Telecommunications regulators

71.120 Several bodies are involved in the regulation of the telecommunications industry. ACMA is a statutory authority[139] with specific regulatory powers conferred on it by a number of Acts, including the Telecommunications Act and the Telecommunications (Consumer Protection and Service Standards) Act 1999 (Cth). The TIO is an industry body that investigates and determines complaints by users of carriage services,[140] including complaints about privacy.[141] The OPC deals with complaints of interference with privacy in the telecommunications industry. The various issues raised by the involvement of multiple regulators in the telecommunications industry are considered in more detail in Chapter 73. This chapter considers some of the functions of the OPC and ACMA under the Telecommunications Act.

Codes and standards

71.121 Under ss 117 and 134 of the Telecommunications Act, the Privacy Commissioner must be consulted about industry codes and standards that deal with privacy issues. In 2006–07, the Privacy Commissioner provided advice in respect of eight codes being developed pursuant to the Telecommunications Act.[142] The Privacy Commissioner must also be consulted:

  • before ACMA takes certain steps to promote compliance with an industry code relating to a matter dealt with by the NPPs or an approved privacy code;[143] and

  • about the way in which law enforcement bodies certify that disclosure of telecommunications information is reasonably necessary for the enforcement of the criminal law.[144]

71.122 Communications Alliance has developed a number of codes under Part 6 of the Telecommunications Act which contain privacy provisions or references to relevant privacy legislation.[145] In order to minimise confusion and duplication for the telecommunications sector, Communications Alliance has finalised and published a single code that captures the majority of its consumer industry codes, and has submitted it to ACMA.[146]

71.123 The OPC submitted that Part 6 of the Telecommunications Act does not define clearly the Privacy Commissioner’s powers to comment on whether a code derogates from the Privacy Act. In addition, the Telecommunications Act does not appear to provide that the Privacy Commissioner must be satisfied with a code before it is registered. The OPC believes that these provisions should be strengthened. For example, s 117 should provide specifically for the Privacy Commissioner to state whether, in his or her opinion, the proposed code ‘derogates’ materially from the provisions of the Privacy Act.

71.124 In DP 72, the ALRC did not propose any major amendments to the code provisions under the Telecommunications Act. Part 6 of the Telecommunications Act should be considered as part of the recommended review of telecommunications regulation.[147] The ALRC did express the view, however, that the provisions relating to the OPC’s role in the development of industry codes and standards should be strengthened. The ALRC therefore proposed that:

  • s 117(1)(k) of the Telecommunications Act should be amended to provide that ACMA can register a code that deals directly or indirectly with a matter dealt with by the Privacy Act, or an approved privacy code under the Privacy Act, only if it has consulted with the Privacy Commissioner, and has been advised in writing by the Privacy Commissioner that he or she is satisfied with the code; and

  • s 134 of the Telecommunications Act should be amended to provide that ACMA can determine, vary or revoke an industry standard that deals directly or indirectly with a matter dealt with by the Privacy Act, or an approved privacy code under the Privacy Act, only if it has consulted with the Privacy Commissioner, and has been advised in writing by the Privacy Commissioner that he or she is satisfied with the standard.[148]

Submissions and consultations

71.125 A number of stakeholders supported the proposals.[149] The DBCDE submitted that it is arguable that the proposals only formalise current arrangements and do not extend the Privacy Commissioner’s powers.[150] The Department also submitted however, that primary responsibility for deciding whether to make, vary or revoke a standard should remain with ACMA, and that it is inappropriate for the Privacy Commissioner to have a power of veto over an important aspect of telecommunications administration. [151]

71.126 ACMA submitted that the proposed amendments to ss 117(1)(k) and 134 were unnecessary. It noted, however, that if it is considered appropriate to proceed with the proposals, the amendments should be narrowed to apply only in the circumstances where the Privacy Commissioner is dissatisfied because of a derogation of the requirements of the Privacy Act.[152]

71.127 One telecommunications commentator supported the proposals, but submitted that:

  • s 117 also should provide specifically for the Privacy Commissioner to state if, in his or her opinion, the proposed code materially ‘derogates’ from the provisions of the Privacy Act; and

  • ACMA should not be able to deregister a code that deals with privacy matters unless it has consulted with the Privacy Commissioner, and has been advised in writing by the Privacy Commissioner that he or she is satisfied that deregistering the code will not result in the relevant sector of the telecommunications industry being less adequately regulated in relation to privacy protection requirements than while the Code was in force.[153]

ALRC’s view

71.128 The Telecommunications Act should provide for a more formal process for ACMA to consult with the OPC when registering codes, or determining or varying industry standards. In the ALRC’s view, ACMA should continue to have primary responsibility for the development of codes and industry standards. The ALRC therefore recommends that the Privacy Commissioner’s view should be taken into account by ACMA when registering a code, or determining or varying an industry standard; but the Privacy Commissioner should not have a power to veto the registration of a code or the determination or variation of an industry standard.

