- The NSW Civil and Administrative Tribunal has found that Transport for NSW contravened an Information Protection Principle under the Privacy and Personal Information Protection Act 1998 (NSW) by its collection of travel data via the Opal Card system, preventing anonymous travel.
- The decision highlights the importance of considering the purposes for which public agencies and private organisations collect personal information and practising privacy by design and by default in the collection and use of personal information.
On 15 February 2018, the NSW Civil and Administrative Tribunal (Administrative and Equal Opportunity Division) (‘NCAT’) in Waters v Transport for NSW  NSWCATAD 40 found that Transport for NSW (‘TfNSW’) contravened Information Protection Principle (‘IPP’) 1 of the Privacy and Personal Information Protection Act 1998 (NSW) (‘PPIP Act’) in its collection of personal information relating to the travel movement history of concession entitlement holders under its Opal electronic ticketing system for public transport.
The case is currently on appeal. However, irrespective of the final outcome, it will likely have wide ranging implications for any entity, not only government agencies, that collect and use personal information as part of its functions and activities.