16 July 2013, Telstra responded, saying that Mr Grubb could access outbound mobile call details and the length of his data use sessions from online billing. Telstra also advised Mr Grubb that due to privacy laws it was unable to provide him with information regarding the location and details of the numbers which called and sent Short Message Service (SMS) messages to his mobile telephone service. 10 On 8 August 2013, Mr Grubb filed a complaint with the OAIC under s 36(1) of the Privacy Act concerning this refusal by Telstra. Mr Grubb sought a determination, including orders declaring that Telstra meet its access obligations and provide Mr Grubb with the access he sought. 11 During the course of the investigation by the Privacy Commissioner, and prior to his determination on 1 May 2015, Telstra provided Mr Grubb with more information on four occasions. These were described in detail in the AAT decision. 12 First, on 2 October 2014, Telstra provided Mr Grubb with: (1) a compact disk containing call records in respect of his account; (2) a folder containing all bills that had been issued to him in respect of his account; and (3) a document listing all his personal information that was contained in Telstra's customer relationship management system. 13 As to (1), the compact disk contained an Excel spreadsheet showing call data records in relation to all outgoing calls, SMS messages and Multimedia Messaging Service (MMS) messages from Mr Grubb's mobile telephone service between 17 January 2011 and 21 September 2014. The records contained information as follows: (1) the originating number, described as the "A-party number", being Mr Grubb's mobile number; (2) the A-party location, being the mobile telephone location; (3) the number of the recipient of the communication, which is described as the "B-party number"; (4) the date of the communication; (5) the time of the communication; and (6) the duration of the communication in seconds in the case of a call and, in the case of an SMS or MMS, the fact that it was made. 14 As to (2), the folder contained copies of all Telstra bills that related to Mr Grubb's mobile telephone service account. 15 As to (3), the document contained information as follows: (1) personal information held in Telstra's customer relationship system including details of Mr Grubb's full name, address, date of birth, mobile number, email address(es), billing account number, customer ID (identity), International Mobile Subscriber Identity (IMSI), personal unlocking key, marketing opt outs, Subscriber Identity Module (SIM) category and password; (2) a sample page of calls made from his mobile number showing: (a) Mr Grubb's number as the A-party number; (b) A-party location being a suburb or area; (c) B-party number being the number called; (d) call date; (e) call time; and (f) call duration in seconds or SMS details; and (3) an invoice or Telstra bill issued to Mr Grubb showing information including the following: his address; the billing period; the date the bill was issued; the account number and the bill number; the mobile number; the total due for payment and when it was due; his bill history in graph form; details of his previous balance and its payment and the charges due under his particular plan; general information about how to restrict or bar certain content on his mobile; and details of the calls he had made on his mobile in the billing period showing, for each call, the date and time it was made, the type of call being National or National to Telstra mobile, location, number called, rate (being peak or weekend), duration in minutes and seconds, the gross amount in dollars and the net amount in dollars. 16 Secondly, on 18 November 2014, Telstra wrote to Mr Grubb providing him with information regarding the colour of his handset, his handset ID, the International Mobile Station Equipment Identity (IMSEI) of his handset, his mobile device payment option, and his network type. 17 Thirdly, on 11 December 2014, in response to a Notice to Produce issued by the Privacy Commissioner (which had been narrowed following evidence from Telstra), Telstra produced the following information, which replicated some of the information already provided by Telstra above: (1) Mr Grubb's service number, account number(s), customer ID, connection date and statement that it was still active, service name, service address, billing name, statement email, date of birth, authorised representative, SIM number, IMSI, IMSEI, product being plan and mobile, SIM replacement and order submitted and place where submitted (although Telstra could not identify whether the order had been submitted online or over the telephone because it could not access that archived information); (2) Mr Grubb's call records extending from 19 February 2014 to 3 December 2014; (3) call data records in relation to incoming and outgoing calls; and (4) sample longitude and latitude coordinates of mobile cells under the following headings: (a) CGI (computer-generated imagery); (b) Base Station Name; (c) Billing Name; (d) MSA (Metropolitan Statistical Areas) Name; (e) State; (f) Antenna Latitude (GDA94); (g) Antenna Bearing; (h) Technology; (i) Cell Name (LRD Code); (j) Base Station Type; and (k) Date. 18 Fourthly, on 27 January 2015, Telstra wrote to Mr Grubb with a report of information relating to the period from 19 February 2014 to 3 December 2014 that it had extracted from a system that retained nine to ten months of data at a time. The report was downloaded to a USB flash drive. The report included details of: (1) A-party number; (2) A-party IMSEI; (3) A-party IMSI; (4) A-party Cell ID; (5) A-party location; (6) original number called; (7) called number; (8) B-party IMSEI (redacted); (9) B-party IMSI (redacted); (10) B-party Cell ID (redacted); (11) B-party location (redacted); (12) call date; (13) call time; and (14) call duration in seconds. 19 Although Telstra provided all of the above information, it disputed that it had any obligation to provide the following information: (1) mobile phone network data, recording: (a) Internet Protocol (IP) address information; (b) Uniform Resource Locator (URL) information; (c) cell tower location information beyond that information that Telstra retained for billing purposes (to which Mr Grubb was given access); (2) incoming call records containing the following information: (a) inbound call numbers and location information including the cell tower involved in the communication (which may not be the one closest to the caller); (b) details such as the date, time and duration of the communication (other than for SMS or MMS messaging where duration is not provided); (c) billing information of incoming callers; and (d) subscriber data in relation to the incoming callers.

