Victoria’s privacy watchdog has found the University of Melbourne breached privacy law by collecting staff and students’ location data during on-campus protests last year.
The investigation by the Office of the Victorian Information Commissioner (OVIC) found the university used Wi-Fi location data to monitor and trace people involved in demonstrations against Israel’s actions in Gaza.
Melbourne University has avoided a formal compliance notice by voluntarily making “improvements to its policies and practices”.
Protests
In May 2024, a group of students staged a sit-in protest against Israel’s war in Gaza inside Melbourne University’s Arts building. At the time, data cited by the UN showed Israeli forces had killed an estimated 36,000 Palestinians in Gaza.
On the fifth day of the sit-in, the Vice-Chancellor ordered demonstrators to leave the campus, warning that those who refused could be suspended or referred to police.
The uni later launched an investigation to identify students who defied the order, relying on Wi-Fi location data, ID photos, and CCTV.
Misconduct proceedings were launched against 20 students, alleging they had failed to comply with the order to leave, and/or used campus facilities “recklessly or unsafely”.
Ultimately, 19 students were found guilty of breaches and formally reprimanded.
The same surveillance practices were also used to identify up to 10 staff members who had participated in the protests, as well as looking at their emails.
Of the 10, three employees were found to have engaged in similar breaches, and received formal warnings.
Your contribution ensures The Daily Aus can continue doing the work you love.
I want to give $10 monthly to help TDA keep doing the news.
Your details:
Wi-Fi tracking
The OVIC investigation focused on the uni’s collection and use of Wi-Fi location data.
When students and staff use the campus Wi-Fi, the system records information about their location via the internet access point their devices connect to.
Legally, the uni is required to “take reasonable steps” to notify users why this data is being collected and how it will be used.
OVIC found Melbourne University didn’t take reasonable steps to notify students and staff Wi-Fi data could be used against them in misconduct proceedings.
The report said the uni Wi-Fi’s terms and conditions were not “clear, explicit, and unambiguous” in explaining that data could be used in contexts “unrelated to their use of the network.”
The uni argued its terms and conditions do notify users of this possibility. However, it conceded that a technical issue dating to a year before the protests may have prevented some users from receiving the notice.
University Response
Melbourne University has admitted it could have “provided clearer active notice” about its use of Wi-Fi location data.
However, Chief Operating Officer Katerina Kapobassis defended the practice, saying it was needed for campus safety.
“The use of Wi-Fi location data in student misconduct cases was reasonable and proportionate in the circumstances, given the overriding need to keep our community safe and conduct our core activities of teaching, learning and research,” Kapobassis said.
