20251231 FOI 25261 Notice of decision.pdf

31 December 2025

Wade
eSafety ref: FOI 25261
By email: xxxxxxxxxxxxxxxxxxxxxxxxxx@xxxxxxxxxxx.xxx.xx

Dear Wade
Decision on your freedom of information request
I refer to your request to the eSafety Commissioner (eSafety) for access to documents under
the Freedom of Information Act 1982 (Cth) (FOI Act).
On 3 November 2025, you requested:
any documents, including communications, relating to the potential designation of steam and
github as age-restricted social media services. At a minimum, this should include
communications between eSafety and the aforementioned services concerning the self-
assessment tool.
(request)
On 20 November 2025, you agreed to exclude duplicates and drafts of material in scope of
the request, as well as the names and personal information of public servants, from the
scope of your request. We have therefore treated the names, contact details and other
personal information of eSafety staff below the Senior Executive Service Band 2 level as out
of scope of your request.
Decision
I am authorised under section 23(1) of the FOI Act to make decisions under that Act.
I have identified 24 documents that fall within the scope of your request. I have decided to:
•  grant access to 20 documents in part pursuant to sections 47E(c), 47E(d), 47F and 47G
of the FOI Act (with irrelevant/out of scope material removed under section 22); and
•  refuse access to four documents pursuant to sections 42 and 47E(d) of the FOI Act.
Material taken into account
In making my decision, I have considered the following:
•  the scope of your request
•  the information contained in documents relevant to your request
•  the relevant provisions of the FOI Act including sections 22, 42, 47E, 47F and 47G

Email: xxx@xxxxxxx.xxx.xx

•  consultation with eSafety personnel
•  responses received from relevant third parties, and
•  the guidelines issued by the Australian Information Commissioner under section 93A of
the FOI Act (the FOI Guidelines).
Reasons for decision
The attached schedule of documents provides a description of each document and my
decision on access for each one. The reasons for my decisions are outlined below.
Section 42 of the FOI Act – legal professional privilege 
Section 42 of the FOI Act provides that a document is exempt if it would be exempt from
production in legal proceedings on the ground of legal professional privilege.  
Paragraph [5.148] of the FOI Guidelines state that:
The underlying policy basis for legal professional privilege is to promote full and frank disclosure
between a lawyer and client to the benefit of the effective administration of justice. It is the purpose
of the communication that is determinative.[1] Legal professional privilege protects documents which
would reveal communications between a client and their lawyer made for the dominant purpose of
giving or obtaining legal advice.[2]  The information in a document is relevant and may assist in
determining the purpose of the communication, but the information in itself is not determinative.
Paragraph [5.149] of the FOI Guidelines state that:
At common law, determining whether a communication is privileged requires a consideration of:
•  whether there is a legal adviser-client relationship
•  whether the communication was for the dominant purpose of giving or receiving legal advice,
or for use in connection with actual or anticipated litigation
•  whether the advice given is independent
•  whether the advice given is confidential.[3]
Paragraph [5.156] of the FOI Guidelines state that:
In the AAT case of Ransley and Commissioner of Taxation (Freedom of information) [2015] AATA
728, Tamberlin DP summarised the principles set out above at [5.154] and discussed that
‘communications and information between an agency and its qualified legal advisers for the
purpose of giving or receiving advice will be privileged whether the legal advisers are salaried
officers [or not], provided they are consulted in a professional capacity in relation to a
professional matter and the communications arise from the relationship of lawyer-client. There

1 See footnote 134 in the FOI Guidelines.
2 See footnote 135 in the FOI Guidelines.
3 See footnote 136 in the FOI Guidelines.

