Privacy Law and Policy Reporter
Nigel Waters and Roger Clarke
The Fifth Annual New Zealand Privacy Forum was held in Wellington NZ in September 1998, hosted by the NZ Privacy Commissioner.
Respect for privacy is part of ‘the glue of mutual respect that helps hold a free society together’ according to Canadian Federal Privacy Commissioner Bruce Phillips. Phillips gave an impassioned reminder of the fundamental values underlying privacy laws. Drawing on his experience as a newspaper and TV reporter, Phillips’ keynote address painted a vivid picture of the growing threats to privacy where technological advances have both lowered the barriers to privacy intrusion and fed the push to greater efficiency. ‘As our economies turn leaner and meaner, our societies seem to be turning nastier’ he said, and ‘Never have the challenges and threats [to privacy] been couched in sweeter and more reasonable language’. He argued that with exaggerated fears about public safety, ‘in our pursuit of a risk free society, we are building ourselves electronic gulags’. ‘And when a society under these pressures is offered technologies which promise to ... catch the cheats and criminals, identify those leading unhealthy lives, manipulate consumers to enhance the bottom line ... the temptations are very hard to resist.’ But we risk making a Faustian bargain which could be terminal for a good deal more than privacy laws.
Turning to the current Canadian expe-rience, Phillips welcomed the commitment of his federal government to legislate for private sector, but stressed the need for continuing education in good privacy practices even after legislation is in place.
An interesting practical illustration is the recent inclusion on tax return forms of a prominent ‘opt-in’ to authorise the use of names and addresses to update the electoral roll. Much to the surprise of the Electoral Officer, 83 percent of taxpayers gave their positive consent, demonstrating that being open with the public about proposed uses, and giving them a say, does not necessarily obstruct desirable efficiency measures.
The Commissioner saw privacy advocates and regulators as forming a very frail front line in the battle against greater intrusion, and (in the presence of the NZ Minister for Justice) emphasised the need for regulators to be adequately resourced if they are to do more than provide an illusion of protection.
Health privacy was a major theme of the forum. Canadian Commissioner Bruce Phillips illustrated the continuing pressures on privacy with the proposed National Health Information Network in his country. A report from an Advisory Council, led by Health Canada, is expected soon, but any such Network gives rise to fears of ‘leakage’ of sensitive health information from medical professionals to health bureaucrats in the public and private sectors, and possibly back to the employers who often contribute the insurance premiums. There will inevitably be pressure to track, assess, and ultimately to influence people’s lifestyles, and the principle of informed consent being undermined if individuals have no real choice but to agree, under a range of pressures.
Phillips made three key suggestions for the health network initiative — first, that wider privacy issues need to be distinguished from security and confidentiality, secondly that privacy should not be ‘traded off’ against other public and private interests, and thirdly that meaningful safeguards are essential to build trust.
Similar pressures are evident in several NZ initiatives discussed at the Forum. The common thread is the increasingly interventionist management of health care justified by the desire to contain costs. The privacy of both patients and providers is threatened by new or enhanced flows of personal data for administrative as well as health care purposes. Many of the initiatives appear to be technocratic ‘visions’ which make sweeping and unsubstantiated assumptions about the potential benefits, and involve large scale top-down planning, with privacy as a casualty, or at best an afterthought, rather than a strategic factor to be built in to the design. The Health Funding Agency appears to have a vision of a centralised health dossier for each person, to be facilitated by a multi-purpose identifier — the National Health Index. Other examples include the proposed health care card being promoted by Health Plus, and the linkage of patient data from multiple sources, for instance by Capital Coast Health, both over time (longitudinally) and across functions and types of health care. The Privacy Commissioner has already publicly expressed alarm about the management of medical records databases in NZ, recently releasing a comprehensive report by Auckland consultant Bob Stevens (R Stevens (1998) Medical records Databases: Just What You Need? Privacy Commissioner of NZ, April 1998).
In contrast, some other health initiatives are focussed on specific needs and services, with a substantiated ‘payback’ and are being developed with awareness of consumer, privacy and provider interests. Examples include secure electronic transmission to GPs of path test results and hospital discharge summaries (HealthLink).
