6/09/2021
CONFIDENTIAL
Via Email
Vanessa Teague
Email: xxxxxxxxxxxxxxxxxxxxxxxxx@xxxxxxxxxxx.xxx.xx
Dear Ms Teague
RE: REVIEW OF FOI DECISION – REFERENCE NUMBER ABC FOI 202021-055
I refer to your email dated 16 July 2021 requesting an internal review of ABC FOI
202021-055 Decision. This was a decision by the ABC’s Head of Corporate Governance
and FOI Coordinator, Pamela Longstaff, who has authority to make decisions in
respect of requests made under the Freedom of Information Act 1982 (Cth) (FOI Act).
Background
Your information request dated 15 June 2021 sought
Documents containing:
All data sharing agreements signed with all third parties who will be given
access to iView data, including
- Google
- Facebook
- Tealium
and any others to whom the ABC has granted access to iView viewing data.
On 16 July 2021, Ms Longstaff determined that the documents within the scope of your
request (Identified Documents) were subject to an exemption (under section 45 of
the FOI Act – material obtained in confidence), and not required to be released
(Original Decision).
In your email dated 16 July 2021, you requested an internal review of the Original
Decision.
1
On 24 August 2021, the Office of the Australian Information Commissioner (OAIC)
granted an extension of time for the ABC to provide you with its internal review
decision; the date by which the decision must be provided to you is 9 September 2021.
I am authorised by the Managing Director under section 23 of the FOI Act to make
decisions on requests for internal review.
I have reviewed your request in accordance with section 54C of the FOI Act.
In undertaking my review, I have reviewed the Identified Documents, relevant
sections of the FOI Act, and the FOI Guidelines published by the Office of the
Australian Information Commissioner (FOI Guidelines).
Decision
Having reviewed your request, I have decided to:
• Release to you one document, being the DTA Terms of Service, redacted in
part;
• Provide you with additional information relevant to your request, as set out
below; and
• Otherwise affirm the Original Decision that the Identified Documents are not
required to be released on the ground that they constitute material
communicated in confidence.
Reasons
My starting point is the general right of access set out in section 11(1) of the FOI Act
that:
Subject to this Act, every person has a legally enforceable right to obtain
access in accordance with this Act to: a document of an agency, other than an
exempt document…
Having reviewed the Identified Documents, I observe that many of them are
agreements reached between the ABC and a third party which contain confidentiality
clauses, preventing the parties from being able to release the information contained
in the document, and other confidential information.
Section 45 of the FOI Act provides as follows:
Documents containing material obtained in confidence
(1) A document is an exempt document if its disclosure under this Act would
found an action, by a person (other than an agency or the Commonwealth), for
breach of confidence.
2
In light of the confidentiality clauses contained in many of the documents and the
potential application of section 45 of the FOI Act, it is necessary for me to turn to the
relevant paragraphs of the FOI Guidelines, which provide as follows:
5.158 A breach of confidence is the failure of a recipient to keep confidential,
information which has been communicated in circumstances giving rise to an
obligation of confidence. The FOI Act expressly preserves confidentiality
where that confidentiality would be actionable at common law or in equity.
5.159 To found an action for breach of confidence (which means s 45 would
apply), the following five criteria must be satisfied in relation to the
information:
• it must be specifically identified
• it must have the necessary quality of confidentiality
• it must have been communicated and received on the basis of a mutual
understanding of confidence
• it must have been disclosed or threatened to be disclosed, without
authority
• unauthorised disclosure of the information has or will cause detriment
5.160 A breach of confidence will not arise, and the exemption will not apply, if
the information to be disclosed is an ‘iniquity’ in the sense of a crime, civil
wrong, or serious misdeed of public importance which ought to be disclosed to
a third party with a real and direct interest in redressing such crime, wrong, or
misdeed.
[references omitted]
Having regard to the five criteria above, I consider that the section 45 exemption
applies. The terms of the documents are specifically identified, covered by the
confidentiality clauses, were communicated in the context of a confidential
commercial transaction, were understood to remain confidential, and unauthorised
disclosure could foreseeably cause detriment to the parties. Put another way, if the
ABC were to release the information in these documents that is requested, the ABC
would foreseeably be subject to legal proceedings brought by the other party, for
breach of confidence.