Email: xxx@xxxxxxx.xxx.xx

is no requirement that an in-house lawyer hold a practicing certificate provided the employee is
acting independently in giving the advice.’
Four documents identified in the schedule were created for the dominant purpose of
eSafety’s internal Legal Services branch providing legal advice to the Social Media Age
Restrictions team.
The relevant documents evidence that a legal adviser-client relationship was present at the
time of the communications. In these documents/correspondence between eSafety in-house
lawyers and non-legal staff, I am satisfied that the in-house lawyers were providing advice in
their capacity as lawyers at the request for eSafety personnel (i.e., the client).
Following this assessment, I am satisfied that the relevant material was created and/or used
for the dominant purpose of obtaining and providing legal advice. The FOI Guidelines make it
clear that documents will be privileged where the main purpose of document creation was for
giving or receiving legal advice. These documents are therefore subject to legal professional
privilege.
Accordingly, I find these documents to be exempt in full under s 42 of the FOI Act.
Section 47E(c) of the FOI Act – management of personnel
Section 47E(c) of the FOI Act provides that a document is conditionally exempt if its disclosure
would, or could reasonably be expected to, have a substantial adverse effect on the
management or assessment of personnel by the Commonwealth or by an agency.  The FOI
Guidelines at paragraph [6.103] state the following in respect of section 47E(c):
For this conditional exemption to apply, the documents must relate to either:
•
the management of personnel – including the broader human resources policies
and activities, recruitment, promotion, compensation, discipline, harassment and
occupational health and safety
•
the assessment of personnel – including the broader performance management
policies and activities concerning competency, in-house training requirements,
appraisals and underperformance, counselling, feedback, assessment for bonus or
eligibility for progression (footnotes omitted).
Further, at paragraphs [6.15] and [6.16] the FOI Guidelines provide the following in relation to the
test ‘would or could reasonably be expected to’:
6.15   The use of the word ‘could’ is less stringent than ‘would’ and requires analysis of the
reasonable expectation rather than the certainty of an event, effect or damage occurring.
It may be a reasonable expectation that an effect has occurred, is presently occurring, or
could occur in the future.
6.16   The mere risk, allegation, possibility, or chance of prejudice does not qualify as a
reasonable expectation. There must be, based on reasonable grounds, at least a real,
significant or material possibility of prejudice.

Email: xxx@xxxxxxx.xxx.xx

Two documents contain the direct contact details of eSafety Commissioner Julie Inman Grant.
As outlined in the FOI Guidelines4, the ‘management of personnel’ includes work health and
safety. In some circumstances, it may be appropriate to address concerns about the  work
health and safety impacts of disclosing public servants’ personal information (such as names
and contact details) under section 47E(c) of the FOI Act.5
I have considered the following circumstances in making my decision:
•  the relationship between Commissioner Inman Grant and the exercise of powers and
functions discharged by eSafety;
•  the circumstances of Commissioner Inman Grant; and
•  whether the relevant personal information is already publicly available.
I consider that public disclosure of the direct phone numbers of Commissioner Inman Grant
may pose a work health and safety risk for the following reasons:
•  eSafety is Australia’s independent regulator for online safety. eSafety fosters online
safety by exercising powers under Australian legislation, primarily the Online Safety Act
2021 (Cth) (the OSA), to protect Australians from serious online harms. The role and
utility of eSafety has been questioned by members of the community, leading to online
abuse of the office, the eSafety Commissioner and eSafety personnel.
•  As the FOI Act does not control or restrict any subsequent use or dissemination of
information released under the FOI Act, there is a likelihood that the  personal
information may be publicly disseminated, causing Commissioner Inman Grant undue
stress and anxiety.
•  The direct work phone numbers for Commissioner Inman Grant  are not publicly
available.
I am therefore satisfied that disclosure of this material would, or could reasonably be expected
to, have a substantial adverse effect on the management of eSafety personnel.
Accordingly, I consider that parts of the documents identified in the schedule are conditionally
exempt from disclosure under s 47E(c) of the FOI Act.
As section 47E is a conditional exemption, I am required to apply the public interest test
outlined in section 11A of the FOI Act. The public interest test, in respect of all conditionally
exempt material, is discussed below.

4 At [6.103].
5 Paul Farrell and Department of Home Affairs (Freedom of Information) [2023] AICmr 37; FOI
Guidelines at [6.109].

