Australia's privacy laws gutted in court ruling on what is 'personal information'

In possibly Australia's most important privacy case to date, the Federal Court today dealt a severe blow to Australia's information privacy laws by narrowing the definition of "personal information". Australia's data privacy laws only protect "personal information", which is defined by whether a person is identified or identifiable from data. By reasoning that data is only "personal information" if a person is the actual subject matter of that information, the court’s decision means "personal information" may not include data that only reveals identity if linked with other data. This means certain data held by Telstra, including IP addresses, URLs (websites) visited and geolocation data, are not protected by Australian privacy law. They are not subject to any restrictions on processing or disclosure to other entities. By ignoring the possibilities of data linking, the court leaves us with one of the weakest data privacy regimes in the Western world. This may be appropriate for the age of print media, but it's hardly adapted for the thoroughly datafied world we live in today.