Privacy Law and Policy Reporter
Australians value privacy. They expect that their rights to privacy are recognised and protected.
People have a right to privacy of their own body, private space, privacy of communications, information privacy (rights concerning information about a person), and freedom from surveillance.
'Privacy' is widely used to refer to a group of related rights which are accepted nationally and internationally. This Charter calls these rights 'privacy principles'.
Privacy principles comprise of both the rights that each person is entitled to expect and protect, and the obligations of organisations and others to respect those rights.
Personal information is information about an identified person, no matter how it is stored (for example, sound, image, data, fingerprints).
A free and democratic society requires respect for the autonomy of individuals, and limits the power of both State and private organisations to intrude on that autonomy.
Privacy is a key value which underpins human dignity and other key values such as freedom of association and freedom of speech.
Even those privacy protections and limitations on surveillance that do exist are being progressively undermined by technological and administrative changes. New forms of protection are therefore required.
Privacy is a basic human right and the reasonable expectation of every person. It should not be assumed that a desire for privacy means that a person has 'something to hide'. People who wish to protect their privacy should not be required to justify their desire to do so.
The maintenance of other social interests (public and private) justifies some interferences with privacy and exceptions to these principles. The onus is on those who wish to interfere with privacy to justify doing so. The Charter does not attempt to specify where this may occur.
The following privacy principles are a general statement of the privacy protection that Australians should expect to see observed by both the public and private sectors. They are intended to act as a benchmark against which the practices of business and government, and the adequacy of legislation and codes, may be measured. They inform Australians of the privacy rights that they are entitled to expect and should observe.
The Privacy Charter does not attempt to specify the appropriate means of ensuring implementation and observance of the privacy principles. It requires that their observance be supported by appropriate means and that appropriate redress be provided for breaches.
Technologies, administrative systems, commercial services or individual activities with potential to interfere with privacy should not be used unless the public interest in doing so outweighs any consequent dangers to privacy.
Exceptions to the principles should be clearly stated, made in accordance with law, proportional to the necessities giving rise to the exception and compatible with the requirements of a democratic society.2. Consent
Individual consent justifies exceptions to some privacy principles. However, 'consent' is meaningless if people are not given full information or have no option but to consent in order to obtain a benefit or a service. People have the right to withdraw their consent.
In exceptional situations the use or establishment of a technology or personal data system may be against the public interest even if it is with the consent of the individuals concerned.3. Accountability
An organisation is accountable for its compliance with these principles. An identifiable person should be responsible for ensuring that the organisation complies with each principle.4. Observance
Each principle should be supported by necessary and sufficient measures (legal, administrative or commercial) to ensure its full observance, and to provide adequate redress for any interferences with privacy resulting from its breach.5. Openness
There should be a policy of openness about the existence and operation of technologies, administrative systems, services or activities with potential to interfere with privacy.
Openness is needed to facilitate participation in accessing justifications for technologies, systems or services; to identify purposes of collection; to facilitate access and correction by the individual concerned; and to assist in ensuring the principles are observed.
6. Freedom from surveillance
People have a right to conduct their affairs free from surveillance or fear of surveillance. 'Surveillance' means the systematic observation or recording of one or more people's behaviour, communications, or personal information.7. Privacy of communications
People who wish to communicate privately, by whatever means, are entitled to respect for privacy, even when communicating in otherwise public places.8. Private space
People have a right to private space in which to conduct their personal affairs. This right applies not only in a person's home, but also, to varying degrees, in the workplace, the use of recreational facilities and public places.9. Physical privacy
Interferences with a person's privacy such as searches of a person, monitoring of a person's characteristics or behaviour through bodily samples, physical or psychological measurement, are repugnant and require a high degree of justification.10. Anonymous transactions
People should have the option of not identifying themselves when entering transactions.11. Collection limitation
The minimum amount of personal information should be collected, by lawful and fair means, and for a lawful and precise purpose specified at the time of collection. Collection should not be surreptitious. Collection should be from the person concerned, if practicable.
At the time of collection, personal information should be relevant to the purpose of collection, accurate, complete and up-to-date.12. Information quality
Personal information should be relevant to each purpose for which it is used or disclosed, and should be accurate, complete and up-to-date at that time.13. Access and correction
People should have a right to access personal information about themselves, and to obtain corrections to ensure its information quality.
Organisations should take reasonable measures to make people aware of the existence of personal information held about them, the purposes for which it is held, any legal authority under which it is held, and how it can be accessed and corrected.14. Security
Personal information should be protected by security safeguards commensurate with its sensitivity, and adequate to ensure compliance with these principles.15. Use and disclosure limitations
Personal information should only be used, or disclosed, for the purposes specified at the time of collection, except if used or disclosed for other purposes authorised by law or with the meaningful consent of the person concerned.16. Retention limitation
Personal information should be kept no longer than is necessary for its lawful uses, and should then be destroyed or made anonymous.17. Public registers
Where personal information is collected under legislation and public access is allowed, these principles still apply except to the extent required for the purpose for which public access is allowed.18. No disadvantage
People should not have to pay in order to exercise their rights of privacy described in this Charter (subject to any exceptions), nor be denied goods or services or offered them on a less preferential basis. The provision of reasonable facilities for the exercise of privacy rights should be a normal operating cost.