Email: xxx@xxxxxxx.xxx.xx

Section 47E(d) of the FOI Act – proper and efficient conduct of operations
Section 47E(d) provides that a document is conditionally exempt if its disclosure would, or
could reasonably be expected to, have a substantial adverse effect on the proper and
efficient conduct of the operations of an agency.
11 documents contain contact details used by eSafety to coordinate internally and
communicate with industry stakeholders. I consider that the release of this information
would, or could reasonably be expected to, have a substantial adverse effect on the proper
and efficient conduct of eSafety’s operations. This is because these contact details are not
intended to be reached by the public, and their disclosure may lead to the public seeking to
contact these individuals and teams directly for various purposes, including to expose them
to abuse or to tie up eSafety resources. This, in turn, could reasonably be expected to
substantially weaken the operational efficiency of eSafety. 
I therefore consider that these documents are conditionally exempt from release, in part,
under section 47E(d).
In relation to the four documents discussed above that are exempt in full under section 42, I
also consider those documents to be exempt in full under section 47E(d). This is because
releasing assessment documents could disclose details of how eSafety ingests information
about platforms (including information provided by platforms) to assess whether they fall
within scope of s 63C of the OSA. I consider that this could be expected to have a
substantial chilling effect on platforms sharing full and detailed information with eSafety on
a voluntary basis. This would affect the ability of eSafety to efficiently assess whether
certain services fall within scope of s 63C at a particular time and therefore could reasonably
be expected to substantially weaken the operational efficiency of eSafety.
Section 47F of the FOI Act – personal privacy
Section 47F of the FOI Act provides that a document is conditionally exempt if its disclosure
would involve the unreasonable disclosure of personal information of any person.
‘Personal information’ means information or an opinion about an identified individual, or an
individual who is reasonably identifiable (see section 4 of the FOI Act and section 6 of the
Privacy Act 1988 (Cth)).
Whether a disclosure is “unreasonable” requires a consideration of all the circumstances,
including the nature of the information that would be disclosed, the circumstances in which
the information was obtained, the likelihood of the information being information that the
person concerned would not wish to have disclosed without consent, and whether the
information has any current relevance.
eSafety must also have regard to the following matters (section 47F(2) of the FOI Act):
• the extent to which the information is well known

Email: xxx@xxxxxxx.xxx.xx

•  whether the person to whom the information relates is known to be (or to have been)
associated with the matters dealt with in the document
•  the availability of the information from publicly accessible sources
•  any other matters that the agency or minister considers relevant.
20 documents contain the personal information of third parties, in particular their names and
contact details. In making this decision, I have taken into consideration the views of
consulted third parties who have objected to the disclosure of personal information. I
consider that the disclosure of third-party personal information would be unreasonable in
the circumstances because the relevant individuals are not publicly known to be associated
with the matters dealt with in the documents, and disclosure is likely to cause the third
parties undue stress and anxiety, expose them to abuse and harassment, or both.
I am also satisfied that disclosure of Commissioner Inman Grant’s direct contact details in
two documents would be unreasonable in the circumstances for the same reasons provided
above under section 47E(c) of the FOI Act.
I therefore consider that parts of the documents identified in the schedule are conditionally
exempt from release under section 47F of the FOI Act.
Section 47G of the FOI Act – business information
Section 47G(1)(a) of the FOI Act provides that a document is conditionally exempt if its
disclosure would disclose information concerning the business, commercial or financial
affairs of an organisation or undertaking, in a case in which the disclosure of the information
would, or could reasonably be expected to, unreasonably affect the organisation or
undertaking in respect of its lawful business, commercial or financial affairs.
Five documents contain an email address used by a third-party organisation (Valve
Corporation) to receive subpoenas and other inquiries from law enforcement and government
bodies. I consider that this is the business information of Valve that could reasonably be
expected to unreasonably affect Valve in its lawful business affairs.
This is because these contact details are not intended to be reached by the public, and their
disclosure may lead to the public seeking to contact Valve directly for various purposes,
including through sending spam messages or malicious attacks. This, in turn, would
unreasonably impede the ability of Valve to conduct its lawful business efficiently.
I therefore consider that parts of these documents are conditionally exempt from disclosure
under section 47G of the FOI Act.

Email: xxx@xxxxxxx.xxx.xx

Public interest considerations – sections 47E(c), 47E(d), 47F and 47G
Under s 11A of the FOI Act, access to a document covered by a conditional exemption must
be given unless access to the document would, on balance, be contrary to the public
interest.
Section 11B(3) of the FOI Act sets out matters favouring access that must be taken into
account in considering whether release is in the public interest.
For all the material identified above as conditionally exempt, I consider that disclosure would
generally promote the objectives of the FOI Act and may enhance the scrutiny of government
decision making.
Against release, I consider that there is a public interest in maintaining the personal privacy
of individuals who interact with eSafety, and in maintaining the ability of private
organisations to conduct their lawful business affairs efficiently, as failing to do so is likely to
impact negatively on those individuals and organisations.
I also consider that there are further public interest factors against disclosure that apply, in
that releasing the information could reasonably be expected to:
•  disrupt or detract from work undertaken by individuals and teams at eSafety and at
regulated entities through unnecessary, unsolicited and/or abusive contact
•  impede the timely and cooperative flow of important, often commercially sensitive,
information to eSafety as a regulatory body.
Should the relevant material be disclosed, there is a possibility that disclosure would render
eSafety’s processes less effective at achieving the objects of the OSA, which include
promoting and improving online safety for Australians.
On balance, I consider there are overriding public interest factors weighing against disclosure
of parts of documents as shown in the schedule. I have therefore decided this material is
exempt under sections 47E(c), 47E(d), 47F and 47G of the FOI Act.
I have not taken into account any of the ‘irrelevant factors’ set out in section 11B(4).
Disclosure log
Section 11C of the FOI Act requires agencies to publish documents released to members of
the public on their website within 10 days of release, except if they contain personal or
business information that would be unreasonable to publish.
I am of the view that the documents do not contain personal or business information that
would be unreasonable to publish. Accordingly, the documents will be published on eSafety's
disclosure log.

