Implicit consent

72.101 Section 290 of the Telecommunications Act provides that the use or disclosure by a person of information is permitted if the information relates to the contents of a communication made by another person, and having regard to all the relevant circumstances, it might reasonably be expected that the sender and the recipient of the communication would have consented if they had been aware of the use or disclosure. The Explanatory Memorandum to the Telecommunications Bill 1996 (Cth) states that this exception is intended to allow disclosure of public communications, for example, where a carrier discusses the content of an online bulletin board, or the content of a pay-television program carried on a cable network.[89]

72.102 In DP 72, the ALRC noted that stakeholders had expressed concerns that this exception may lower the threshold of privacy protection in the telecommunications sector;[90] and that the scope of the exception is unclear and does not protect adequately personal information of third parties referred to in a communication.[91] The ALRC expressed the preliminary view that the provision should be amended to clarify that it relates only to public communications. The ALRC noted, however, that it was interested in stakeholder’s views on how the provision could be clarified.[92]

Submissions and consultations

72.103 A number of stakeholders supported the ALRC’s preliminary view that s 290 should be amended to clarify that it relates only to public communications.[93] The Australian Privacy Foundation supported this view, but noted that, in the absence of detailed statistics about the use of this exception, it is impossible to tell if it is being abused. The Foundation submitted that there should be a requirement for public reporting of the use of the exception.[94]

72.104 Other stakeholders submitted that the exception was not resulting in inappropriate disclosures and was necessary. For example, Optus submitted that s 290 is necessary to allow a telecommunications service provider passing a call to another carriage service provider to allow a call to be terminated. For example, information will need to be passed to another network to permit the termination of a call that originates on the Optus network and terminates on a Vodafone mobile network or an international carrier network.[95]

72.105 Telstra submitted that this exception is required so that the ‘forwarding’ of emails and short message services (SMS), which may result in a disclosure of personal information of the original sender, is not prohibited. Telstra noted that, while there is an argument that it is the forwarder of the message who discloses the information and not the telecommunications service provider, s 290 puts it beyond doubt that telecommunications service providers have no liability for providing these types of services.[96]

ALRC’s view

72.106 The intent of s 290, as expressed in the Explanatory Memorandum to the Telecommunications Bill 1996, is not reflected clearly in the wording of the section. The ALRC is concerned that this lack of clarity may lower the threshold of privacy protection in the telecommunications sector, and does not protect adequately personal information of third parties referred to in a communication. The provision should be amended to clarify that it relates only to public communications.

72.107 Stakeholders argued that this exception is required in its current form for a range of activities that do not relate to public communications. The ALRC has concluded, however, that an amendment to clarify that s 290 relates only to public communications would not prevent these activities, as they are permitted under other exceptions under Part 13 of the Telecommunications Act.

72.108 For example, the need to terminate calls that originate on one network and terminate on another would be permitted under s 291 of the Telecommunications Act. Telecommunications service providers would not have to rely on s 290 to use and disclose information to diagnose or rectify service problems, as this is clearly permitted under ss 279, 289 and 296 of the Telecommunications Act. Further, the access of communications for the purposes of maintenance of a telecommunications system is provided for under the Telecommunications (Interception and Access) Act.[97]

72.109 The ALRC acknowledges stakeholder concerns that a telecommunications service provider could be held liable under the Telecommunications Act for forwarded emails and SMS which may result in the disclosure of personal information of the original sender.

72.110 Part 13 of the Telecommunications Act protects information and documents that come to a telecommunications service provider’s knowledge or possession.[98] While a forwarded email or SMS will rarely come to the knowledge of a telecommunications service provider, the communication may come into a telecommunications service provider’s possession. Further, the exception under s 290 would not apply where it could not reasonably be expected that the original sender would have consented to the forwarding of an SMS or email. It is therefore arguable that a telecommunications service provider could be held liable under the Telecommunications Act for forwarded emails and SMS which may result in the disclosure of personal information of the original sender.

