Privacy Law and Policy Reporter
Austel's Privacy Advisory Committee (PAC) has produced a detailed report on privacy aspects of telemarketing, the second of the three reports it was requested to produce as a matter of priority (on the first, 'Silent Lines', see 2 PLPR 135).
The report will be reviewed in detail in a future issue of the Reporter, but is summarised here because of its importance. The full report is available on the Internet at http://www.austel.gov.au/info/reports/TMPrivRev/TMPrivRev_ToC.html
The PAC recommends that a mandatory code of practice should be developed under a co-regulatory scheme, and should require that organisations undertake telemarketing activities in accordance with the following principles (taken verbatim from the report):
1. Where an individual advises an organisation which undertakes telemarketing activities that he or she does not wish to be contacted by it then the organisation should not contact the individual for a defined time period ranging from six months to when the individual advises the organisation that he or she again wishes to be contacted by it.
2. An organisation should maintain an in-house do-not-contact list of individuals who have advised the organisation that they do not wish to be contacted by it.
3. Without an individual's consent an organisation should not use the telephone or ACE [automatic calling equipment] to contact the individual before 8 am or after 9 pm local time at the individual's location or on Christmas Day, Good Friday or Easter Sunday.
4. When an organisation contacts an individual the organisation should clearly identify itself, any other body that the organisation represents and the organisation's purpose for contacting the individual.
5. Without an individual's consent an organisation should not contact the individual more than once during any 30-day period for the same or a similar purpose.
6. When an organisation contacts an individual the organisation should at the request of the individual provide the following information:
(a) the organisation's telephone number and address;
(b) details of the source from which the organisation has obtained the individual's contact details;
(c) the name of any industry association or equivalent body to which the organisation belongs; and
(d) the name of any body responsible for dealing with any complaint the individual may have relating to the contact.
7. Where an organisation uses the telephone to contact an individual the organisation should release the line within five seconds of the individual hanging up the telephone or otherwise indicating that he or she requires the organisation to release his or her line.
8. Without an individual's consent an organisation should not contact the individual using ACE to convey an artificial or prerecorded voice.
The PAC recommends that these principles be implemented through a co-regulatory scheme, in preference to self-regulation by the industry or 'government regulation'.
The PAC notes that a mandatory code of practice developed under a co-regulatory scheme may be implemented at Commonwealth level under telecommunications legislation, privacy legislation or trade practices legislation, or at state and territory level under state and territory fair trading legislation. It recommends the latter.
In its introduction to the report, Austel agrees with the report's recommendations. It agrees with the PAC that implementation of a mandatory code under the existing Telecommunications Act is not appropriate as it would be a technology specific solution focussing on the telecommunications network. It recognises that the recommended approach may require complicated negotiations between the states and territories to ensure a uniform approach. It says that to implement a mandatory code under the Privacy Act 'would necessitate extension of the Privacy Act to the private sector which would raise the difficult issue of the Commonwealth's constitutional power to legislate with respect to privacy for the private sector'.
The report contains useful discussions of the technology, and the possible content of regulation. It is significant that the PAC has recommended a mandatory code and has rejected self-regulation as inadequate. However, the report is not very convincing when it deals with the regulatory alternatives, and nor is Austel's response.
In rejecting 'government regulation' the PAC confusingly bundles together implementation solely by legislation and by a mandatory code of practice through government regulations. Its reasons for rejecting 'government regulation' are that telemarketing organisations would not necessarily have the opportunity to be involved in its development, and because 'substantial legislative amendment' would be needed to accommodate 'changing needs'. While these may be sensible criticisms of regulation directly by legislation, they have no bearing on the development of a code of conduct by the Privacy Commissioner: telemarketing organisations have such an opportunity for participation in the development of Privacy Commissioner's credit reporting code of conduct, so why would a telemarketing code be different? The amendment of codes by the Commissioner is capable of great flexibility and rapid adjustment to changed industry practices.
The rejection of Commonwealth legislation by the PAC is equally unconvincing. It is difficult to see why the Commmonwealth would have a scintilla of difficulty in legislating to deal with telemarketing, given the existence of its constitutional power to regulate telecommunications generally, and the broad judicial interpretation of that power. In the privacy area, the telecommunications power has already been successfully used to extend the scope of the Privacy Act to the private sector in the area of credit reporting. The only substantive reason advanced by the PAC for preferring state fair trading legislation over Commonwealth privacy legislation is that 'it would lead to an anomaly if other private sector organisations were not subject to the provisions of the [Privacy] Act'. We already have such an 'anomaly' in the Privacy Act's coverage of credit reporting, easily justified by the national scope of credit reporting activities. Perhaps there are some policy reasons why fair trading laws are a better place to regulate telemarketing that privacy legislation, but (in the unlikely event that they exist) you won't find them in this report. At least Austel's comments recognise that what is proposed by the PAC, and even privacy regulation under the post-1977 telecommunications legislation, 'might be considered as a limited and interim solution' until general privacy laws are enacted. Austel also recognises that the PAC's favoured approach 'may require complicated negotiations between the states and territories to ensure the adoption of a uniform approach throughout Australia' - a pessimist might regard this as a formula to delay regulation for as long as possible.
This report is poor in its analysis of implementation options. It should not be given undue weight in the government's decision on how to implement telecommunications privacy.
Privacy advocates can only hope that the PAC's next report, on caller-ID, is a case of 'third time lucky'. On their track record so far, we can expect that 'opt in' won't even be canvassed as a serious option.