An outdated data privacy law threatens to outlaw targeted advertising technologies. In fact, the Telecommunications Act could make the systems criminal.
The law should be modernised for the 2000s.
The opportunity
These days, ISPs have a chance to make extra money by allowing targeted advertising outfits to tailor end user advertising based on watching their IP traffic and surfing habits.
Seems like a no brainer to get on board the revenue opportunity. After all, more relevant advertising is a win for the customer, too, isn’t it ?
Except that it may be a federal criminal offence.
The problem law
The fly in the ointment is section 276 of the Telecommunications Act 1997. It creates an offence of making any use or disclosure of information an ISP or telco has about any end user’s use of their services. The penalty ? Up to two years prison.
In a nutshell, here’s what it says.
A CSP must not use or disclose any information that relates to the contents or substance of communications they carry.
Actually, it’s broader than that but for the purposes of this discussion it’s a fair summary. There are some exceptions to the rule and we’ll look at them further on.
Notice two important features of this law.
First, it doesn’t exclude anonymous information.
Australia’s main privacy law, the Privacy Act 1999, doesn’t normally apply to information that isn’t linked to an identifiable person. As far as the Privacy Act is concerned, information that an unidentified person has visited www.page.com isn’t important.
But the Telco Act doesn’t differentiate between information about an identified person and ‘anonymous’ information. As far as the Telco Act is concerned if the information is carried on your network, you can’t use or disclose it.
Second, it protects a very broad range of material.
Note the phrase ‘information that relates to the contents or substance of communications’. It’s far wider than just the communication itself. It extends to information that relates to it.
The fact that a person visits www.page.com would seem to fit fair and square within the protected kind of material.
The opportunity meets the problem law
So sticking a box into the IP flow that observes the pages visited by end users and tailors subsequent advertising to their perceived interests constitutes disclosing or using protected material.
Isn’t consent a defence under section 276 ?
Yes, it is. But there’s a catch: you need consent from each person affected. Little Jimmy aged 12 can’t click an opt in box and give consent for Mum and Dad.
How the law came to be this way
Section 276 has its roots in pre-WWW days when ‘telecommunications’ equaled ‘telephones’. In the context of phone calls, it’s not hard to see why a service provider should be restricted from using or disclosing information it holds.
When the internet hit the big time, it simply fell into the same rule that had been written in ‘phone-only’ days.
The result is that the practice of monitoring the IP stream and using it (or allowing a third party to use it) to tailor advertising is caught by a law that never considered the nature of web surfing.
Why it makes sense to change section 276
First, web surfing is way different from making a phone call. In general, people would not think that targeted advertising is an objectionable use of information about surfing behaviour, and certainly not a criminal action. In a sense it’s just ‘cookies on steroids’.
Second, when section 276 was enacted Australia had no general privacy law. Today it does. The Privacy Act is ready to step in and protect information about IP traffic in just the same way as any other information. It’s the proper framework for protecting this kind of information now.
Conclusion
It’s time section 276 of the Telco Act was reviewed and updated. It’s not a crime to target advertising. At least, it shouldn’t be.
Loading ...
No comments yet.