Another recurrent theme in the Forum was the ever increasing level of routine surveillance, whether it be of employees’ telephone calls, e-mails or work rate or video surveillance both in the workplace and in public spaces. Workplace privacy is a difficult area, with different views about the extent to which employees have a reasonable expectation of privacy when at work or using employers equipment. Employment law judgements around the world sends conflicting messages about this, but the consensus is that employers have a responsibility to make the parameters of surveillance clear to their workers.
There is continued debate about how well privacy laws deal with video surveillance. In public places, cameras record individuals only incidentally, and the intended viewers are rarely in a position to actually identify individuals. It is therefore arguable as to whether personal information is being collected, and if so, how the other privacy principles apply in practice. Video surveillance may be best dealt with in specific laws, as is already the case with like listening devices and telephone interception. Governments and legislatures in Australia are currently grappling with these issues, with a Surveillance Devices Bill before the Western Australian Parliament; a draft surveillance Bill in Victoria, and in NSW a Law Reform Commission Inquiry as well as a recent Workplace Video Surveillance Act 1998.
Another worrying initiative which the NZ Privacy Commissioner has publicly criticised is the current proposals for driver licensing. The Land Transport Bill in NZ contains provisions that would lead to a database of digitised photographs of drivers, intended not just for licence administration but also for use by the police as an investigative tool. All drivers would be issued with a photo-ID card which would be at risk of becoming a multi-purpose national identity card, particularly given a proposed requirement to carry the licence at all times, with an on-the-spot fine for failing to do so.
New Zealand is the scene of the most mature debate yet about the secondary use of so-called public registers, following on from the pioneering (if incomplete) inclusion of specific public register privacy principles in the Privacy Act 1993. Submissions to the Commissioner’s review of the Act clearly show that many local councils are concerned about the way in which direct marketers and others can obtain bulk lists of residents who have had to register with the councils for various purposes, such as obtaining building permits. Similar issues arise with national registers such as the electoral roll. Concerns, which are increasingly being raised by individuals with the register authorities, are compounded by the fact that individuals often have no choice but to provide their details, and yet have no control, or even knowledge, about uses by third parties which fall well outside any reasonable expectation.
On the other side of the argument are not only businesses claiming a public interest in the ability to market freely, but also the media who make a more complex case based on the value of being able to check details of people in the public eye, in the course of their role in holding institutions accountable.
New Zealand law creates a legal thicket around this issue, with a complex interaction of the Privacy Act, the Official Information Acts and specific legislation authorising particular registers. To date, the Ombudsmen have been interpreting the Official Information Acts on a presumption that public registers by definition allow any uses of the data contained in them, although the Privacy Commissioner has been pressing for a more sophisticated approach involving distinctions between case by case and bulk use, between data in different formats, and between different search parameters. There are already some interesting attempts to strike a balance on this issue. As well as the Privacy Act public register principles, which may need some adjustment, there are opt-out or opt-in provisions in the dog licensing legislation and in the new Licensed Radio Operators Bill. (See also R Clarke (1997) ‘Privacy and ‘Public Registers’ IIR Conference on Data Protection and Privacy, Boulevard Hotel, Sydney, 12-13 May 1997, at http://www.anu.edu.au/people/Roger.Clarke/DV/PublicRegisters.html).
Another area in which NZ has been leading the privacy debate is on possible approaches to privacy impact assessment. A lively session at the Forum looked at an example of an assessment conducted in relation to a proposed Health Intranet by Elisabeth Harding from lawyers Simpson Grierson. This had led to the early identification of significant privacy issues, and the acceptance of a range of recommendations aimed at reducing the privacy intrusions arising from the scheme’s operation. But while undoubtedly a useful exercise, questions are raised about the independence of such assessments commissioned and paid for by the scheme proponents and about the level of public consultation that should be involved. Also, what should be the difference, if any, between an assessment, which could simply flag impacts and issues for consideration by others, and a more traditional compliance review or consultancy study aimed at making recommendations. Timing is also an issue — should impact assessments be done before any decisions or commitments are made, or is it still valuable to have them as part of an implementation process?
NZ Privacy Commissioner Bruce Slane, and Assistant Commissioner Blair Stewart, also used the Forum to report on the progress of the statutory review of the NZ Privacy Act 1993, and to outline some of the main issues covered in submissions. The review report is expected to be presented to the Minister for Justice, and then made public, in October. (A special issue of PLPR will cover the review — General Editor)
Nigel Waters is Associate Editor of PLPR, and Roger Clarke is a member of the Editorial Board.