Australia’s Federal Court has handed down a judgement on the question of what constitutes personal information, and specifically whether the metadata in a telecommunications account was personal information about that individual or whether it was “merely” about the services provided to that individual.
The information at issue included phone network information such as the IP address, URLs visited on the account, cell tower locations during web use, and data pertaining to inbound calls.
This is of interest here in Canada, relating as it does to C-51 and lawful access initiatives.
Canadian privacy advocates have long argued that
In terms of Canadian privacy law…metadata must be recognized as constituting personally identifiable information, or Canadians will forever be in the dark about the full range of data that companies are collecting and how it might be being used.
This decision goes against that position, and in so doing strengthens the risk(s) of Canadian telecommunications providers not only withholding this data from their account holders but of sharing the information with law enforcement agencies freely without consideration of PIPEDA privacy requirements.