News of the submission comes just two days after it was reported that the embattled telco, which is under fire after personal data of as many as 10 million current and former customers fell into the hands of hackers, opposed a government-mandated “right to be forgotten, which gives people the right to ask organisations to delete their personal data”.

In the submission, Optus argued against that it should be exempt from a definition of “large online platform” that was “intended to capture organisations who collect a high volume of personal information online”.

The submission, made in December 2021, was in response to an explanatory paper put out by the Attorney-General’s office on the Privacy Legislation Amendment (Enhancing Online Privacy and Other Measures).

The legislation aimed to, among other things, force service providers to verify users’ ages, obtain fully-informed consent for the use of personal information, and cease using or disclosing personal information on request.

The telco suggested that this was meant to include companies “such as Apple, Google and Amazon” as well as media sharing platforms like Spotify and online dating services such as Bumble.

“It would seem that every organisation that provides online or app-based ordering and tracking or account management services to a large number of customers would fall under the definition of large online provider,” the company argued.

“Such measures are essentially customer support mechanisms allowing consumers to manage their services, view bills/usage or spend tools, update their contact details, track orders and delivery, view past orders and manage communications preferences.”

The submission continued, arguing that “broadly crafted definitions that go beyond what is necessary to address the potential harm, are not appropriately targeted, and therefore could impose much broader costs than necessary to address the potential issue.”

“Optus considers that the definitions of ‘social media service’ and ‘large online platform’ should be amended to ensure that they are appropriately targeted.”

Victorian Senator Sarah Henderson slammed the company and called on the Albanese government to strengthen consumer protections.

“Why has the Albanese Labor government been asleep at the wheel in supporting the Coalition’s Online Privacy Bill?” she asked.

“This bill provides vital additional online privacy protections including requiring organisations to cease using or disclosing personal information upon request.

“It is extraordinary and most disappointing that in consultation on the bill, Optus argued it should be exempt from these reforms,” she said.

CLASS ACTION CONSIDERED

Law firm Slater & Gordon, meanwhile, announced that it was considering a class-action suit against Optus.

“This is potentially the most serious privacy breach in Australian history, both in terms of the number of affected people and the nature of the information disclosed,” Senior Associate Ben Zocco said.

“We consider that the consequences could be particularly serious for vulnerable members of society, such as domestic violence survivors, victims of stalking and other threatening behaviour, and people who are seeking or have previously sought asylum in Australia.”

“Given the type of information that has been reportedly disclosed, these people can’t simply heed Optus’ advice to be on the lookout for scam emails and text messages. Very real risks are created by the disclosure of their personally identifiable information, such as addresses and phone numbers.”

The hack was the subject of a fiery Question Time discussion in which Home Affairs Minister Clare O’Neil said that Optus should offer free credit monitoring for affected customers.

Shortly after, the company said it would offer 12 months free credit monitoring to its “most affected” customers via the credit reporting service Equifax.

More Coverage

Optus notifies ‘at risk’ customers as anger grows

DAVID SWAN

What Optus customers should do now

David Swan, David Ross