Privacy Law and Policy Reporter
Justice Michael Kirby
This is the closing part of a paper entitled Freedom of Information, the Seven Deadly Sins, delivered in London on 17 December 1997 to the Justice, the British Section of the International Commission of Jurists, by Australian High Court Justice Michael Kirby, who is also a member of the Privacy Law and Policy Reporter’s editorial panel.
I was asked to talk to you about privacy and about the impact of new technology on information rights, particularly, and human rights in general. My eyes were opened to these themes in the 1970s and early 1990s when I chaired committees of the OECD on privacy protection and information security. They are large issues. If I elaborated upon them, I would delay you here too long.
Obviously, privacy is closely related to FOI as the law in every jurisdiction where FOI has been adopted acknowledges. Privacy today has gone beyond invasions of the person and of the person’s physical space. Today privacy also concerns a measure of control over personal information about the individual, much of it now in computers or circulating by telecommunications.
The central tenet of most modern privacy laws is the right of access of the individual so that he or she can see the data upon which others make decisions affecting that person’s life. As a late entrant into the FOI field, Britain has a rare chance to rationalise its rules on FOI and information privacy.
In Australia, the Federal Government, after an early promise to extend privacy protection law into the private sector, has now abandoned the proposal to introduce general information privacy laws. Interestingly, and as a sign of the times, many private sector bodies have actually indicated their support for information privacy laws because the existence of such laws is now sometimes a pre-condition to the supply of personal data from other countries affecting private individuals.
Freedom of Information legislation ordinarily includes exemptions designed to protect the privacy of persons mentioned in the government’s data collections. Where disclosure would involve revelation of the ‘personal affairs’ of someone else, power must be given, either to exclude such disclosure, to permit it only after the agreement of the person concerned or following the approval of the independent decision maker who is appointed to decide conflicts of this kind. For example, breaches of individual privacy may sometimes be authorised where disclosure is necessary to prevent, or lessen, a serious and imminent threat to life or health; where it is required or authorised by law; where it is necessary for enforcement or investigation of the criminal law or under data protection legislation. The interaction between FOI legislation, on the one hand, and privacy or data protection laws on the other, should be a constructive one. This is because experience teaches that many FOI requests are actually made in furtherance of the demand of individuals to have access to official data concerning themselves. Furthermore, the central provision of most modern data protection/privacy laws is the right of access of the individual to most of his or her own data. In this way, FOI reinforces, and does not endanger, privacy protection.
A larger question is the way in which privacy more generally should be defended in societies such as ours, and especially in relation to the media. Despite its adaptability and creativity, the common law of England (which has been inherited and adapted in most parts of the Commonwealth) did not develop a coherent law of privacy protection. This was curious, given the high value which the English typically ascribe to their privacy. It is a common jest that the English concept of bliss is an empty railway carriage. Lord Chief Justice Bingham has said that the courts will develop privacy law, given time. Perhaps in this country they will be encouraged to do so by the Human Rights Bill when it becomes law. From far away I have observed that The Times, in a recent editorial, expressed concern that the Bill, now before Parliament, will give enforceable protection for privacy, including against the media.
It is natural that the media, which are not presently closely regulated by law in this regard, should wish to retain that high measure of legal immunity. Nobody likes to be subject to legal regulation, least of all the powerful and the opinionated. Fairly, the media points to the importance of freedom of communication and freedom of expression. These basic human rights are also reflected in the Human Rights Bill. Yet it is essential that proponents of human rights should make it clear that freedom of expression, freedom of information and freedom of the press are not absolute values. They compete with other basic human rights. One of these is the right to individual privacy. That right has taken a battering in recent times. But in the International Covenant on Civil and Political Rights it is declared that ‘no one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation’. There are similar provisions in the European Convention and in many other statements of fundamental rights. The law of this country, and all the laws that are derived from it, protect honour and reputation. Is it not time to provide an effective measure of legal protection for privacy? It was proposed in Australia, but not yet enacted.
The stimulus of the demand for such protection has come not so much from the fundamental principles of human rights or legal theorists. Rather, it is the product of the revulsion of civilised people at the spectacle of serious abuses of individual privacy which have become so common. The case of Diana, Princess of Wales, is simply the most visible and vivid example of the hounding of individuals in their private lives to an extent that is intolerable and for which there should be effective redress. All that usually tends to be available for such affronts is mealy mouthed words or caning with a feather.
Lord Denning once invoked the famous cry of Thomas Fuller 300 years ago. It lies at the heart of the dedication of this country to the rule of law. ‘Be you ever so high the law is above you’. That principle is addressed to government, to politicians, to judges and to civil servants. It stimulates the contemporary moves to FOI law. But it is also addressed to the media. It underpins the efforts, belatedly, to provide effective legal protection for individual privacy. Privacy is, after all, a fundamental human right, and yet in our societies it is largely unprotected by the law. A proper measure of enforceable protection should be provided.
The debates about human rights and information technology have now moved far beyond privacy and information security. They embrace the problem of cryptography and whether governments should have a right to enter every data system in the name of national security, counter terrorism, drug surveillance and so on. They include the many legal and ethical issues raised by the Internet and the explosion of information and of modern media.
Twenty years watching the policy themes of information technology has taught me that one of the chief challenges to human rights in the coming millennium will be the impact of technology on who we are, how we are governed and how we live. This challenge goes far beyond informatics. My service on the Ethics Committee of the Human Genome Project, and on the International Bioethics Committee of UNESCO teach me that, possibly, the most difficult quandaries for human rights in the future lie in genomic research. The genome, manipulated, has the potential even to change who human beings are. In this respect, it concerns the human rights of future generations and who humans and future generations will be.
Honourable Justice Michael Kirby, High Court of Australia.
 G Greenleaf, ‘Commonwealth abandons privacy — for now’ (1997) 4 PLPR 1. See also ALRC comment, ‘Privacy protection — swimming against the international tide’ (1997) 71 Reform 3.
 Speech in the House of Lords, reported. The Times, 9 October 1997, p 4.
 3 December 1997.
 Australian Law Reform Commission, Unfair Publication: Defamation and Privacy, AGPS, 1979.
 Thomas Fuller in Lord Denning MR, Goriet v Union of Postal Workers  1 QB 729 (at 762).
 J Hill, ‘Trusted third parties and the provision of encryption services’ (1997) 8(1) Computers and Law 30; S Orlowski, ‘Government initiatives in information technology security’ (1997 5 Info Management and Computer Security 111 (at 113). As to interception of telephones, see Halford v United Kingdom  TLR 355 (ECHR) and see Justice, Regulating bugging operations, Response to the draft Code of Practice on Intrusive Surveillance, October 1997; A Hamilton, e-mail: ‘Restrictions on employers’ snooping’ (1997) 8(4) Computers and Law 5; J Wilson ‘Data security and fundamental freedoms’ (1997) 8(3) Computers and Law 24.