Relevant provisions in the Privacy Act 20 As at 1 July 2013 (being the date which the parties agreed was the relevant version of the Privacy Act), s 16A(1) of the Privacy Act provided that an "organisation must not do an act, or engage in a practice, that breaches an approved privacy code that binds the organisation". It was common ground that no issue arose concerning an approved privacy code (ts 14). 21 Section 16A(2) then provided that: To the extent (if any) that an organisation is not bound by an approved privacy code, the organisation must not do an act, or engage in a practice, that breaches a National Privacy Principle. 22 Telstra is an organisation within the meaning of s 6 and s 6C. 23 Section 13A provided that an act or practice of an organisation is an interference with the privacy of an individual if the act or practice breaches a National Privacy Principle in relation to the personal information that relates to the individual and the organisation is not bound by an approved privacy code in relation to the personal information. 24 "National Privacy Principle" was defined in s 6 of the Privacy Act by reference to Sch 3. National Privacy Principle 6.1 in Sch 3 provided that: If an organisation holds personal information about an individual, it must provide the individual with access to the information on request by the individual, except to the extent that… 25 The various exemptions that followed include 6.1(c), which was relied upon by Telstra before the Privacy Commissioner, where "providing access would have an unreasonable impact upon the privacy of other individuals". The other sub-clauses of Principle 6 included: (i) a power for the organisation to refuse direct access to the personal information and provide an explanation for a commercially sensitive decision where evaluative information is concerned (6.2); (ii) a duty for the organisation, if the personal information is exempt from disclosure, and if reasonable, to consider whether the use of mutually agreed intermediaries would allow sufficient access to meet the needs of both parties (6.3); (iii) a power to charge for access to personal information but only where the charges are not excessive and do not apply to the request for access (6.4); (iv) a duty to take reasonable steps to ensure that the personal information is accurate, complete, and up to date if the individual is able to establish that the information is not accurate, complete, and up to date (6.5); (v) a duty to take reasonable steps to include a statement claiming that the information is not accurate, complete, and up to date if the individual and the organisation disagree about whether the information meets this description (6.6); and (vi) a duty to provide reasons for a denial of access or a refusal to correct personal information (6.7). 26 The words "personal information" was defined in s 6 as follows: personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. 27 Although "database" was and is not defined in the Privacy Act, the noun was picked up in the definition of "record" so that a record included a "database (however kept)".

