You are here:
Privacy Law and Policy Reporter >>
 PrivLawPRpr 14
| Name Search
| Recent Articles
Clarke, Roger --- "Dangers in exceptions, modifications"  PrivLawPRpr 14; (1997) 3(10) Privacy Law & Policy Reporter 191
Dangers in exceptions, modifications
The full text of Roger Clarke's comments, which were made on 17 September
1996 just after the discussion paper was released, can be
http://www.anu.edu.au/ people/Roger.Clarke/DV. The comments here emphasise his
concerns, but his approach is generally `highly favourable' (General Editor).
IPPs a bad place to start
manifold deficiencies of the Information Privacy Principles (IPPs) contained
within the Privacy Act 19881 ... are yet more problematical
when read in the context of the private sector. The areas of weakness include:
their shortfalls in
reference to the OECD's 1980s Guidelines (although one of
the many elements of the problem, failure to cater for retention and
of data, is to be addressed); their shortfalls in reference to more
modern documents such as the Australian Privacy Charter (1994)
and the EU
Directive (1995); their legalistic nature and lengthiness ... which conflict
with the need for a clear and simple set
of Principles that can be easily
explained to corporate executives and managers; the inclusion of elements that
are specific to the
public sector; the bureaucracy and costs inherent in IPP
5(3) regarding the establishment, maintenance and periodic reporting by
organisation of a record of personal data records.
addition to the delays foreseen as being appropriate for some Principles, I
believe that enforcement of the Access and the Storage
and Security Principles
may also need to be subject to some delay or some other form of mitigation;
otherwise there is a risk of
undue costs and difficulties for companies and
professionals to adapt their existing procedures, software, files and databases
comply with the requirements.
Advisers and software providers need time to learn their way into the new
scheme, and user-organisations need time to implement changes
procedures and to install new, compliant versions of software and
This matter needs to be juxtaposed against the mooted exemptions to access and
correction rights discussed ... below. The public
interest is much better
served by having a long lead-in period than by implementing a scheme that risks
being seen as unnecessarily
expensive, or which embodies unnecessary loopholes.
is mooted that a code would be able to modify the Principles, as distinct from
merely expressing the manner of their implementation
in a particular context.
This is a highly dangerous provision. The powerful lobbyists are organisations,
not individuals; and hence
such modifications will inevitably result in the
undermining of the Principles and hence of the whole privacy-protective
My strong preference is that no such mechanism be permitted. The means are
available to industry associations to lobby for legislation
to provide express
statutory authority for particular exceptions if they believe they are
justified. The Privacy Commissioner has
the power to submit to the Minister and
to publish reports which recommend such measures, if he or she sees fit.
If such a loophole were to be embodied in the legislation, then it would need
to be subject to very significant controls, much more
than the limited
requirements of consultation that apply to normal Code development activities.
long list of exemptions is mooted to the access and correction rights under
IPPs 6 and 7. These represent a most serious compromise
to the stated intention
of providing Australians with privacy protections, because public confidence in
the fairness of personal
data systems is entirely dependent on the preparedness
of institutions and professionals to be honest about the data they hold.
The following observations are made:
- Any form of exemption, whether of classes of data, system, organisation or
anything else, is a very blunt weapon, because it creates
a void within which
uncontrolled abuses can occur. In complex circumstances, the appropriate
approach is careful implementation of
the general principle such that other
interests are protected, as well as privacy.
- Many techniques exist whereby a suitably phrased Subject Access Principle can
be satisfied, without the individual gaining unqualified
access to the data.
For example: proxy or intermediary access, whereby the individual is not
themselves able to access the data,
but a person can do so who has the
confidence of each of the parties with an interest in the data; accompanied
access, whereby the
individual is not able to access the data alone, but is
able to access it in the company of a person who has the confidence of each
the parties with an interest in the data. Examples of such people include
appropriately qualified medical and para-medical professionals
nominated by the
data subject, professional conciliators, the Inspector-General of Intelligence
and Security in respect of national
security records, Ombudsmen, and in particular, the Privacy Commissioner.
- Most of the mooted exemptions are the kinds of detailed issues that should be
considered as part of the development process leading
to a Code -- they are not
general principles that should be enshrined in legislation.
- Several of the mooted exemptions smack of paternalism (`it's better that you
don't know'), in particular some of the likely interpretations
of `the safety
of any individual', `the physical or mental health of any individual', and `the
safe custody or the rehabilitation
- Mooted exemptions that are predicated on countervailing interests (for
example, `safety of any individual' and `resource costs')
would have to be
subject to substantial controls in order to preclude their abuse.
- Some of the mooted exemptions create incentives to organisations to arrange
their affairs in such a manner that they can subvert
the intent of the law, for
example, the mooted exemption for data `not held by the organisation' creates
an incentive to subcontract
data storage, and that relating to `resource costs'
makes it attractive to an organisation to avoid facilitating access.
Some of the most seriously privacy-invasive data can be described as
`evaluative or opinion material', and exemption of such a broad
class risks the
credibility of the entire package being undermined.
- Any exemptions that may be created require substantial controls. Those that
remain are the `information did not exist', `legal professional
`contempt of court' matters. Some carefully-phrased approach may be justified
in the cases of `trade secrets and other
commercial in confidence information'
(but why not `confidential information' generally?), and `the privacy interests
of other individuals'.
requirement that all requests be in writing is bureaucratic, expensive, and,
particularly in the case of simple matters, impractical
Mitigation of the responsibility to respond to requests could be provided
relating to `requests that the data subject
unreasonably declines to express in
The provisions relating to charges are not reasonable: like environmental
standards and occupational health and safety, subject access
is a cost of doing
business, and should be gratis to the data subject. Mitigation of the
responsibility could be provided relating
to `unreasonably frequent accesses by
a data subject', along the lines of the p 17 proposal. Generally, second and
per year would probably be `unreasonably frequent'; but not
where, for example, the data subject had grounds for suspecting errors
handling of subsequent transactions.
No provision appears to be made at present for failure by the data-holder to
make a decision whether or not to grant access, or whether
or not to agree to
correct data. Such failure should be interpreted as a denial, thereby enabling
the provisions relating to complaints
to be invoked.
Even if these gross exemptions were appropriate in their existing context, they
are entirely inappropriate in this one. Non-governmental
organisations have no
business making decisions of this nature, and Parliaments should not impose
such responsibilities on them.
Appropriate mechanisms such as judicially-issued
search warrants are available, or should be made available by the Parliament,
address such needs.
existing Personal Information Digest is a huge, unnecessary and wasteful
exercise. To extend it to more than 100,000 non-governmental
... would risk
discrediting the entire initiative. ... IPP 5 (3) provides little value in
return for high costs, and should be dispensed
The phrasing of the Public Access Principle (currently approximated by IPP 5
(1)) needs to be such that organisations have a clear
responsibility to provide
the kinds of data needed to enable a member of the public to understand the
nature of the organisation's
personal data holdings; but whether the
information is maintained on a permanent basis is a decision for the
R, (1996) `Privacy and Dataveillance, and Organisational Strategy', Proc
EDPAC'96, Perth, May 1996, at: http://www.anu.edu.au/people/Roger.Clarke/DV/PStrat.html.
1. Clarke R, (1989) `The Privacy Act 1988 as an Implementation of the OECD Data
Protection Guidelines', Working Paper, Department of Commerce,
Australian National University, 25 June 1989, Abstract at