Privacy Law and Policy Reporter
Privacy is a very personal concept; everyone has their own sense of what constitutes an invasion of privacy. It may be an unauthorised exposure of personal information. It may be an invasion of personal space, of standing or sitting close enough to another to make them feel uncomfortable.
Telecommunications has added new dimensions to privacy invasion both in terms of the ease with which personal information can now be accessed and because of the new ways our ''space' can be invaded through, for example, telemarketing techniques.
Overseas jurisdictions are increasingly recognising the increased threat new technologies pose to privacy and are passing legislation to meet the challenge. Australia has not followed that lead.
There are different types of privacy issues raised by telecommunications: interception of communications, the misuse of personal information either obtained by the carriers/service providers or in the course of using the telecommunications network, and unsolicited telecommunications (telemarketing, for example).
Legislation makes interception of ''communications passing over a telecommunications system' unlawful. Communicating, passing on or recording information obtained through interception (legal or not) is also unlawful. Other types of privacy issues, however, are not as well covered. Data protection is the first example.
Prior to the 1991 telecommunications legislation, both Telecom and OTC were covered by the Privacy Act 1988. The Australian and Overseas Telecommunications Corporation Act 1991, creating a combined Telecom and OTC, effectively removed the new AOTC (Telecom) from the Privacy Commissioner's jurisdiction.
Protection of data is now covered by the telecommunications legislation and by Ministerial direction. The Act (as amended) now prohibits carrier (Telecom, Optus and Vodafone) employees, service providers and their employees from disclosing any communications made in the course of telecommunications carriage, or any personal information obtained through the person's status as carrier or service provider employee.
A ministerial direction also covers the way the carriers (as opposed to carrier employees) handle that data. Under Ministerial declarations, both carriers must provide raw directories data only: in accordance with the Information Privacy Principles set out in s14 of the Privacy Act 1988 as if the licensee were an agency within the meaning of that Act.
The other requirement on the carriers is that, in providing information to an emergency service about the telephone number and address or location of a person calling an emergency service number, they must do whatever is necessary to comply with the Privacy Act 1988 (and, in particular, Information Privacy Principle 11 of that Act) as if the licensee were an agency within the meaning of that Act.
Further, the recently established Telecommunications Industry Ombudsman (TIO) now has jurisdiction to handle individual complaints against TIO scheme participants (at this stage, only the carriers are members although there is provision for service providers to join).
While that regime now largely covers personal information held or obtained by carriers and service providers, it does not cover situations where personal information is forwarded by the telecommunications network to others.
The most well-known example is Calling Number Display (CND): the display of the calling party's number on the handset of the caller party. There are undoubted benefits for CND: the ability of the called party to know the number of the calling party and screen calls. Emergency services can be given immediate access to the calling number and address of the emergency, particularly in situations where the caller may not be able to provide that information. Caller ID has also helped curb hoax callers and threatening or obscene calls. The counter arguments are about loss of privacy revealing your telephone number to the called party in a variety of circumstances where you may not wish to do so. One of the most often cited examples is of businesses obtaining the numbers of those calling. Those customer numbers then form the basis of customer lists which a business then sells to marketing agencies.
Telecom is about to begin a trial of CND in Wauchope, NSW which will, in part, test that community's reaction to privacy issues involved in CND. What will also be tested is the ways in which privacy issues raised by the introduction of CND in Australia should best be addressed.
This category is primarily about the use of the telecommunications system (telephone or facsimile) to sell a product or service on offer. It includes individuals or companies making unsolicited telephone calls or sending unsolicited facsimiles. It also includes the more sophisticated technology being used overseas which uses recorded messages sent into the home or office by automatic calling equipment connected to the telephone network.
The intrusion of such unsolicited information can be anything from annoying to life threatening. Machines automatically dialing numbers can prevent other telephone calls or facsimiles from being received. At its worst, the calls can tie up a line, preventing the subscriber from being able to use the telephone in an emergency situation.
Moves are being made overseas to control such unsolicited Telecom- munications. No similar public protection is in place in Australia. There are codes of conduct by direct marketing groups which cover unsolicited telemarketing. However, codes cover only marketing agencies which are group members and only cover limited circumstances in which contact can be made.
The other difficulty is with the automatic dialing machines. While AUSTEL can issue permits for customer equipment attached to the telecommunications network, ''privacy issues cannot be considered in assessing whether a permit should be issued'.
Recognising the growing challenge telecommunications systems pose to privacy, AUSTEL (the telecommunications regulator) held an inquiry in 1991, seeking public response to privacy issues raised.
