In a decision recently given by the Australian Privacy Commissioner, it was clarified thatMetadata will be considered as personal information as long as its holder has the ability to link it to an individual. The decision was given after a customer requested the telecommunication company Telstra, to access information about his outbound calls and the length of his data usage. Telstra rejected his application which led the Commissioner to categorize this kind of information as "personal information" under the Australian Privacy Act (1988).
The Commissioner found that Metadata (including call durations, the location of the caller, his IP address, the length of his data usage etc.), will be considered personal information as long as its holder has the ability to cross-match the Metadata with other information it holds, in order to link it to an individual, and as long as it has the resources and capacity to actually do so.
Despite the above, the Commissioner clarified that not all kinds of Metadata will be provided to the customer. The Commissioner ordered Telstra to comply with its its customer request for information regarding his IP address, URL information, geo-location information, and outbound call information, but found that inbound information will not be released because of the concern of compromising the privacy of the callers.