Telstra only removed some URL info

Last week, Telstra halted passing on the URLs of websites visited by Next G customers to US-based Canadian internet filter company Netsweeper, following public concern about the potential privacy impact that this might have.

Telstra was providing the URLs to Netsweeper as part of a new cybersafety project called Smart Control, which would allow parents to prevent their children accessing certain websites on Next G phones. Telstra needed to build up an extensive database of the types of websites Next G customers were visiting.

Telstra said that no customer information was provided to Netsweeper, as the company stripped the GET variables out of collected URLs, before providing it to Netsweeper.

However, Telstra yesterday confirmed that personal information that was not included in the GET variables was passed onto Netsweeper.

"Where the URL string is separated in other ways, this information would not be stripped out from the URL provided to our suppliers," Telstra said.

"We believe that the way in which the process was implemented complies with Telstra's privacy obligations. Regardless, Telstra has informed the Office of the Australian Information Commissioner about this process and the information that has been provided to our supplier."

This means that URLs that did contain information outside the GET variable, such as "http://www.mysite.com/mypersonalinformation/", would have been picked up and passed onto Netsweeper.

The Office of the Australian Information Commissioner yesterday said that it was still waiting for an initial report from Telstra, before deciding whether to launch an investigation.