AustLII Home | Databases | WorldLII | Search | Feedback

Privacy Law and Policy Reporter

Privacy Law and Policy Reporter (PLPR)
You are here:  AustLII >> Databases >> Privacy Law and Policy Reporter >> 1997 >> [1997] PrivLawPRpr 25

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

Greenleaf, Graham --- "Queensland: taking privacy seriously" [1997] PrivLawPRpr 25; (1997) 4(1) Privacy Law & Policy Reporter 16


Queensland: taking privacy seriously

Graham Greenleaf

A wide-ranging review of the need for reform of Queensland laws concerning privacy in both the public and private sectors has been commenced by the Legal, Constitutional and Administrative Review Committee (LCARC) of Queensland’s Legislative Assembly.

The Committee’s Issues Paper No. 2 Privacy In Queensland, released in May 1997 (available at http://www.parliament.qld.gov.au/committees/legalrev_issues_paper_2.html) requests submissions on 22 privacy issues (see the accompanying full list), with submissions due by 1 August. However, the Committee has decided ‘not to precisely define the scope of its inquiry until after submissions have been received’, and says it ‘may well decide to stagger its inquiry and consider and report in stages on the various issues raised by this paper and those identified by submissions’.

The Committee comprises the following Members of the Legislative Assembly (MLAs): Judy Gamin (Burleigh), Chairman; Darryl Briskey (Cleveland), Deputy Chairman; Frank Carroll (Mansfield); Ken McElligott (Thuringowa); Glen Milliner (Ferny Grove); and Fiona Simpson (Maroochydore).

The Committee’s Research Staff is Neil Laurie (Research Director), Kerryn Newton, (Principal Research Officer), David Thannhauser (Senior Research Officer) and Maree Lane, (Executive Assistant).

Section 4 of the Parliamentary Committees Act 1995 establishes the LCARC as a statutory committee of the Legislative Assembly, with broad areas of responsibility including administrative review reform, constitutional reform, electoral reform and legal reform (s 9). Within this scope it is for the committee to determine which issues it will consider. In December 1996 it resolved to conduct an inquiry into the protection of privacy in Queensland.

The Issues Paper contains a useful review of privacy laws throughout Australia and overseas. In discussing international developments it notes that ‘the predominant view is that Australia’s current privacy laws are ‘inadequate’ for the purposes of the European Directive’ and that ‘this has given rise to many commercial concerns’. It also notes, in relation to the OECD’s Cryptography Policy Guidelines released earlier this year that the OECD recommended that ‘governments should not use restrictive cryptography policies to impede the free flow of data across borders, and that ‘if adopted this could have ramifications for law enforcement agencies in their control of the level of encryption used on data transmitted through Australia’. The OECD recommendation that users of cryptography should be free, subject to applicable law, to select and implement a key management system that suits their needs, ‘if adopted ... may restrict government control of key management systems whereby it holds in escrow copies of keys used to scramble and unscramble data’.

Further, it was recommended that governments should encourage and co-operate with businesses and the research community in the development of cryptographic methods and that development of technical standards for cryptography should be ‘market driven’.

Options under discussion

The Committee reviews what it considers to be the four main options for privacy protection.

It says a statutory tort of privacy has been introduced in British Columbia and Manitoba although there are few reported decisions as to the use of those rights. It notes quite a few reasons not to introduce such a tort, and none in favour:

... difficulties in defining the concept of privacy which is inherently uncertain and imprecise; the possibility that the law could become a means of preventing legitimate publication by virtue of ‘gagging’ writs; costs of enforcement given that remedies would be sought in the courts; a tort could be seen as a reactive as opposed to proactive stance to privacy issues which could result in delays in the law meeting technology; a transfer of the formulation of privacy policy from the legislature to the courts; as principles would be decided largely on a case by case basis, a lack of clear and definite privacy standards; the absence of a dedicated and continual monitoring body for privacy issues such as a privacy commissioner would fulfil; and possible adverse impact on the freedom of speech, communication and the press.

On the establishment of a privacy committee or privacy commissioner, it notes that:

... the advantages of a privacy committee as opposed to a privacy commissioner would be that, to ensure a balanced approach, members could be drawn from both the public and private sectors. Members could also be selected for their expertise in information technology, an area in which an increasing number of privacy concerns are arising.

Queensland had a Privacy Committee from 1984-1990 when it ceased to exist under a sunset clause in the Privacy Committee Act 1984 (Qld). Although the Committee does not say this, no one ever noticed its existence or demise.

Information privacy principles (IPPs) such as in the Commonwealth Privacy Act 1988 have advantages, according to the Committee:

... their ability to be continually reviewed and, if necessary, updated to meet privacy issues as they emerge; their potential to be drafted broadly to extend beyond solely information privacy issues; and the possibility of adaptation to cover specific activities, industries or professions.

While IPPs could be implemented administratively (in which case they would only cover the public sector), ‘the disadvantage ... lies in the fact that they are unenforceable’. The Committee says that ‘administrative costs would also be a consideration including costs associated with implementing new systems and practices, and possibly the appointment of privacy officers in all agencies and/or organisations’.

