Home | Databases | WorldLII | Search | Feedback Privacy Law and Policy Reporter

O'Conner, Kevin --- "Strategies for protecting privacy in the new information infrastructure" [1995] PrivLawPRpr 15; (1995) 2(2) Privacy Law & Policy Reporter 23

Strategies for protecting privacy in the new information infrastructure

Kevin O'Conner, Privacy Commissioner

The following is an extract of the Privacy Commissioner's address, Evolving Privacy Laws - Keeping in touch with the Federal Privacy Act, to the IIR Conference on Information Privacy in the Public Sector, 23 March 1995

It is encouraging to see in Australia, as well as internationally, the increasing attention given to the social policy dimensions of the new information infrastructure. By using the words 'new information infrastructure' I am referring to the web of modern communications systems capable of transmitting vast amounts of information, many of which have been made possible because of the convergence of telecommunications and computing technology. I believe we are starting to recognise that we have a choice in how, or whether, we are going to embrace new technologies. We do not, after all, have to be technology-driven, but we have the capability to shape our acceptance of the new technologies by those values which are important to us. While technology is always opening up new ways of communicating, the behavioural and ethical standards to which we adhere should, in my view, govern the technical standards, and not the other way around ...

We are now seeing sophisticated discussion occurring in major overseas markets on the policy implications of the new information infrastructure - especially across Europe and the US. The Broadband Services Expert Group (BSEG) in its report Networking Australia's Future examined many of the same issues in the Australian context. The text of the report contains some important statements which I support, for example:

An increasing number of non-telecommunications participants are involved in storing and using personal information generated on networks and it is no longer appropriate to concentrate on the telecommunications industry as a distinct sector for privacy matters ... The Privacy Act provides a framework for embodying the Information Privacy Principles, a comprehensive set of guidelines that have been endorsed internally. In the group's opinion this is the appropriate framework with which to manage future privacy concerns.

These broad statements of principle are, unfortunately, not reflected in the actual recommendation of the BSEG, that is, 'that privacy of users of advanced networks be protected by developing a self-regulatory scheme for network participants within the framework of the Privacy Act.'

In the Asia-Pacific region many of the tensions surrounding the Global Information Infrastructure (GII) discussions are evident. Many of the countries in this region (including Australia) emphasise the need to maintain cultural sovereignty in the way this new technology delivers information to their peoples. Many also express concern about the possibility of even greater separation occurring as between the 'information-rich' and the much vaster 'information-poor' population in their countries. They also express the need for advanced countries (for example, Australia, Japan) to assist developing countries to obtain the benefits of their technologies especially as they relate to trade. Interestingly a number of these countries do acknowledge the importance of privacy considerations. At a recent APEC/OECD meeting in Canada, Malaysia, Japan, Korea, Australia and Indonesia as well as Canada were among the countries who gave this issue high priority in the development of the so-called GII. At the end of May a major summit is to be held in Korea, where Korea will put forward the idea of an Asia-Pacific Regional Information Infrastructure. I hope that in that context a pressure to develop acceptable standards of privacy protection will be affirmed.

In Europe, as part of the trans-European information infrastructure initiative, a program of research and development in advanced communications technologies has prepared the ground for the introduction of integrated broadband communications by the year 2000. According to the Transnational Data and Communications Report, this program has identified five categories of likely use of broadband communication services. These are:

1. Citizen networks, covering health care, social services, transport etc.
2. Networks of expertise and science, covering high performance computing.
3. Industry networks, providing for the needs of manufacturing industry and its links with suppliers and customers.
4. Business networks, for equal access to services within Europe.
5. Media networks, covering developments of general purpose, dial-up video services and interactive multimedia services based on digital video.

It could be useful to employ a typology such as this in developing appropriate policy and regulatory frameworks within Australia.

I regard privacy as one of the most important consumer protections in new information infrastructures. As more of our communications between each other, and with government and businesses, take place by electronic means, the more we need to ensure the privacy of information transfers are protected so as not to undermine the integrity of our communications.

It is often the case that information handling techniques are dictated by the capability of the technology. Privacy is about exposing these processes to standards which seek to protect individuals' interests. In my view, we should not be deterred from this task simply because of changes in communications technology.

We need to be aware of the consequences of new modes of communications, so as to ensure adequate privacy safeguards accompany their application. A major problem here is the lack of understanding among the community at large of the way different types of technology operate. Individuals who use particular products and services may be quite unaware of the consequences in terms of personal information flows. Technical experts or those who make available new products and services should be obliged to explain fully the personal information management implications of new technologies. This should include detailed assessments of how particular applications generate, use and transmit personal information about individuals.

Importantly, measures should be taken to allow individuals to know the consequences of using particular products or services. They should be informed of what data about them is being generated, how it is used, and where and to whom personal information about them is being made available. Security procedures should be tailored to the level of sensitivity of the information and its purpose of use. These and other issues are critical to protecting individuals' privacy rights in the new communications environment.

My experience is that it is not sufficient to leave these matters in the hands of those whose interests might conflict with the privacy interests of individuals. Hence, there is a need to examine how the new technologies operate against internationally-accepted privacy standards to ensure individuals' privacy interests will not be compromised.

To sum up, I see the role of privacy in information infrastructures as an individual protection role. The benefits lie in a better informed community, more accountability in personal information management, and ultimately, better information systems.

Kevin O'Connor, Privacy Commissioner.