Email: xxx@xxxxxxx.xxx.xx

If you have any questions regarding this decision, please contact xxx@xxxxxxx.xxx.xx. A
statement of your rights of review is attached.
Yours faithfully

Manager, Legal – Business Services
Attachments
1. Schedule of documents
2. Rights of review

Email: xxx@xxxxxxx.xxx.xx

SCHEDULE OF DOCUMENTS
Number
Date
Description
Decision on access
Exemptions or deletions
1.
4 September 2025  Email from eSafety to GitHub regarding self-
assessment of GitHub
Release in part
s 22, s 47F
2.
4 September 2025  Attachment to Doc 1: Letter from eSafety to
GitHub regarding self-assessment of GitHub
Release in part
s 47E(d), s 47F
3.
4 September 2025  Email from eSafety to GitHub regarding self-
assessment of GitHub
Release in part
s 22, s 47F
4.
4 September 2025  Attachment to Doc 3: Letter from eSafety to
GitHub regarding self-assessment of GitHub
Release in part
s 47E(d), s 47F
5.
19 September 2025  Email from GitHub to eSafety
Release in part
s 22, s 47E(d), s 47F
6.
18 September 2025  Attachment to Doc 5: Letter from GitHub to
eSafety
Release in part
s 22, s 47F
7.
16 October 2025
Preliminary assessment of GitHub under s 63C  Exempt in full
s 42, s 47E(d)
8.
30 September 2025  Annexure to preliminary assessment of GitHub  Exempt in full
s 42, s 47E(d)
9.
16 October 2025
Email from eSafety to GitHub regarding
preliminary view of GitHub
Release in part
s 22, s 47F
10.
16 October 2025
Attachment to Doc 9: Preliminary view letter
from eSafety to GitHub
Release in part
s 47E(d), s 47F

eSafety.gov.au

11.
3 November 2025
Email from eSafety to GitHub
Release in part
s 22, s 47E(c), s 47F
12.
3 November 2025
Attachment to Doc 11: Letter from eSafety to
GitHub
Release in part
s 47E(d), s 47F
13.
4 September 2025  Email from eSafety to Valve regarding self-
assessment of Steam
Release in part
s 22, s 47F, s 47G
14.
4 September 2025  Attachment to Doc 13: Letter from eSafety to
Valve regarding self-assessment of Steam
Release in part
s 47E(d), s 47F, s 47G
15.
4 September 2025  Email from eSafety to Valve regarding self-
assessment of Steam
Release in part
s 22, s 47F, s 47G
16.
4 September 2025  Attachment to Doc 15: Letter from eSafety to
Valve regarding self-assessment of Steam
Release in part
s 47E(d), s 47F, s 47G
17.
22 September 2025  Email from Valve to eSafety regarding self-
assessment of Steam
Release in part
s 22, s 47E(d), s 47F, s
47G
18.
22 September 2025  Attachment to Doc 17: Letter from Valve to
eSafety regarding self-assessment of Steam
Release in part
s 47E(d), s 47F
19.
13 October 2025
Preliminary assessment of Steam under s 63C  Exempt in full
s 42, s 47E(d)
20.
25 September 2025  Annexure to preliminary assessment of Steam  Exempt in full
s 42, s 47E(d)
21.
17 October 2025
Email from eSafety to Valve regarding
preliminary view of Steam
Release in part
s 22, s 47F

eSafety.gov
.au

22.
17 October 2025
Attachment to Doc 21: Preliminary view letter
from eSafety to Valve
Release in part
s 47E(d), s 47F
23.
3 November 2025
Email from eSafety to Valve
Release in part
s 22, s 47E(c), s 47F
24.
3 November 2025
Attachment to Doc 23: Letter from eSafety to
Valve
Release in part
s 47E(d), s 47F

eSafety.gov
.au