71.129 ACMA should not be able to revoke an industry standard that deals directly or indirectly with a matter dealt with by the Privacy Act, or an approved privacy code under the Privacy Act, unless it has consulted with the Privacy Commissioner. Consultation on the revocation of codes and industry standards should be included in the memorandum of understanding between the Privacy Commissioner and ACMA recommended in Chapter 73.

Recommendation 71-5 Section 117(1)(k) of the Telecommunications Act 1997 (Cth) should be amended to provide that the Australian Communications and Media Authority cannot register a code that deals directly or indirectly with a matter dealt with by the Privacy Act, or an approved privacy code under the Privacy Act, unless it has consulted with, and taken into consideration any comments or suggested amendments of, the Privacy Commissioner.

Recommendation 71-6 Section 134 of the Telecommunications Act 1997 (Cth) should be amended to provide that the Australian Communications and Media Authority cannot determine or vary an industry standard that deals directly or indirectly with a matter dealt with by the Privacy Act, or an approved privacy code under the Privacy Act, unless it has consulted with, and taken into consideration any comments or suggested amendments of, the Privacy Commissioner.

Reporting

71.130 Part 13 of the Telecommunications Act requires carriers, carriage service providers and number-database operators to create records of certain disclosures of protected information.[154] These records must be provided to ACMA at the end of each financial year.[155] The Privacy Commissioner monitors compliance with the record-keeping requirements under the Act.[156]

71.131 The OPC stated that it understands that only one reason need be recorded for the disclosure and suggested that the ALRC consider whether, where there is more than one applicable reason for the disclosure, it would be appropriate for each reason to be recorded.[157] The OPC also noted that participants in the telecommunications industry are not required to report disclosures of information if the disclosure is: in the performance of a person’s duties; to the Australian Security Intelligence Organisation (ASIO); for certain purposes relating to the IPND; by implicit consent of sender and recipient of the communication; or for business needs.[158] The OPC advised that, as part of an enhanced audit and monitoring program over the next few years, the OPC will consider monitoring the record keeping aspects of relevant disclosures.[159]

71.132 In DP 72, the ALRC proposed that s 306 of the Telecommunications Act should be amended to provide that each exception upon which a decision to disclose information or a document is based is to be recorded when that decision is based on more than one of the exceptions in Divisions 3 or 4 of Part 13 of the Act.[160]

Submissions and consultations

71.133 Optus and the OPC supported the proposal.[161] Optus noted that it already reports single disclosures based on multiple exceptions without inaccurately reporting on the number of disclosures.[162] The Australian Privacy Foundation submitted that it supported the proposal for additional record-keeping, but there also needs to be an express requirement for public reporting of the use of the various exceptions.[163]

71.134 One telecommunications commentator supported the proposal, but submitted that it was unclear under the ALRC’s proposals whether the additional information must be reported to ACMA or only recorded by the telecommunications service provider. She also noted that ACMA has been making disclosure statistics publicly available in it’s a annual reports for a number of years, but noted that the Telecommunications Act does not require ACMA to issue public reports in that regard. She submitted that s 308 should be amended to ensure that future ACMA management cannot decide simply to cease making such information publicly available.[164]

71.135 Telstra objected to the proposal. In Telstra’s view, the proposal is unnecessary and only creates additional compliance costs.

The ALRC proposes that each exception relied upon for a decision to disclose information should be recorded. In reality, however, disclosures are only ever made under a specific exception in Part 13, rather than under a number of exceptions.