The decision of the Privacy Commissioner 28 Following the complaint by Mr Grubb to the OAIC (under s 36(1) of the Privacy Act), Telstra became the respondent to the complaint (s 36(7)). The OAIC then undertook its duty to investigate the complaint (s 40(1) and s 40(1A)). 29 After the investigation, the Privacy Commissioner made a determination under s 52 of the Privacy Act, including the orders described as declarations declaring that Mr Grubb's complaint was substantiated, and that Telstra had breached National Privacy Principle 6.1 by failing to provide Mr Grubb with access to his personal information in breach of that Principle. The Privacy Commissioner also declared that Telstra must: • within 30 business days after the making of this declaration, provide the complainant [Mr Grubb] with access to the following personal information held by Telstra in accordance with the complainant's request dated 15 June 2013 and further to that already provided by Telstra to the complainant, save that Telstra is not obliged to provide access to the phone numbers of incoming callers: • Internet Protocol (IP) address information • Uniform Resource Locator (URL) information • Cell tower location information beyond the cell tower location information that Telstra retains for billing purposes (to which the complainant has been given access). • provide the complainant with access to the above information free of charge. 30 Telstra sought a review of that decision by the AAT.

The decision of the AAT 31 At the outset of the hearing before the Deputy President of the AAT the two central issues in dispute were as follows: (1) whether mobile network data held by Telstra in relation to Mr Grubb's mobile telephone service is "personal information", that is, whether Mr Grubb's identity is apparent or can reasonably be ascertained from the mobile network data; and (2) whether providing Mr Grubb with access to incoming call data records held by Telstra in relation to his mobile telephone service would have an unreasonable impact upon the privacy of other individuals. 32 As to (1), there was a dispute about whether the "information or opinion" within the definition of personal information was all of the information or opinions held by Telstra or only the information or opinions to which access was requested which is held by Telstra when the request is determined. 33 Telstra also submitted that Mr Grubb's identity could not be ascertained only by reference to mobile network data. It would be necessary to consider information in Telstra's network assurance systems, subscriber database, and customer management system. However, the evidence was that that information was retained for as few as three days and not more than 30 days. 34 The Deputy President said that at the heart of Mr Grubb's submission was the proposition that if a person were to trawl through all of the data held by Telstra, the person would be able to identify Mr Grubb from it. An example given was the New York Times trawling through data released by AOL as anonymised search query logs, from which the New York Times was able to identify particular users from their searches. 35 The Deputy President set out all of the evidence that had been given. The evidence included the following from Telstra's General Manager of Complex Analysis and Investigations team, Mr Tracey. 36 Telstra stores mobile network data using approximately 13 different network assurance systems. These are designed for the purpose of monitoring and ensuring the operation of Telstra's network. There is a difference between Telstra's mobile network data and its billing systems. 37 As to the mobile network data, Telstra is able to identify different types of information by interrogating mobile network data (if the data is retained). Although this identification does not occur during normal business operations, these types of information include: (i) whether a particular call to a mobile device was unanswered; (ii) the reason why a particular call from a mobile device was diverted (eg the caller did not answer, was on another call, was out of coverage or declined the call); (iii) the number of characters in a particular SMS message sent or received by a mobile device; (iv) whether a particular call from a mobile device was to a prepaid mobile device; (v) whether a particular call from a mobile device was made using Telstra's 2G network, 3G network or 4G network, (vi) URLs involved in mobile data communications (eg a webpage reference); (vii) IP addresses allocated to mobile devices (ie the numerical identifier assigned to a mobile device that communicates with the Internet); and (viii) mobile cell location information beyond the mobile cell location information that Telstra retains for billing purposes. 38 Mr Tracey also gave detailed evidence about the process by which a customer's identity might be able to be ascertained from mobile network data which is retained, and if the transaction which records an IMSI number (a number allocated to a SIM card in a mobile phone) is identified. The process would require access to Telstra's subscriber database, its customer relationship management system, and its network assurance systems. It would have to be done by a process which included recursively reviewing historical network data and searching for a particular transaction. This is possible in theoretical terms but impossible in practical terms given the immense volume of data that would need to be recursively reviewed to identify the relevant transaction. 39 The Deputy President concluded (at [109]) that Telstra's mobile network data has two essential features: (i) it records transactions between mobile devices and Telstra's mobile network; and (ii) it establishes, maintains or disconnects connections between mobile devices and the destinations to which they communicate (eg another mobile, an internet location or a fixed service telephone). The Deputy President accepted that Telstra does not collect all the network data that is generated and, if it does collect it, it does not generally store the data for more than 30 days. However, the Deputy President concluded that if the data was retained it may be possible to identify a Telstra customer by reference to mobile network data together with other data ([111]). 40 After setting out all of the evidence and some authorities, the Deputy President explained that none of the authorities considered the "threshold question" which was raised by the definition of "personal information". The Deputy President said that the "starting point must be whether the information or opinion is about an individual. If it is not, that is the end of the matter and it does not matter whether that information or opinion could be married with other information to identify a particular individual" ([95]). Later, at [97], the Deputy President described the question of whether the information was "about an individual" as the "first step" with the second step being to ask whether the identity of that individual "...is apparent or can reasonably be ascertained, from the information or opinion". 41 The Deputy President considered the dictionary definition of "about" as meaning "concerning or relating to someone or something; on the subject of them or it" ([97]). She gave examples of numerous matters from the Explanatory Memorandum which accompanied the Privacy Bill 1988 (Cth) which concerned or related to an individual, and were therefore "about" the individual (eg physical description, residence, place of work, business activities, employment, occupation, investments and property holdings, relationships to others, recreational interests, political, philosophical or religious beliefs). 42 In submissions before this Court, the Privacy Commissioner relied on an early passage in the reasons of the Deputy President where she said that "[i]n deciding whether it is about that particular individual, [the organisation] will need to decide whether his or her identity is apparent, or can reasonably be ascertained, from the information or opinion" ([93]). The Privacy Commissioner submitted that this was the correct test. In other words, the question of "about an individual" was determined by the separate question of whether his or her identity is apparent, or can reasonably be ascertained, from the information or opinion. In the context of the whole of the Deputy President's reasons, this passage must be understood as saying that this separate question arises after deciding whether the information or opinion is about that particular individual. 43 The Deputy President gave a number of examples which were designed to illustrate the different degrees of connection between information and an individual. At some point, the connection will be so tenuous that the information will not be "about" the individual. As to Mr Grubb's mobile network data, the Deputy President concluded (at [112]) that: Had Mr Grubb not made the calls or sent the messages he did on his mobile device, Telstra would not have generated certain mobile network data. It generated that data in order to transmit his calls and his messages. Once his call or message was transmitted from the first cell that received it from his mobile device, the data that was generated was directed to delivering the call or message to its intended recipient. That data is no longer about Mr Grubb or the fact that he made a call or sent a message or about the number or address to which he sent it. It is not about the content of the call or the message. The data is all about the way in which Telstra delivers the call or the message. That is not about Mr Grubb. It could be said that the mobile network data relates to the way in which Telstra delivers the service or product for which Mr Grubb pays. That does not make the data information about Mr Grubb. It is information about the service it provides to Mr Grubb but not about him. 44 The Deputy President also concluded that information relating to the IP address allocated to a mobile device which Mr Grubb used was not "about" Mr Grubb ([113]). As she explained, an IP address is not allocated exclusively to a particular mobile device. The IP address might even change frequently in the course of a communication. For that reason, the Deputy President concluded that the connection between the person using a mobile device and an IP address was too ephemeral for the IP address to be "about" the individual. Instead, it was about the means by which data is transmitted from a person's mobile device over the internet and a message sent to, or a connection made, with another person's mobile device. 45 None of the conclusions in the two paragraphs above were challenged on this appeal.

The grounds of appeal 46 The Privacy Commissioner's grounds of appeal (in summary) were as follows: 1. The Tribunal erred by determining that it was required to answer a threshold question raised by the definition of "personal information" regarding whether information was "about an individual"… The parties had not identified this issue as one in dispute… 2. The Tribunal erred by misconstruing the expression "about an individual" in s 6 of the Privacy Act 1988 (Cth) by failing to consider whether the information in dispute related to or concerned the complainant. 3. The Tribunal erred by posing a test that it had to determine whether the information was about the complainant or about something else… 4. If the Tribunal had posed the correct test, it should have found that the information held by the Respondent was about the complainant because the information could be used to identify the complainant. 5. Having erroneously limited its inquiry to a threshold question, the Tribunal failed to determine the issues raised by the Respondent's application. 47 The fifth ground was subsequently abandoned (ts 58-59). 48 An appeal to this Court from the AAT can be brought on a question of law: s 44 of the Administrative Appeals Tribunal Act 1975 (Cth). It was common ground that the grounds of appeal raised questions of law as discussed below.

Ground 1: Did the AAT decide the application on a point not raised or in dispute between the parties? 49 Senior counsel for Telstra accepted that, before the AAT, Telstra had effectively conceded that the mobile network data that was sought was "about" Mr Grubb (ts 86). The issue had not been raised before the Privacy Commissioner and the concession was made by counsel for Telstra in written and oral submissions before the AAT. However, the Deputy President put the matter in issue during the course of the hearing. 50 During the hearing, the Deputy President asked counsel for Telstra about the concession (ts 80): DEPUTY PRESIDENT: Okay. Can I take you back a step. We're going - looking at whether identity is reasonably ascertained but have we thought about whether or not this information is about an individual? Because that's the first bit. COUNSEL: Yes, and I did --- DEPUTY PRESIDENT: It has got to be about an individual, and then you - when you have decided it's about an individual, it's whose identity is apparent, et cetera. COUNSEL: Yes. And I might not have made this clear, but I accept that it is information about Mr Grubb. DEPUTY PRESIDENT: Why would you accept that? COUNSEL: Put it this way. I'm dealing here with the question of mobile network data in relation to Mr Grubb's mobile telephone service. It's difficult for me to see how that could not be information about him. It's information about his service. 51 The Deputy President then used an example to explain to counsel one reason why she doubted the rationale behind Telstra making the concession. The example concerned taking her car in for a service. The service involves getting the motherboard changed, the reverse camera changed, and so on. She doubted whether information about getting the motherboard or reverse camera changed was information "about" her rather than information "about" what the mechanics do during the service. The point of the analogy, she explained, was to query whether the details of Telstra's service (the tower that they use etc) was "about" the customer. 52 Counsel for Telstra then said that "maybe the concession was too readily made. I mean, with respect, I can see the force in that analysis" (ts 81). Later he repeated that he considered that there was force in the analysis and that it was a "good analogy" (ts 82). 53 When counsel for the Privacy Commissioner addressed the AAT, she acknowledged that in order to complete her submissions it was necessary to make submissions about the words "about an individual". She described the ordinary meaning of "about" and submitted that it had a similar meaning to "relating to" (ts 110-111). Then counsel focused her submissions on the analogy given by the Deputy President concerning the service of a car (ts 111). 54 In the course of those submissions by the Privacy Commissioner, Mr Grubb said that he "wanted to reaffirm the fact that Telstra has already conceded that it is about an individual" (ts 113). The Deputy President correctly explained that whether or not a concession was made, the AAT was required to give the correct decision (ts 113): see Peacock v Repatriation Commission [2007] FCAFC 156; (2007) 161 FCR 256, 261-262 [23] (the Court); and Repatriation Commission v Warren [2008] FCAFC 64; (2008) 167 FCR 511, 529 [78] (Lindgren and Bennett JJ). 55 There was no suggestion that the Privacy Commissioner could have, or would have, done anything differently if the concession had not been made. Indeed, counsel for the Privacy Commissioner even admitted that she was not sure that it had been conceded (ts 113). The issue was a live question and there was no allegation of denial of natural justice nor did one occur. 56 Ground 1 must be dismissed.

