Phone call metadata is personal information and must be treated as such (including right of access), Australian Privacy Authority rules

On May 1, 2015, the Australian Privacy Commissioner ruled that phone call metadata is ‘personal information’ and therefore access rights apply.

A data subject requested access to all his metadata information that Telstra, Australian telecom company, had stored about him in relation to his mobile phone service, including (but not limited to) cell tower logs, inbound call and text details, duration of data sessions and telephone calls and the URLs of visited websites.

Telstra notified the data subject that he could access outbound mobile call details and the length of his data usage sessions via online billing. Due to privacy laws it was unable to provide information regarding location and details of the numbers that called and sent SMS to his mobile phone service.

The data subject logged a complaint with the competent Australian privacy authority, which had to decide whether the complainant’s metadata held by the carrier amount to personal information, and if so, whether it had been improperly withheld from the complainant in breach of the applicable privacy laws.

The Commissioner held that they were metadata allowing one’s identity to reasonably be ascertained. Therefore, metadata must be considered as “personal information” under the applicable privacy laws. The Australian Privacy Commissioner ruled that the carrier breached the applicable privacy laws by failing to provide the data subject with access to his personal information. It ordered Telstra to provide a free-of-charge access to the following information of the data subject: IP, URL, and cell tower location.

Ben Grubb and Telstra Corporation Limited [2015] AICmr 35 (1 May 2015) is available at… Open Pdf 

More information is available at…

Follow us on& Like us on