Communications and ‘telecommunications data’

73.24 The Telecommunications (Interception and Access) Act regulates ‘communications’, ‘stored communications’ and ‘telecommunications data’. As noted above, it is possible that this information could constitute ‘personal information’ for the purposes of the Privacy Act.

73.25 The Telecommunications (Interception and Access) Act defines ‘communications’ as including a conversation and a message, and any part of a conversation or message, whether in the form of: speech, music or other sounds; data; text; visual images, whether or not animated; signals or in any other form or in any combination of forms.[43] A ‘stored communication’ is defined as a communication that: is not passing over a telecommunications system; is held on equipment that is operated by, and is in the possession of, a carrier; and cannot be accessed on that equipment, by a person who is not a party to the communication, without the assistance of an employee of the carrier.

73.26 Chapter 4 of the Telecommunications (Interception and Access) Act regulates access to ‘telecommunications data’, but does not set out a definition of ‘telecommunications data’. Chapter 4, like the exceptions under Part 13 of the Telecommunications Act, authorise access to ‘information or a document’.[44] ‘Telecommunications data’, therefore, would be either information or a document.

73.27 The Explanatory Memorandum to the Telecommunications (Interception and Access) Amendment Bill 2007 that introduced Chapter 4 provides that:

Telecommunications data is information about a telecommunication, but does not include the content or substance of the communication. Telecommunications data is available in relation to all forms of communications, including both fixed and mobile telephony services and for internet based applications including internet browsing and voice over internet telephony.

For telephone-based communications, telecommunications data includes subscriber information, the telephone numbers of the parties involved, the time of the call and its duration. In relation to internet based applications, telecommunications data includes the Internet Protocol (IP) address used for the session and the start and finish time of each session.[45]

73.28 Submissions to the Senate Legal and Constitutional Affairs Committee Inquiry into the provisions of the Telecommunications (Interception and Access) Amendment Bill 2007 raised concerns about the meaning of ‘telecommunications data’.[46]

73.29 In DP 72, the ALRC noted that in light of the recent Senate Committee Inquiry, it did not propose to conduct another detailed study of the Telecommunications (Interception and Access) Amendment Bill 2007. The ALRC noted, however, that it shared a number of the concerns raised in submissions to the Senate Committee Inquiry. The ALRC asked whether the Telecommunications (Interception and Access) Amendment Bill 2007 (as it was then known) should be amended to define ‘telecommunications data’.[47]

Submissions and consultations

73.30 A number of stakeholders supported amending the Telecommunications (Interception and Access) Act to define ‘telecommunications data’.[48] For example, the Office of the Victorian Privacy Commissioner (OVPC) submitted that the term should be defined to at least clarify whether specific technologies are included in the term.[49]

73.31 The Law Council of Australia noted the definition in the Explanatory Memorandum to the Telecommunications (Interception and Access) Amendment Bill 2007 that ‘telecommunications data’ is ‘information about a telecommunications, but does not include the contents or substance of the communication’. The Law Council submitted that this definition is workable to the extent that there is a distinction between the ‘contents or substance’ of a communication, and all other information about the communication. The Law Council suggested, however, that such a distinction cannot be drawn. The Law Council submitted that it is important to set out in positive terms exactly what type of personal information falls within the meaning of ‘telecommunications data’.[50]

73.32 Other stakeholders did not support defining ‘telecommunications data’. The Attorney-General’s Department (AGD) submitted that the exclusion of an exhaustive definition for telecommunications data is consistent with the technology-neutral language of the Telecommunications (Interception and Access) Act. The AGD also noted that it provides guidance to agencies and carriers regarding these issues, both generally and on a case-by-case basis.[51]

ALRC’s view

73.33 The ALRC does not recommend amending the Telecommunications (Interception and Access) Act to define ‘telecommunications data’. The exclusion of a definition enables the legislation to remain technology neutral so that it can be applied to new developments in technology without the need for amendment. This approach is consistent with the technology-neutral approach of the Privacy Act,[52] and Part 13 of the Telecommunications Act.

73.34 There should be more guidance, however, about what is meant by ‘telecommunications data’. Provision of this information to ASIO and enforcement agencies is a significant invasion of privacy. Telecommunications data allows agencies to monitor when, how and with whom an individual communicates; what websites they access; and, in the case of mobile phones, an individual’s location. Intelligence and law enforcement agencies, telecommunications service providers, regulators, other oversight bodies (such as the Inspector-General of Intelligence and Security (IGIS)), and the community should have a clear understanding, therefore, about what information may be disclosed under these laws.

73.35 Below the ALRC recommends that the AGD should develop and, where appropriate, publish guidance on the interception and access of information under the Telecommunications (Interception and Access) Act. This guidance should address what the term ‘telecommunications data’ means in various contexts.[53]

[43]Telecommunications (Interception and Access) Act 1979 (Cth) s 5.

[44] See, eg, Ibid s 175. The information regulated under Part 13 is discussed in detail in Ch 71.

[45]Explanatory Memorandum, Telecommunications (Interception and Access) Amendment Bill 2007 (Cth), 6.

[46] Parliament of Australia—Senate Legal and Constitutional Affairs Committee, Telecommunications (Interception and Access) Amendment Bill 2007 (2007), [3.11]–[3.16]. See also Parliament of Australia—Senate Legal and Constitutional Affairs Committee, Telecommunications (Interception and Access) Amendment Bill 2007 (2007), Minority Report by the Australian Democrats.

[47]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Question 63–2(a).

[48]Australian Privacy Foundation, Submission PR 553, 2 January 2008; Office of the Privacy Commissioner, Submission PR 499, 20 December 2007; I Graham, Submission PR 427, 9 December 2007.

[49]Office of the Victorian Privacy Commissioner, Submission PR 493, 19 December 2007.

[50]Law Council of Australia, Submission PR 527, 21 December 2007.

[51]Australian Government Attorney-General’s Department, Submission PR 546, 24 December 2007.

[52] See Ch 10.

[53] Rec 73–5.