Concerning self-regulation by industry codes, the Committee notes that:

Whilst the advantages of self-regulated industry or sector-specific codes include flexibility, opportunity for community consultation, government involvement and constant review, again the major disadvantage lies in their ability to be enforced.

State legislation and the private sector

After noting that implementation of the proposals in the Commonwealth’s Discussion Paper would have meant that ‘state privacy legislation covering the private sector would not be necessary’, but that the Prime Minister had reversed the Commonwealth’s approach, the Committee states that ‘it will now be a question for each state to determine the manner in which it will regulate privacy protection in the private sector’. The Prime Minister’s call to the States not to so legislate, and his claim that Queensland had acceded to his request, are not mentioned in the Issues Paper.

While noting that ‘a number of industries have themselves introduced privacy codes of practice’, the Committee concludes:

Consistency in requirements and standards between the states has been argued as highly desirable. This is because a state-by-state approach is not only potentially administratively cumbersome and expensive, but could be to the detriment of interstate trade and, given the 1995 European Directive, also to international transactions. Additionally, claims of discrimination and/or competitive disadvantage could be made by businesses if their home state introduced privacy legislation whilst their competitors’ home states did not.

Policies of the Queensland parties

The Committee summarises the current privacy policies of the Queensland parties as follows:

The Queensland coalition government in its 1995 election campaign outlined a privacy policy which entailed establishing an independent statutory privacy commissioner with the following functions: establishing and enforcing guidelines for the collection, use and storage of personal information (based on OECD guidelines) for state government agencies and departments; investigating complaints and exercising specific powers to enforce the guidelines; educating the community with respect to the importance of privacy protection and informing the public and private sectors of their responsibilities for privacy protection; examining law reform in the area of privacy protection, ensuring that any adverse impact of a bill or guideline on the privacy of individuals is minimised, and advising the minister with respect to privacy issues; and researching and publishing regular reports focusing on current issues affecting the privacy of individuals.

The former Goss government had apparently also directed in June 1995 that an interdepartmental working group be formed to give consideration to certain privacy matters. Whilst it is understood that that group forwarded its report to the then Attorney-General in December 1995, the change in state government occurred before that report was considered. Since that time there has not been any publicly released policy in relation to privacy by the Opposition.

Specific issues

While the Committee is investigating the whole range of privacy issues, it singles out the following as matters of special concern: visual and aural surveillance, both in public and private places (and ‘the limited protection’ of the Invasion of Privacy Act 1971 (Qld)); telemarketing and direct marketing; the workplace including surveillance, privacy of employment records and requirements for employees to undergo drug, medical and genetic testing; medical records and rights of access to them; and genetics including the use of genetic tests for purposes such as health care, medical research, insurance, determination of paternity and identity, employment and law enforcement.

Smart card focus

The Committee also devotes considerable attention to smart cards and the NSW Privacy Committee’s report Smart Cards: Big Brother’s Little Helpers (1995). It notes that:

Since the release of that report there have been a number of efforts by private industry sectors and groups to implement codes of practice with respect to the use of smart cards. However, there have been comments that these self-regulatory codes will not be effective without legislative backing such as that initially proposed for the private sector at the commonwealth level.

No doubt it will be a challenge to develop policies or legislation which can accommodate the entire spectrum of smart card applications. As noted by the NSW Privacy Committee, the ‘borderless’ nature of smart cards would also make it desirable that there is a measure of uniformity across the states.

Consideration must also be given to other electronic payment schemes. At least one such scheme concerning electronic funds transfer is currently regulated by a voluntary code of practice which was first implemented in 1989. It has been suggested that this should be extended to incorporate smart cards with similar applications. Suggestions have also been made that in order to regulate the use of other forms of electronic cash, a similar but suitably adapted code of practice may be appropriate.

Comment

If the serious nature of this Queensland enquiry is any indication, there is little chance that State legislators will simply vacate the field of privacy regulation in relation to the private sector, and leave it to voluntary codes of conduct.

Further, as indicated in the ‘Twenty two questions from Queensland’ attached, business and consumer organisations are starting to face the prospect that most say they dread: serious and complex privacy enquiries in various States and Territories which are potentially leading toward a plethora of regional or subject-specific privacy laws.

Graham Greenleaf, General Editor.

Submissions should be forwarded to The Research Director, Legal, Constitutional and Administrative Review Committee, Parliament House, Brisbane, Qld 4000; tel (07) 3406 7167; fax: (07) 3406 7691; email: lcarc@parliament.qld.gov.au The closing date for submissions is 1 August 1997. Submissions may be tabled by the committee in the Legislative Assembly or otherwise be publicly released. Therefore, all requests for confidentiality should be clearly marked. All submissions to the committee become the property of the committee and cannot be released without the committee’s authorisation.


AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.austlii.edu.au/au/journals/PrivLawPRpr/1997/25.html