A journalist has won a landmark ruling to have Australia’s national telecommunications company (telco) hand over the metadata it holds on him, potentially compromising the way marketers will be able to use data in the future.
The test case between Fairfax’s technology editor Ben Grubb and Australian telecom giant Telstra, highlights the grey areas of Australia’s privacy laws, especially the lack of clarity around the definition of “metadata” and what constitutes personal information, says Jodie Sangster, chief executive (CEO) for the Association for Data-Driven Marketing and Advertising.
“My concern is that the lack of clarity stifles innovation – companies don’t know how it is applied and if they can use the data in new ways to fuel business,” says Sangster.
As a result, they will err on the side of caution, she says.
The Australian privacy commissioner, Timothy Pilgrim, ruled metadata as “personal.”
“The question in this complaint is whether the complainant’s metadata held by Telstra constitutes personal information, and if so, whether it has been improperly withheld from the complainant in breach of NPP 6.1,” the report says.
The ruling this week again brings into question what constitutes “metadata” and what metadata is deemed private.
“To make a ruling that generally comes down to metadata, does not take into account the different types of metadata, for example, what is identified as an individual’s information, when it is personal information, and then where the act applies,” says Sangster.
Categorizing what is personal data under the act will be a problem for marketers and whether they can legally use the data, she adds.
Ben Grubb, the journalist at the center of the ruling, said he had wanted access to his data to highlight recently passed data retention laws in Australia, “so that I could show Australians exactly what metadata was.”
Under legislation passed in Australia in March, telcos and internet service providers (ISPs) must store customers’ metadata for two years.
“I wanted to put my metadata on a map like German politician Malte Spitz did after he successfully sued his telco in 2011 to show just how invasive having all of your metadata stored was in the wake of mandatory data retention in his country,” Grubb said in a Fairfax story titled “Me and My Metadata: How I Beat Telstra After My 22-Month Legal Battle.”
In Grubb’s article, Anna Johnston, director at Salinger Privacy and a former deputy privacy commissioner for the state of New South Wales, said the privacy commissioner’s decision was “groundbreaking.”
“This case has far-reaching consequences for any organization which deals in any form of ‘big data,'” Johnston told Grubb. “No one should think that privacy can be protected simply by leaving out customer names or other identifiers from a database. Any dataset which holds unit-record level data can potentially be linked to data from other sources, which can then lead to someone’s identity being ascertainable,” she said.
Telstra says it already provides access to personal information, “but this decision could extend this practice to every single piece of data in our networks regardless of whether the data reveals the identity or anything else about someone,” said Kate Hughes, chief risk officer at Telstra, in a blog post.
Telstra says it will appeal the ruling.
“Given the broad implications of the decision on the Australian economy and its potential impact on the continued evolution of new technologies in our sector, we feel we need clarification on some important points in the decision,” said Hughes. “We look forward to gaining that certainty through a review process.”
Image via Shutterstock.