Accordingly, these documents are not required to be released. I note that this is
consistent with paragraph 5.9 of the FOI Guidelines, which provides as follows:
The exemptions in Division 2 of Part IV are not subject to an overriding public
interest test. If a document meets the criteria to establish a particular
exemption, it is exempt. There is no additional obligation to weigh competing
public interests to determine if the document should be released.
There is one document that does not meet the test of “material obtained in
confidence”. I have determined that this should be released to you in redacted form
3
link to page 4
to protect the commercially valuable information
1 contained in the document; please
find enclosed the DTA Terms of Service.
Additional information
For your information, I note that there is no contract between the ABC and Facebook,
Google or YouTube that covers sharing of personal data. Individual users agree to the
platform’s Terms of Service; and the ABC agrees to the platform’s Terms of Service
when creating a branded channel.
You may wish to review the following, which are publicly available and hyperlinked:
-
https://payments.google.com/payments/apis-
secure/get_legal_document?ldi=31212
-
Terms of Service | Google Analytics – Google
-
Google APIs Terms of Service | Google Developers
-
FIREBASE CRASHLYTICS AND FIREBASE APP DISTRIBUTION TERMS OF SERVICE
(google.com)
-
Google Cloud Platform Terms Of Service
-
Facebook
Response to your specific contentions
In your email of 16 July 2021, you stated the following:
I do not accept that the documents are covered by a "necessary quality of
confidentiality" merely because they contain confidentiality clauses, i.e. the
parties agreed to keep them secret. If this line of reasoning were valid, then
any agreement made by a public authority could remain confidential, no
matter how gravely opposed to the public interest, only because the parties to
that contract had undertaken to keep it so. Public authorities and corporations
making arrangements against the public interest are most likely to want to
keep them confidential.
I do not believe the information could have been exchanged with an
"understanding of confidence" when the ABC is constrained by APP1 - 'to
manage personal information in an open and transparent way.’ It is not
credible to suggest that the receiving parties, Google, Facebook and others,
did not realise that the people whose data was being given to them would
wish to know the nature of the data sharing arrangement.
1 Under section 47 of the FOI Act, documents containing commercially valuable information are not required to be
released.
4
Finally, I question the overly broad use of the term 'cause detriment.' While I
agree that exposure of inappropriate, irresponsible or corrupt behaviour may
cause detriment to specific individuals or corporations, I do not believe that is
the intended interpretation of that clause. Publication of these contracts
would not cause detriment unless there is something embarrassing to hide -
even then, it would not cause detriment to the community as a whole.
The publication of these data sharing arrangements has tremendous public
benefits. First, it informs ordinary iView viewers of how their data is being
shared, hence giving them some opportunity to protect themselves from some
of its harmful consequences. Second, it allows technical experts like me to
examine the accuracy of the privacy policy. I am concerned that there may be
misconceptions about the strength of technical privacy protections. For
example, the privacy policy's mention of a 'hash of the email address' suggests
that the inadequacy of hashing as a technical privacy protection has not been
understood. If the technical protections promised in the data sharing
contracts do not in fact meet the promises of the ABC's privacy policy, then the
ABC needs to find out urgently. Opening the data sharing contracts for
independent review would be one way to do so.
I have considered the points that you have made. I note that the ABC is governed by
various legislation, such as the Public Governance, Performance and Accountability
Act 2013 (Cth) that mitigates against arrangements being entered into against the
public interest. Publishing copies of agreements entered into between the ABC and
another party is not a necessary measure to protect against inappropriate
arrangements. The ABC has a robust privacy framework in place to ensure
compliance with its privacy obligations. I have also set out above the detriment that
may flow to the ABC if it were to disclose the terms of its agreements with other
parties.
Right of review
If you are dissatisfied with this decision, you can apply for review by the Australian
Information Commissioner, whose contact details are:
Office of the Australian Information Commissioner
GPO Box 5218 Sydney NSW 2001
Tel: 1300 363 992 Fax 02 9284 9666
Email: xxxxxxxxx@xxxx.xxx.xx
Website: www.oaic.gov.au
In making your application to the Information Commissioner, you need to provide an
address for notices to be sent (this can be an email address) and a copy of this
decision. You may also wish to inform the Information Commissioner of the reasons
for seeking review.
5
Yours sincerely
Vanessa MacBean
Head, Employee Relations and a/Chief People Officer
FOI Internal Reviewer, authorised pursuant to s 23 FOI Act
Australian Broadcasting Corporation
6
Document Outline