AustLII Home | Databases | WorldLII | Search | Feedback

Privacy Law and Policy Reporter

Privacy Law and Policy Reporter (PLPR)
You are here:  AustLII >> Databases >> Privacy Law and Policy Reporter >> 1997 >> [1997] PrivLawPRpr 1

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

Greenleaf, Graham --- "Submissions favour national legislation" [1997] PrivLawPRpr 1; (1997) 3(9) Privacy Law & Policy Reporter 161

Submissions favour national legislation

Graham Greenleaf

Commonwealth Attorney-General, Daryl Williams, has received over 100 submissions on the Discussion Paper Privacy Protection in the Private Sector (September 1996), proposing the extension of the Privacy Act 1988 (Cth) to the Australian private sector (outlined by the Attorney-General in < 3 PLPR 81>). A full list of non-confidential submissions received is included in this issue.

This is the first of two special issues consisting of extracts from submissions on the Discussion Paper. The submissions, which often go beyond what is proposed in the Discussion Paper, represent the most extensive and considered debate to date concerning the future, limits and effectiveness of Australia's Privacy Act, and therefore deserve general publication. The submissions extracted in these two issues are intended to provide a cross-section of views from key industry organisations (direct marketing, finance and credit reporting, insurance), administrators (the Privacy Commissioner, NSW Privacy Committee), and privacy advocates. Other submissions will be extracted in later issues as debate on the future of the legislation proceeds.

Themes -- consistency, flexibility

One consistent theme in submissions from almost all quarters is that `uniform national legislation is essential ... the overriding legislation should be the Commonwealth's, with state legislation playing a complementary role' (to quote the Credit Reference Association's (CRAA) submission -- extracted in the this issue). Even the NSW Privacy Committee welcomes national legislation (see submission this issue).

There is also a high degree of support for what the Discussion Paper describes as a `co-regulatory approach', which here just means a capacity to modify the IPPs through industry-based or subject-specific Codes of Practice issued by the Privacy Commissioner and disallowable by Parliament. This approach, most successfully implemented in NZ's Privacy Act 1993, is seen as providing consultation, cooperation and flexibility (see CRAA's submission). Some private sector submissions are nervous about the amount of discretion this Code-making power gives to the Privacy Commissioner and want a lot of industry-specific content in the legislation (see extracts from the insurance industry submission in this issue).

Everyone wants changes to the IPPs

The Discussion Paper does not propose any changes to the 11 existing Information Privacy Principles (except for proposing exceptions for the private sector to access under IPP 6), although it does propose a new `destruction principle'. It says the current IPPs would be `the basis' of the standards for the private sector. However, many submissions do propose extensive changes and additions to the IPPs.

The Privacy Commissioner proposes extensive changes (see extract in this issue), including: requirements for more specific definition by organisations of the purposes for which they collect information; a requirement to inform people what happens if they do not disclose personal information; ending the ability of organisations to disclose information to anyone provided they simply give notice when collecting the information; and narrowing the law enforcement exemptions for disclosure. The Commissioner also proposes new IPPs concerning controls on `reference databases' (`bureaus' for exchange of insurance, rental or other information), data matching, public registers and unique identifiers. The former Privacy Commissioner's last significant public document is certainly one of his strongest!

The Communications Law Centre (see extracts this issue) and privacy advocates like the Australian Privacy Charter Council take a similar approach to proposing new IPPs, usually basing them on the Australian Privacy Charter.

Credit privacy in peril?

One of the areas of fiercest dispute will be the 1990 `credit reporting amendments' to the Privacy Act, now Pt IIIA of the Act. CRAA proposes the repeal of Pt IIIA (see submission this issue), and proposed its replacement by a credit reporting code of practice (to be discussed in a later issue of PLPR) which would abandon most of the specific restrictions on credit reporting in Pt IIIA, including the restriction on so-called `positive reporting'. Other finance industry submissions support the repeal of Pt IIIA, and there is a now a general finance sector campaign emerging to undo most of the restrictions on credit reporting won in the 1990 amendments, through the Wallis Inquiry (see < 3 PLPR 153>) and here. The Privacy Commissioner and privacy advocates see any such abandonment as an unmitigated disaster for privacy protection. Preservation of the substance of Pt IIIA is possible, while removing its over-prescriptive details through the code mechanism.

The devil's in the details

A first look at the range of submissions extracted here seems to show a degree of consensus which would have been impossible a few years ago: a general acceptance of national, enforceable privacy legislation based around IPPs modifiable by codes of practice. Its an improved `NZ model', but the NZ Act was to some extent the Australian Act applied intelligently to the private sector. Significant though this consensus is, it goes little further.

There is strong disagreement about aspects of the IPPs which impose substantive limits on the surveillance capacities of organisations, such as more specific purposes at time of collection, limitation on within-organisation uses, public registers, and limitations of collections and disclosures despite consent. As noted in < 3 PLPR 154> in relation to positive reporting, these issues will be among the main litmus tests of whether the government intends to protect privacy or provide a mechanism for legitimising extended surveillance by the private sector.

A somewhat opaque process

Other than by publication in PLPR, the submissions are not available publicly (for example, on a web site), and must be obtained directly from the submitting organisations. The Attorney-General's Department is not proposing at this stage to issue any further document summarising the submissions or discussing them. The next step in the process, it seems, will be the introduction of a Bill into Parliament. The law reform process is therefore less open than it could be, and is more susceptible to being `managed' by the Attorney-General's Department than might be the case if a more open debate was facilitated. However, the process is still open enough for the real debates to be brought out from behind closed doors, and the interests at stake are so important that the public interest requires those interested in privacy to widen the public debate.

Graham Greenleaf, General Editor.

AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback