An Australian court has ruled your metadata is not personal information

Photo: iStock.

The Australian Privacy Commissioner’s quest to have telecommunications metadata classified as personal has come to an abrupt halt, with the full bench of the Federal Court ruling against the organisation.

Metadata – which includes information such as the location, destination, timing and duration of mobile calls and text messages – is collected by all Australian telecommunications companies and is given to law enforcement agencies upon request.

The case originated from a 2013 request by former Fairfax journalist Ben Grubb to test access to his own metadata from his telecommunications supplier Telstra. The company handed over some, but not all the information, arguing that the customer does not have a right to access the data in its entirety.

This week’s Federal Court decision brings victory to Telstra and the Administrative Appeals Tribunal, which had previously ruled that the data relates to the communications service, and is not about Grubb himself.

Privacy Commissioner Timothy Pilgrim has always disagreed with this interpretation, as he sees metadata as capable of identifying individuals and thus should fall under the Privacy Act. The act provides individuals with certain rights over the data — including access.

The Office of the Australian Information Commissioner, which includes the privacy commissioner, brought the Grubb case to the Federal Court in January last year, with Pilgrim in May saying the decision would define “arguably the most important term in the Privacy Act”.

“I firmly believe that clarity and certainty around the definition are critical to operation of the Act and to the fair and reasonable expectations of any business or agency that is required to be accountable to it,” he said at the time.

In response to the Federal Court dismissing the case, OAIC declined to comment other than to say it is “currently considering the decision”.

Grubb thanked the Privacy Commissioner for pushing his case through the courts.

“At first, Telstra refused me access to information beyond my billing information. They then provided further information, but not all of what I was requesting. Wednesday’s decision means that I won’t be provided with that further information, which included, among other information: IP addresses, URLs, and specific cell tower location information.”

Under federal legislation introduced in 2015, telecommunications companies are required to keep a customer’s metadata for a minimum of two years. Grubb said he was relieved that the federal government wrote into that law that people have the same access rights as law enforcement organisations.

“The point of this case was to get my telco to hand over what they were already providing to law-enforcement agencies on a case-by-case basis. In effect, the case achieved most of this, with Telstra eventually allowing consumers to access a lot of what they had on file about their users.”