AUSTEL recognised the current gaps in privacy protection and, in the longer term, recommended extending the Privacy Act jurisdiction to telecommunications. In the short term, AUSTEL recommended the establishment of a Telecommunications Privacy Committee, which would include representatives of telecommunications industries, network operators, consumers, manufacturers, market researchers and relevant government bodies. The Committee's brief would be to establish privacy principles for telecommunications privacy issues and to oversee the development of codes of practice for the privacy issues raised.
Because the issues to be considered by the Committee would be broader than AUSTEL's remit however, the Committee would be ''with, but not of,' AUSTEL and that AUSTEL would service the Committee. Over a year later, there is still no privacy committee.
AUSTEL's Annual Report suggests the reason: the ministerial view that establishment of the proposed Committee ''would require clarification of important issues of accountability, status and membership' which would need to be resolved ''before any decision could be made on additional funding'. Latest reports suggest that the Minister may recommend that the Committee be established within AUSTEL. While that would solve issues of accountability and enforcement of privacy issues, AUSTEL's current lack of jurisdiction over privacy issues would need to be addressed. In the meantime, the gaps in privacy protection are still there
In February 1994, Frances Wood, manager, Telecommunications Privacy, AUSTEL, made the following comments in a report to AUSTEL's Consumer Advisory Committee (CAC):
While there seems to have been agreement that the voluntary co-regulatory approach [recommended by AUSTEL in 1992] is workable, it has been less clear what kind of committee structure should support it. AUSTEL's recommendation in the report was of an independent committee (''with, but not of, AUSTEL'), while the Department made the counter-suggestion of a sub-committee of this group, the CAC, a framework giving insufficient recognition to industry interests. A number of structures are under consideration.
It is hoped that negotiations about this can be settled and the work of deciding membership, terms of reference, performance indicators and so on can proceed. One of the first tasks of the Committee will be to consider the trial of caller ID in Wauchope, and to turn its attention to the application of the principle of informed consent with relation to the service. It will be very challenging for the Committee to have to deal with such an issue so early in its life, but we may be helped in this task by the involvement of a number of likely members of the Privacy Committee in the consumer consultative process that Telecom has been fostering
 See discussion in Myles Ruggles, Telecommunications Privacy: Conflict in Control of Personal Information Flows and Boundaries. Submission to AUSTEL Inquiry into the Privacy Implications of Telecommunications Services (February, 1992), talking about management of ''personal boundaries' in a telecommunications context.
 For example, the Council of European Communities is considering a directive to protect personal data collected as part of the use of public digital telecommunications networks. For discussion, see White, ''Your Number, Please? Calling Line Identification and Calling Number Display in Australia: An Issues Paper, CIRCIT Policy Research Paper, 1992, p 28.
 s7 and s63, Telecommunications (Interception) Act 1979 (Cth).
 s26, Australian and Overseas Telecommunications Corporation Act1991 (Cth) which says that AOTC is not to be taken as having been established as a public authority or incorporated for a public purpose the basis of jurisdiction for the Privacy Commissioner.
 s88(1) Telecommunications Act 1991.
 Clause 7.2(c), Telecommunications (General Telecommunications Licences) Declaration (No 1) of 1991.
 Clause 2.4(b), Telecommunications (General Telecommunications Licences) Declaration (No 2) of 1991.
 Ibid, quoting a report prepared by New Jersey Bell Company on the Impact of Caller ID.
 For discussion on the range of issues raised by CND and other new technologies, see White, op cit; The Intelligent Telecommunications Network: Privacy and Policy Implications of Calling Line Identification and Emerging Information Services (Proceedings of a CIRCIT Conference, January, 1992); and AUSTEL, Telecommunications Privacy, December, 1992, pp 63-105.
 For example, the US passed the Telecommunications Consumers Protection Act in 1991 which prohibits ''cold calling unsolicited telecommunications except in special circumstances. The Council of Europe's Draft Recommendation on the Protection of Personal Data in the Area of Telecommunications Services, with Particular Reference to Telephone Services also encourages a code of practice on when telemarketing calls can be made, the nature of the message and the manner in which the message is communicated. (See AUSTEL, Telecommunications Privacy, p 107).
 See, for example, The Australian Direct Marketing Association To The AUSTEL Inquiry Into The Privacy Implications of Telecommunications Services, 192.
 AUSTEL, Telecommunications Privacy, p 130 - citing advice from the Attorney-General's office on the scope of AUSTEL's powers under the current legislation.
 Ibid, p 44.
 Ibid, p 50.
 Ibid, p 48.
 Ibid, p 46.
 AUSTEL, Annual Report 1992-1993, pp 72-73.