Grounds 2, 3, and 4: The meaning of the expression "personal information about an individual" 57 Grounds 2, 3, and 4 each raise the same issue concerning the proper construction of National Privacy Principle 6.1 and whether the AAT applied the right test. 58 In Allianz Australia Insurance Ltd v GSF Australia Pty Ltd [2005] HCA 26; (2005) 221 CLR 568, 574-575 [12], McHugh J quoted from his decision in Kelly v The Queen [2004] HCA 12; (2004) 218 CLR 216 at 253 [103], saying: [T]he function of a definition is not to enact substantive law. It is to provide aid in construing the statute. Nothing is more likely to defeat the intention of the legislature than to give a definition a narrow, literal meaning and then use that meaning to negate the evident policy or purpose of a substantive enactment ... [O]nce ... the definition applies, ... the only proper ... course is to read the words of the definition into the substantive enactment and then construe the substantive enactment - in its extended or confined sense - in its context and bearing in mind its purpose and the mischief that it was designed to overcome. To construe the definition before its text has been inserted into the fabric of the substantive enactment invites error as to the meaning of the substantive enactment. ... [T]he true purpose of an interpretation or definition clause [is that it] shortens, but is part of, the text of the substantive enactment to which it applies. 59 When National Privacy Principle 6.1 in Sch 3 is read together with the definition of personal information, it reads as follows: If an organisation holds [personal information] information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion about an individual, it must provide the individual with access to the information on request by the individual, except to the extent that: … 60 The concept of "personal information" to which an organisation must provide an individual with access is very broad. It encompasses untrue information which is not recorded in any material form. It is, however, constrained by the requirements that: (i) it must be held by the organisation; (ii) it must be "about" the individual who requested access; and (iii) it must be about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. 61 It was assumed by the parties in this case that the "information" referred to in National Privacy Principle 6.1 is the totality of the information about the individual rather than each individual item of information or opinion. We are content to proceed on that assumption, with the qualification that the information must be requested by the individual. In other words, if an individual's request included information in Telstra's control which was stored across any of 13 databases held by Telstra (ts 18) then in determining whether the individual's "identity is apparent", or can reasonably be ascertained, from the information requested, it would be necessary to consider all of the information in totality. 62 The Privacy Commissioner submitted that if there is information from which an individual's identity could reasonably be ascertained, and that information is held by the organisation, then it will always be the case that the information is about the individual (ts 59). In other words, the words "about an individual" would "do no work" and have no substantive operation (ts 59). We do not accept this submission. Even if the words "about an individual" could be ignored in the definition so that the definition of "personal information" was concerned only with "information or an opinion … from which a person's identity is apparent …", the words are repeated separately in the remainder of National Privacy Principle 6.1. The repetition of the words means that they cannot be ignored. 63 The words "about an individual" direct attention to the need for the individual to be a subject matter of the information or opinion. This requirement might not be difficult to satisfy. Information and opinions can have multiple subject matters. Further, on the assumption that the information refers to the totality of the information requested, then even if a single piece of information is not "about an individual" it might be about the individual when combined with other information. However, in every case it is necessary to consider whether each item of personal information requested, individually or in combination with other items, is about an individual. This will require an evaluative conclusion, depending upon the facts of any individual case, just as a determination of whether the identity can reasonably be ascertained will require an evaluative conclusion. 64 In some instances the evaluative conclusion will not be difficult. For example, although information was provided to Mr Grubb about the colour of his mobile phone and his network type (3G), we do not consider that that information, by itself or together with other information, was about him. In other instances, the conclusion might be more difficult. Further, whether information is "about an individual" might depend upon the breadth that is given to the expression "from the information or opinion". In other words, the more loose the causal connection required by the word "from", the greater the amount of information which could potentially be "personal information" and the more likely it will be that the words "about an individual" will exclude some of that information from National Privacy Principle 6.1. 65 It is unnecessary in this case to descend to the detail of whether any of the requested information was "personal information" or not. Nor is it necessary to canvass the numerous hypothetical examples concerning whether information is "about" an individual or not. There was no ground of appeal which alleged that the AAT erred in its conclusion that none of the information was about Mr Grubb. In other words, the Privacy Commissioner did not seek to establish that any of the information was about Mr Grubb. The appeal was argued only at the high level of generality concerning whether the AAT was correct to give content to the words "about an individual". Our conclusion that those statutory words have content is therefore sufficient to dismiss this appeal. 66 Grounds 2, 3, and 4 must be dismissed.

