Privacy Law and Policy Reporter
Australia's roadmap onto the information superhighway has been developed through the Bureau of Transport and Communication Economics' Communications Futures Project and, most recently, the final report of the Broadband Services Expert Group (BSEG). While BSEG's roadmap is a very useful first step towards Australia's entry onto the superhighway, its directions on privacy protection for the highway are both confusing and disappointing.
Like most other roadmaps onto the superhighway, the BSEG's report recognises the threats to privacy an information superhighway poses. BSEG's earlier interim report from July 1994, Networking Australia's Future, discusses the three major threats.
The consequences of this broadband environment include increased likelihood of unauthorised re-use of personal information and increased difficulty in making the transmission or storage of data secure from unauthorised access.
BSEG recommended, therefore, two principles for a broadband future.
Mechanisms to address those principles should embody the privacy principles set out in the Privacy Act. They must be transparent to consumers and industry, be capable of reflecting changing technologies, be uniform in coverage of all industry participants and not impose additional costs on the consumer to protect current levels of privacy. 
These are excellent principles but it was left to BSEG's final report to spell out how that privacy protection should be implemented. The narrative of the final report did suggest a possible framework, but BSEG's recommendations following that narrative did not.
The narrative in the final report suggests that the framework of the Privacy Act is the 'appropriate framework within which to manage future privacy concerns'. However, there is a need for 'flexibility' for network operators and providers of content and service providers to 'develop codes of practice' with some 'quality control' exercised by the Privacy Commissioner. Industry will deal with privacy complaints in the first instance, with the
Privacy Commissioner 'as a point of review'. BSEG's suggested model for change is NZ's new privacy legislation.
The advantage of this approach is BSEG's implicit recognition of the current fragmentation of privacy protection over communications and the need to develop a more comprehensive and co-ordinated approach which covers both the public and private sectors. This is particularly important in telecommunications where responsibility for privacy protection is divided between provisions of the Telecommunications Act, carrier licence conditions, the regulator AUSTEL's Privacy Advisory Committee and the Telecommunications Industry Ombudsman.
BSEG's suggested 'co-regulatory' approach will, however, require two things. Firstly, and most significantly, it will necessitate major changes to the Privacy Act. As the report observes in a footnote, the jurisdiction of the Act is now largely over the Commonwealth government sector and credit providers. To cover all the potential plays on a superhighway, the Act's jurisdiction would need to extend to the private sector as well as State and Territory agencies (or have similar uniform State and Territory legislation).
The other major omission from the current Act is any mechanism to approve (or disapprove) of industry developed codes, to handle complaints relating to the codes and to enforce compliance with those codes. Again, the NZ privacy legislation is the suggested model.
If NZ's privacy legislation is to serve as a model for Australia, there should be careful consideration about the adequacy of that regime. For example, while the NZ legislation provides wide cover for the protection of personal information, the structure does not provide for a complaints mechanism which handles the issue of privacy and intrusion. In the context of telecommunications that would leave the issues raised by telemarketing practices unsolved.
Having briefly sketched out how a privacy protection regime might look for a broadband environment, the BSEG final report recommends, 'that the privacy of users of advanced networks be protected by developing a self-regulatory scheme for network participants within the framework of the Privacy Act'.
Why 'advanced networks' rather than 'all networks'? Why a 'self-regulatory scheme' when the report's narrative suggested a much stronger co-regulatory regime between industry and a legislated privacy authority? And why only 'network participants' rather than network content users as well as providers? Given BSEG's discussion about the need for a more comprehensive privacy regime for the coming broadband environment, this recommendation does not make sense.
As the Privacy Commissioner has recently said, it is now time for a 'coherent national framework for privacy protection'. BSEG's final report is an inadequate response. On the other hand, the BSEG principles, set out in its interim report, provide an excellent starting point for communications policy on privacy. The suggested national, co-ordinated approach to privacy protection should be developed to ensure that BSEG's concerns about privacy protection in an information age are adequately addressed.
Holly Raiche is a Research Officer for the Communications Law Centre at the University of NSW and is a member of the AUSTEL Privacy Advisory Committee. The views expressed in this article are the author's and do not necessarily reflect the policies of the Communications Law Centre.
 The BTCE's Communications Futures Project has produced six papers (and attachments) in 1994 looking at the technologies and costs of delivery technologies and the demand for a range of services which might be delivered on those new technologies. The final paper in the project is scheduled for release in March.
 BSEG was established by the Commonwealth Government in December 1993, with the 'task of examining the technical, economic and commercial preconditions for widespread delivery of broadband services to homes and schools in Australia'. It was chaired by then ABA Chair Brian Johns, with 12 other members drawn largely from industry sectors and from academia.
 BSEG, Networking Australia's Future, p 74.
 Ibid, p 76.
 BSEG, Networking Australia's Future: The Final Report of the Broadband Services Expert Group, December 1994, p 66.
 Section 88 of the Telecommunications Act 1991 imposes the equivalent of privacy principles on carrier (Telecom/Optus/Vodafone) employees and on telecommunications service providers and their employees, but not on carriers themselves. Home privacy regulation is imposed on carriers through their licensing conditions.
 BSEG, final report, p 66 and s 7 of the Privacy Act (as amended) which extends operation of the Act to government agencies, tax file number recipients and credit reporting agencies or credit providers.
 Tim McBride, 'NZ's Privacy Act 1993, Part 1', (1994) 1 PLPR 4.
 BSEG, final report, p 67.
 Kevin O'Connor, Privacy Commissioner, 'Privacy and Security Concerns in a Liberalised Communications Environment', IIR Conference Telecommunications: Towards 1997 and Open Competition, September 1994, p 10.