72.111 It is highly unlikely, however, that a telecommunications service provider would be held liable under the Telecommunications Act for this disclosure. It is the forwarder of this information that discloses the information, not the telecommunications service provider. It could also be argued that Part 13 implies that a telecommunications service provider would not breach the offence provisions merely by providing a telecommunications service that enabled the email or SMS to be forwarded. To interpret Part 13 otherwise would require a telecommunications service provider to monitor communications to ensure that they would not result in the unlawful disclosure of information or a document. This result would be both inappropriate and impractical.

72.112 Further, it will be impossible for a telecommunications service provider to ensure that the carriage of every communication that passes over its network does not breach Part 13 of the Telecommunications Act or the Privacy Act. Telecommunications service providers do not have knowledge or control of every communication that passes over a telecommunications network.

72.113 A number of federal, state and territory laws address this issue. For example, s 112 of Copyright Act 1968 (Cth) provides that:

A person (including a carrier or carriage service provider) who provides facilities for making, or facilitating the making of, a communication is not taken to have authorised any infringement of copyright in an audio-visual item merely because another person uses the facilities so provided to do something the right to do which is included in the copyright.

72.114 The Spam Act provides that a person must not send certain commercial electronic messages.[99] Section 9 of the Spam Act provides that for the purposes of the Act, a person does not ‘send’ an electronic message, or cause an electronic message to be sent, merely because the person supplies a carriage service that enables the message to be sent.

72.115 Section 32 of the Defamation Act 2005 (NSW) provides it is a defence to the publication of defamatory matter if:

  • the defendant published the matter merely in the capacity, or as an employee or agent, of a ‘subordinate distributor’ (a ‘subordinate distributor’ includes an operator of, or a provider of access to, a communications system by means of which the matter is transmitted, or made available, by another person over whom the operator or provider has no effective control);

  • the defendant neither knew, nor ought reasonably to have known, that the matter was defamatory; and

  • the defendant’s lack of knowledge was not due to any negligence on the part of the defendant.

72.116 As noted above, it is highly unlikely that a telecommunications service provider would be held liable under the Telecommunications Act for forwarded emails and SMS which may result in the disclosure of personal information of the original sender. In the interest of certainty, however, the ALRC sees merit in amending Part 13 of the Telecommunications Act to provide that a telecommunications service provider is not liable for certain uses and disclosures merely because the provider supplies a service that enables the information to be sent.

72.117 For example, the Telecommunications Act could be amended to provide that a telecommunications service provider is not liable under Part 13 of the Telecommunications Act if:

  • the provider disclosed information or a document merely because the provider supplies a service that enabled the information or document to be sent;

  • the provider neither knew, nor ought reasonably to have known, that the disclosure of the information or document would have resulted in a breach of Part 13 of the Telecommunications Act; and

  • the provider’s lack of knowledge was not due to any negligence on the part of the provider.

72.118 This amendment could be considered as a consequential amendment if the ALRC’s recommendation to amend s 290 to clarify that the section relates only to public communications is implemented.

[89] Explanatory Memorandum, Telecommunications Bill 1996 (Cth), vol 2, 10. See also Australian Communications Industry Forum, Industry Code—Protection of Personal Information of Customers of Telecommunications Providers, ACIF C523 (1999), 21.

[90] Office of the Privacy Commissioner, Submission PR 215, 28 February 2007.

[91] Electronic Frontiers Australia Inc, Submission PR 76, 8 January 2007.

[92]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Question 63–3.

[93]Australian Government Department of Broadband‚ Communications and the Digital Economy, Submission PR 512, 21 December 2007; Office of the Privacy Commissioner, Submission PR 499, 20 December 2007.

[94]Australian Privacy Foundation, Submission PR 553, 2 January 2008. See also I Graham, Submission PR 427, 9 December 2007.

[95]Optus, Submission PR 532, 21 December 2007.

[96]Telstra Corporation Limited, Submission PR 459, 11 December 2007.

[97]Telecommunications (Interception and Access) Act 1979 (Cth) ss 7 and 108.

[98] See, eg, Telecommunications Act 1997 (Cth) s 276(1)(b).

[99]Spam Act 2003 (Cth) s 16. The Spam Act is discussed in Ch 73.