The application by the prospective amici curiae for leave to file submissions 67 Prior to the hearing of this appeal, an application was filed on 19 July 2016 by the Australian Privacy Foundation and the New South Wales Council for Civil Liberties for leave to be heard as amici curiae. With the leave of the court, the prospective amici curiae filed written submissions upon which they proposed to rely. 68 The basis for the application by the prospective amici curiae was to put before the Court a range of international materials. The preamble to the Privacy Act recites that Australia is a party to the International Covenant on Civil and Political Rights (ICCPR) and has undertaken to adopt such legislative measures as may be necessary to give effect to the right of persons not to be subjected to arbitrary interference with their privacy, home or correspondence. The preamble to the Privacy Act also recites that the Council of the Organisation for Economic Co-operation and Development has recommended that member countries take into account in their domestic legislation the principles concerning the protection of privacy and individual liberties set forth in the Guidelines annexed to the recommendation. It recites that Australia has informed the Organisation that it will participate in the recommendation concerning those Guidelines. 69 However, the right of privacy in Art 17 of the ICCPR is not defined. Its content is not prescribed. Different state parties to the ICCPR have given different content to its terms. The same breadth of approach is taken in the Guidelines which provide (at [41]) that: The terms "personal data" and "data subject" serve to underscore that the Guidelines are concerned with physical persons. The precise dividing line between personal data in the sense of information relating to identified or identifiable individuals and anonymous data may be difficult to draw and must be left to the regulation of each Member country. In principle, personal data convey information which by direct (e.g. a civil registration number) or indirect linkages (e.g. an address) may be connected to a particular physical person. 70 In Purvis v New South Wales [2003] HCA 62; (2003) 217 CLR 92, 156 [206], Gummow, Hayne, and Heydon JJ said of the use of international instruments and legislation from other jurisdictions in relation to disability discrimination: Considerable care must be taken, therefore, before applying what has been said about either the aims or the effect of other forms of disability discrimination legislation from other jurisdictions to the construction of the Act. Even more care must be taken before adopting the necessarily general forms of aspirational, as distinct from normative, statements found in international instruments as an aid to resolving the particular questions of construction which now arise. Aspirational statements are commonly concerned to state goals, not to identify the particular methods by which the stated goals will be achieved. Those international instruments to which we were referred took this aspirational form. 71 There are real difficulties with the submissions upon which the prospective amici curiae sought to rely. A primary difficulty with the submissions from the prospective amici curiae was that the volume of overseas case law upon which they relied concerned legislation which was worded differently, and based upon a different context and background even though ultimately deriving from the same broadly worded international instruments. For instance, the prospective amici curiae referred to a range of European laws, decisions, and opinions. The relevant European framework is Directive 95/46/EC of the European Parliament and of the Council [1995] OJ L 281. That Directive defines personal data differently from the Privacy Act as "any information relating to an identified or identifiable natural person" (Art 2). More fundamentally, as Telstra submitted, Recital 27 of the Directive says that "this Directive covers only filing systems, not unstructured files … files or sets of files … which are not structured according to specific criteria, shall under no circumstances fall within the scope of this Directive". Telstra submitted that its files were of the nature of unstructured files. Another example is the reference by the prospective amici curiae to the decision of the United States Court of Appeals for the Second Circuit in American Civil Liberties Union v Clapper 785 F.3d 787 (2d Cir. 2015). That case concerned s 215 of the USA PATRIOT Act 2001 which enabled the Director of the FBI or his designee to "make an application for an order requiring the production of any tangible things … for an investigation to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities". The legislation is, again, plainly different from the Privacy Act. 72 To confuse matters further, there was dispute about whether some of the decisions relied upon by the prospective amici curiae stood for the propositions which the prospective amici curiae alleged. For instance, they relied upon a decision of the Conseil constitutionnel [French Constitutional Court] in decision nº 2009-580, 10 June 2009 (reported in JO, 13 June 2009, 9675) for the proposition that the Council had "found IP addresses to be personal data". Telstra submitted that the decision made no reference to IP addresses. 73 Another substantial difficulty with the proposed submissions by the prospective amici curiae is that the submissions rely heavily upon journal articles and non-judicial sources of evidence. None of those matters was the subject of evidence. Some raised issues which may have been contentious (such as the meaning of "database aggregation techniques", "data matching", and "data linking"). It was also unclear how any of those matters, even if introduced properly into evidence, had any bearing on the issues raised in this appeal. To reiterate: this appeal concerned only a narrow question of statutory interpretation which was whether the words "about an individual" had any substantive operation. It was not concerned with when metadata would be about an individual. 74 At first glance, the most relevant, indeed the only potentially relevant, authority relied upon by the prospective amici curiae was a decision of the Canadian Federal Court of Appeal in The Information Commissioner of Canada v The Executive Director of the Canadian Transportation Accident Investigation and Safety Board and NAV Canada [2007] 1 FCR 203; 2006 FCA 157. This decision was the subject of careful submissions by Telstra although it was mentioned only in a footnote by the prospective amici curiae. 75 The appeal in The Information Commissioner of Canada case concerned refusals by the Canadian Transportation Accident Investigation and Safety Board to disclose records of air traffic control communications concerning four aviation incidents. The Federal Court had dismissed an application for judicial review that had been brought under s 42(1)(a) of the Canadian Access to Information Act 1985. The Access to Information Act exempted from disclosure any "personal information" as that term was defined in s 3 of the Canadian Privacy Act 1985 to mean "information about an identifiable individual that is recorded in any form including, without restricting the generality of the foregoing [nine enumerated subparagraphs]…". However, the section continued, saying that for the purposes of the relevant provision of the Access to Information Act, personal information did not include various matters such as "information about an individual who is or was an officer or employee of a government institution that relates to the position or functions of the individual including [various enumerated matters]". 76 The appeal from the Federal Court was allowed because the information was not "personal information". The reasons for decision were given by Desjardins JA (with whom Richard CJ and Evans JA agreed). Her Honour explained that the word "about" (or "concernant") should be considered first. She said that the word "about" sheds little light on the nature of the information which relates to the individual other than that information recorded in any form is relevant if (i) it is "about" an individual, and (ii) it permits or leads to the possible identification of the individual ([43]). Her Honour held that the information may have the effect of permitting or leading to the identification of a person ([54]). However, she concluded (at [53]) that: The information at issue is not "about" an individual … the content of the communications is limited to the safety and navigation of aircraft, the general operation of the aircraft, and the exchange of messages on behalf of the public. They contain information about the status of the aircraft, weather conditions, matters associated with air traffic control and the utterances of the pilots and controllers. These are not subjects that engage the right of privacy of individuals. 77 Hence, the conclusion reached was that even the utterances of the pilots and controllers, which might identify individuals, were not matters "about" the individuals. 78 The provisions in the Canadian legislative regime considered in The Information Commissioner of Canada case are substantively different from those in the Australian regime. The Canadian regime is concerned to protect from disclosure the personal information about an individual in order to preserve the privacy of the individual: H J Heinz Co of Canada Ltd v Canada (Attorney General) [2006] 1 SCR 441; 2006 SCC 13 [26] (Binnie, Deschamps, Fish and Abella JJ). The Canadian regime is also influenced by provisions of the Canadian Charter of Rights and Freedoms. However, to the extent that the regime also had a foundation in the ICCPR, it illustrates that the words "about an individual" can be words of real content. 79 The application by the amici curiae is dismissed.

