Consumer advocates are up in arms amidst allegations that telecommunications industry regulator the Australian Communications and Media Authority (ACMA) is too “cozy” with Optus and Telstra, and “colluded” with the giant firms to minimise recent compliance fines.
Documents obtained by the ABC under Freedom of Information (FoI) laws revealed that ACMA regulators negotiated with telcos over penalties for major breaches, such as a recent case in which Optus failed to meet emergency services obligations to 200,000 customers.
ACMA was originally considering a fine of up to $3 million for Optus’s breaches – in which it failed to report customer details to the IPND natural disaster notifications database for over two years – but halved this, to $1.5 million, after negotiations with the telco giant.
A week before announcing the penalty, ACMA emailed a draft copy of its media release to Optus for review – putatively to confirm its “factual accuracy” – in a pattern of behaviour that has left Carol Bennett, CEO of consumer telecommunications advocate ACCAN, fuming.
“The correspondence found between Optus and the ACMA raises serious questions about the close dealings of the two parties in jointly determining fines and penalties,” she said.
“No other sector accepts collusion on fines and penalties between a watchdog and the industry it oversees…. The public expects that their regulator for this industry is working in their interest – not as a lapdog for industry.”
The ABC also identified three other situations where ACMA sent draft media releases to providers – including two to Telstra, which was fined $1.5 million for anti-scam failures and $3 million after charging consumers over $21 million for inactive Internet services.
Calls for more than a slap on the wrist
ACMA has defended its record, arguing that its history of regulatory action showed “judicious use of various penalties and measures” that had levied over $19 million in penalties on telcos – although $12 million of this related to the 2023 Optus outage.
That outage has spurred a range of investigations and regulatory actions as telcos, now facing stricter reporting requirements to keep consumers informed, work to improve disaster resilience with technologies like emergency roaming and satellite-to-mobile links.
Incidents affecting Triple Zero emergency services attract big fines – $12 million for Optus and $3 million for a 90-minute Telstra outage – and there are sizeable penalties for repeat offenders like the CBA, which was fined $7.5 million and $3.55 million for spam breaches.
Yet these amounts are small change for multi-billion-dollar giants – and smaller offenders cop nominal ACMA penalties including $500,000 for Ticketek; $412,500 for Uber; $300,000 for Outdoor Supacentre; $200,000 for The Wine Group; and just $50,000 for BetDeluxe.
Some question whether ACMA’s fines are big enough to motivate companies to improve their behaviour – or whether the massive firms have just learned to suck up to regulators during the evaluation process and pay what amount to token fines.
“Fining an $8 billion company only $1.5 million for over 200,000 data breaches suggests telcos can treat compliance obligations as inconsequential or just the cost of doing business,” Bennett said, calling for a parliamentary inquiry to address the issues.
How big of a fine is enough?
ACMA argues that it has clear processes for protecting telco consumers and deciding the amount of its fines, with negotiated enforceable undertakings (EUs) considered the best way of securing a binding commitment to get carriers to change their practices.
Yet while summaries of agency enforcement actions and current priorities promise to combat spam and telco scams, to date it has only issued three penalties for scam rule breaches – $1.5 million for Telstra, $259,000 for Medion, and $106,560 for Telnyx.
Equally insignificant was the $394,380 penalty levied against Telstra in December after it failed to migrate more than 3,800 customers’ NBN services correctly.
For an agency that will cost the government $156 million to run this year – although its scope does extend far beyond telco compliance – those fines are barely a drop in the bucket.
That’s part of the reason that the federal government recently promised to overhaul ACMA’s penalty process, raise maximum fines to $10 million, and end rules that currently prevent ACMA from taking direct enforcement action without first issuing a direction to comply.
The new rules, Minister for Communications Michelle Rowland said, will free it to act “quickly and appropriately to address consumer harm arising from code breaches and hold telcos to account.”
They will also, she said, “better align telecommunications penalties with other sectors like energy and banking.”
The changes can’t come soon enough for Greens Senator Sarah Hanson-Young, who complained that the “useless” ACMA “has been too weak and too cosy with the big corporations it’s tasked with regulating for too long.”
“They are like wet lettuce,” Hanson-Young said, arguing that “the public need to know they have a corporate watchdog with teeth… [ACMA] needs a big broom through it.”