71.136 Telstra also submitted that there is no regulatory benefit in recording all possible exceptions under which a disclosure could have been made, when in reality it was made under one particular exception. The rationale for the recording obligation is that the regulator can audit the records and ascertain whether the disclosure practice of the carrier or carriage service provider has been adequate. Telstra submitted that it is difficult to see how an additional record that the disclosure in question could also have been made under another exception would further this regulatory objective.[165]

71.137 ACMA and the DBCDE questioned whether the benefits of enhanced information relating to disclosure are significant, and suggested that such a proposal would result in an unjustified cost for industry.[166]

ALRC’s view

71.138 Telecommunications service providers should report on when they disclose information pursuant to one of the exceptions in Part 13. Each exception upon which a decision to disclose information or a document is based, however, does not need to be recorded when that decision is based on more than one of the exceptions in Part 13 of the Act. The ALRC notes that disclosures are not made under a number of exceptions in Part 13. The ALRC also accepts that there is little regulatory benefit in recording all possible exceptions under which a disclosure could have been made, when in reality the disclosure was made under one particular exception.

71.139 The ALRC does not recommend that the Telecommunications Act should be amended to provide that ACMA must include the information reported by telecommunications service providers under s 308 of the Act in its annual report. The ALRC notes that ACMA currently publishes this information in its annual report. The publication of this information is desirable as it promotes transparency and accountability, however, no case for a legislative requirement in this regard has been made out. If ACMA ceases to make this information publicly available, a legislative amendment could be considered.

[139]Australian Communications and Media Authority Act 2005 (Cth) s 8(1).

[140]Telecommunications (Consumer Protection and Service Standards) Act 1999 (Cth) s 128(4).

[141]Telecommunications Industry Ombudsman Constitution, 20 May 2006, cl 4.1.

[142] Office of the Victorian Privacy Commissioner, Annual Report 2006–07 (2007), [1.7.3].

[143]Telecommunications Act 1997 (Cth) ss 121, 122.

[144] Ibid s 282(8).

[145] See, eg, Australian Communications Industry Forum, Industry Code—Calling Number Display, ACIF C522 (2003); Australian Communications Industry Forum, Industry Code—Handling of Life Threatening and Unwelcome Calls Industry Code, ACIF C525 (2006); Australian Communications Industry Forum, Industry Code—Credit Management, ACIF C541 (2006); Australian Communications Industry Forum, Industry Code—Billing Industry Code, ACIF C542 (2003); Australian Communications Industry Forum, Industry Code—Priority Assistance for Life Threatening Medical Conditions Industry Code, ACIF C609 (2007); Australian Communications Industry Forum, Integrated Public Number Database (IPND) Data Provider, Data User and IPND Manager, ACIF C555 (2002); Australian Communications Industry Forum, Industry Code—Complaint Handling Industry Code, ACIF C547 (2004).

[146]Communications Alliance Ltd, Submission PR 439, 10 December 2007.

[147] Rec 71–2.

[148]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Proposals 63–12, 63–13.

[149]Australian Privacy Foundation, Submission PR 553, 2 January 2008; Optus, Submission PR 532, 21 December 2007; Office of the Privacy Commissioner, Submission PR 499, 20 December 2007.

[150]Australian Government Department of Broadband‚ Communications and the Digital Economy, Submission PR 512, 21 December 2007.

[151]Ibid.

[152]Australian Communications and Media Authority, Submission PR 522, 21 December 2007.

[153]I Graham, Submission PR 427, 9 December 2007.

[154]Telecommunications Act 1997 (Cth) s 306. Since the release of DP 72, the Telecommunications (Interception and Access) Amendment Act 2007 (Cth) amended the Telecommunications Act 1997 (Cth) so that carriers, carriage service providers and number-database operators are required to create records of certain disclosures under the Telecommunications (Interception and Access) Act 1979 (Cth): s 306A.

[155]Telecommunications Act 1997 (Cth) s 308.

[156] Ibid s 309.

[157] Office of the Privacy Commissioner, Submission PR 215, 28 February 2007.

[158]Telecommunications Act 1997 (Cth) s 306(1)(b).

[159] Office of the Privacy Commissioner, Submission PR 215, 28 February 2007.

[160]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Proposal 63–14.

[161]Optus, Submission PR 532, 21 December 2007; Office of the Privacy Commissioner, Submission PR 499, 20 December 2007.

[162]Optus, Submission PR 532, 21 December 2007.

[163]Australian Privacy Foundation, Submission PR 553, 2 January 2008.

[164]I Graham, Submission PR 427, 9 December 2007.

[165]Telstra Corporation Limited, Submission PR 459, 11 December 2007.

[166]Australian Communications and Media Authority, Submission PR 522, 21 December 2007; Australian Government Department of Broadband‚ Communications and the Digital Economy, Submission PR 512, 21 December 2007.