Conclusion 80 The only issue raised by this appeal was whether the words "about an individual" in National Privacy Principle 6.1, as that principle was incorporated into the Privacy Act at the relevant time, had any substantive effect. We have concluded that they did. No issue was raised on this appeal concerning their application to the facts. Indeed, it was difficult at times to discern the purpose of the appeal. Even if the Privacy Commissioner had been successful, the order sought was to have the matter remitted for determination by the AAT (without regard to any restriction that the information must be "about an individual"). But, even assuming that transitional provisions in the Privacy Act would permit the AAT to determine the remitted application by reference to the relevant provisions as they stood at the time of the initial hearing, there is doubt concerning whether any of the information which Mr Grubb sought still exists. The Privacy Commissioner submitted that a remitted hearing might be conducted on the basis of any new information that now exists, and that there might also be utility in a declaration concerning information which no longer exists. In light of the conclusions we have reached it is unnecessary to consider these issues save to say that this appeal was not one in which the utility of the orders sought by the Privacy Commissioner was obvious. 81 The appeal should be dismissed with costs. I certify that the preceding seventy-seven (77) numbered paragraphs are a true copy of the Reasons for Judgment herein of the Honourable Justices Kenny and Edelman.

Privacy Act 1988(Cth)ss 6, 6C, 13A, 16A(1), 16A(2), 36(1), 36(7), 40(1), 40(1A), 52

At a glance

Court

Decision date

Before

Catchwords

Source

Catchwords

Judgment (12 paragraphs)

Parties

Legislation Cited (2)

Cases Cited (11)

Cited By (17)