How about me? The scope of personal information under the Australian Privacy Act 1988

A recent Australian Federal Court decision has raised the issue of the scope of information protected under the Australian Privacy Act 1988. The Court failed to adequately address this question, leaving Australians unsure as to whether sections of their information, such as the IP addresses allocated to their mobile devices, will be considered personal information under the Act. The main consideration the Court dealt with was what it means for information to be “about” an individual. In this paper I address two questions: a) how is information determined to be “about” an individual under the Act; and b) how should this determination be made in the future? I conclude that currently available guidance from the courts, the Australian Information Commissioner and scholarly commentary are inadequate to enable individuals, organisations and agencies to consistently make such determinations. Accordingly I draw on approaches to this question taken in Canada, New Zealand, the European Union and the United Kingdom to argue that the definition should be broadly interpreted in a technologically-aware manner. This will help to ensure that personal information is more comprehensively protected under the Privacy Act.