Telstra and Optus have both warned the federal government that proposals to expand the Privacy Act to treat location and other technical data as personal information could break their networks.
In the Privacy Act Review — Discussion Paper [pdf], the Attorney-General’s Department (AGD) asked whether the current definition of “personal information” in the Act needs to be changed “to ensure the Act protects an appropriate range of technical information”.
Proposals put to the AGD for a broader definition includes data such as IP addresses, device identifiers, and location data — all of which are worrying to the telcos.
In response [pdf], Optus said “proposals that location data should be considered sensitive information and treated as such have significant ramifications for telecommunications carriers”.
Its submission states that “technical information, particularly location data is integral to the supply of telecommunications services themselves”.
Giving consumers a right to opt-out of sharing their location with a carrier - for example, having a carrier not record that a mobile handset is logged into a particular base station - may not be feasible.
In such a case, Optus said, “the only option would be for a telecommunications company to not supply a service to a consumer who wished to ‘opt out’ of the collection of location data”.
In a separate submission [pdf], Telstra said location data “collected in network transactions and used to provision mobile phone calls is not inherently sensitive.
“Accordingly, inclusion of location data in the definition of sensitive information may have the effect of requiring network operators to obtain consent from an individual to collect and use that information for purposes that present no material privacy impact,” Telstra wrote.
Telstra also fears that “fault finding, capacity planning and optimising network performance” could be impacted.”
The two carriers are also worried that data they’re required to collect for criminal and national security investigations may be affected.
Optus’ submission states that “consumers being able to opt out of the collection of certain data would also seem to undermine the work of law enforcement agencies (LEAs) as telecommunications data is often used by LEAs in their investigations.”
In its submission, Telstra said the broadening of the definition of “personal information” could hinder fraud and cyber crime prevention and investigation, and have “impacts on national security and law enforcement investigations”.
