Privacy Law and Policy Reporter
The Report, tabled in the Senate on 7 December 1993 follows a reference by the Senate on 18 September 1993 to a Select Committee chaired by Senator Margaret Reynolds concerning:
The 0055 service offered by Telecom called ''Reverse Phone Directory', which enabled subscribers to match private telephone numbers with specific residential addresses and the development of a proper and enforceable code of conduct to protect the privacy of Telecom customers from developments of this kind.
The service in question was in fact provided by Barwon Bank Pty Ltd (the information provider), utilising the bureau operations of a 0055 service provider (In-Telegance Pty Ltd), which has a contractual arrangement with Telstra (Telecom's parent company) to access the public switched telephone network (PSTN). The reverse phone directory (RPD) provided allowed callers to call a 0055 number to obtain access to a database of all Australian telephone numbers. When the caller stated a number of interest, a computer-generated voice would state the address and subscriber name relevant to the number. The service was discontinued in relation to residential (White Pages) information before it became operational, following public controversy. The Committee noted that RPD databases were already being provided on CD-ROM by at least two suppliers (''Australia on Disk' and ''Desk Top Marketing System').
The Committee concluded that the disadvantages of RPDs containing details of individual subscribers, particularly the privacy implications, ''far outweigh any potential benefits'. It ''believes that the RPD is an illegitimate service, because of its gross breach of the privacy of 8 million telephone subscribers whose details have been entered, without their approval, on the RPD database'. It did not see similar problems arising with RPDs limited to Yellow Pages information about businesses.
The Committee also expressed its ''in principle support' for all of five options suggested by the Privacy Commissioner:
(a) Telecom enforce its copyright over telephone directories;
(b) legislation to restrict re-use of telephone directory information in such a way that permits number-to-name searches;
(c) require 0055 service providers to participate in the Telecommunications Industry Ombudsman Scheme; and
(d) amend the 0055 Code of Practice to cover privacy issues, or develop a new code.
The Committee made four formal recommendations:
Michael Lee MP, Minister for Communications and the Arts, released the government's response on 18 March 1994. Telstra's response is annexed to the government's response.
Recommendation 1 - The government says it ''supports' the Committee's Recommendation 1 that a principle of informed consent apply. It notes that Telstra supports (some) privacy principles (see below), and that the Telecommunications Industry Ombudsman (TIO) is entitled to investigate (some) complaints about non-compliance with the Information Privacy Principles. However, at present it only proposes to consider the matter ''in the context of its approach to privacy issues in general'. In its response, Telstra says it holds ''the view that Australia would benefit from the general application of internationally agreed privacy principles'. But it is careful to state that ''such principles require that information subjects should be aware of the uses to which information is to be put or should consent to particular applications' (emphasis added).
Recommendation 2 - Telstra agrees with Recommendation 2 (that Recommendation 1 be implemented by amendments to the 0055 Code), and has requested the Telephone Information Services Standards Committee (TISSC) to ''suitably' amend the 0055 Code of Practice to ''protect the privacy of calling customers'. The government simply endorses Telstra's response. Neither response therefore clarifies in any way how the 0055 Code is to be amended.
Recommendation 3 - Telstra states that ''a direction has been issued to all Service Providers utilising the 0055 service indicating that any reverse phone directory offered on any 0055 service shall contain only business information similar to the Yellow Pages' and that advertising must indicate this. All Service Providers have also been informed that the 0055 Code is being reviewed in accordance with the Senate Committee's recommendations. The government endorses Telstra's response. Telstra has contractual provisions with service providers that may allow it to impose such directions (see para 2.20 of the Report).
Does Telstra's response to Recommendation 3 mean that the TISSC is being asked to simply prohibit reverse directories of White Pages, or that opt-out ''consent' or opt-in consent should be required for any such directories?
In a separate development, Telecom /Telstra has also ''directed' companies which were using its White and Yellow Pages directories to construct reverse directories on CD-ROM (or for other purposes) to ''cease copying its products' (Telecom media release 23 February 1994).
Recommendation 4 - The government ''supports the view ... that subscribers have the right not to include personal data in a directory and that their consent must be obtained before their personal data is provided by directory enquiry services.'
This Recommendation raised various issues.
The Committee's key recommendation was that ''the principle of informed consent apply in relation to the use and re-use for commercial purposes of telephone directories'. While the government says it ''supports' this principle, Telstra has carefully hedged its bets, by attempting to argue that ''internationally agreed privacy principles' only require either informed consent or disclosure of intended use. This is at least highly contentious and very probably wrong. A careful reading of the Explanatory Memorandum to the OECD Guidelines (1980), particularly concerning the Collection Limitation Principle and the Use Limitation Principle, does not indicate that the determination of legitimate uses of personal data (and therefore what ''disclosure of intended use' can apply to) is to be left solely to information users such as Telstra. In the case of the Privacy Act's IPPs, the legitimate uses of data are limited by the notion of the statutory (or otherwise defined) ''function or activity' of an agency (IPP 1 and IPP 10), so the real privacy issue then becomes how an agency's functions and purposes are defined. There is no international principle that says that mere notification is enough the choice between prohibition, informed consent or mere notification is a policy matter for governments. If the government supports the Committee, it should legislate to require informed consent.
''Informed consent' is not defined by the Committee, and it is somewhat unclear whether they would regard opting out provisions as informed consent. However, their otherwise strong condemnation of RPDs constructed without subscriber approval would seem to be more consistent with a requirement of ''opting in'.
The Committee was concerned with RPDs provided on CD-ROM by persons other than service providers. Recommendation 1 in effect recommends the prohibition of all RPDs unless they are provided on the basis of informed consent. The government response does not mention the CD-ROM issue. Telstra's ''direction' to companies to stop using its directories refers to its claims to copyright in those directories. The legal basis of this is obviously uncertain in light of the US Supreme Court's well-known decision in Feist Publications Inc v Rural Telephone Service Co Inc (1991) 20 IPR 129. At least one of the CD-ROM suppliers, Read Only Memory, has stated that it will continue to include the RPD facility, despite Telecom's ''direction' (Sydney Morning Herald 21 March 1994). The Senate Committee also supported a legislative prohibition.
The government's stated support for a consumer's ''right not to include personal data in a directory' (and to not have it disclosed by directory inquiry services) is very welcome, and probably necessary in light of Telstra's appalling practice of disclosing the existence of silent lines in the EWP. However, this support will be undermined if the government adopts Telstra's line that privacy is a privilege to be paid for, and not a right to be granted freely as advocated by the Committee. If one starts with an assumption that phone numbers are private information, then shouldn't it be those who wish to have their details published who bear security or administration costs? The Committee's suggestion is really only that the ''administration and security' costs could be generously shared between all subscribers, and not borne solely by those who wish to protect their (right of) privacy. The issue of the cost burden of privacy is a crucial one for many future debates (calling line identification, for example), and not just in relation to telecommunications.
Next issue includes: Report to the Minister for Communications: Wireless Personal Communications Services (AUSTEL); Fifth Annual Report on the Operation of the Privacy Act (Australian Privacy Commissioner) - policy aspects.