Privacy Law and Policy Reporter
Compiled by Graham Greenleaf and Nigel Waters
NSW Attorney-General Jeff Shaw finally introduced the long-promised Privacy and Personal Data Protection Bill 1998 into the NSW Legislative Council on 17 September. Despite previous promises of private sector coverage which would make NSW ‘the first state to meet the all-important [EU privacy] Directive, making NSW a magnet for new business ventures’ (see (1996) 3 PLPR 17), Mr Shaw’s Bill has no private sector coverage, and in relation to the public sector has only a weakened version of the Commonwealth Privacy Act 1998. There are also criminal penalties for corrupt dealings in personal information, and some innovative provisions concerning use of information in public registers. There will be a full analysis in the next issue of PLPR.
The Senate Legal and Constitutional References Committee held hearings in Brisbane, Sydney, Melbourne and Canberra in the week beginning 27 July as part of its inquiry into Privacy and the Private Sector. The Committee has received a wide range of submissions from regulators, consumer and privacy advocates, peak industry associations and individual businesses. The Committee was originally due to report by 12 August but in view of the volume of submissions it received sought an extension. It lost the race to table its report before a federal election was called, but will complete its work when the new Senate resumes.
The Victorian Attorney-General’s Department has issued a consultation paper on a proposed Surveillance Devices Bill, which is intended to update the existing Listening Devices Act 1969 to take account of new technologies and deal with practical problems in the operation of the Act. The paper, which includes the draft Bill, is available from the Department at firstname.lastname@example.org, fax 03 9651 0577.
In a recent report for the NZ Privacy Commissioner, Robert Stevens has raised serious concerns about developments towards centralised databases of health information. There are apparently uncoordinated initiatives in different parts of the complex institutional environment of health care in NZ. Several of these seem to be creating pressures for centralisation of records based on a greater use of the National Health Index number. Stevens suggests that these developments are proceeding without adequate public debate and certainly without the knowledge of most doctors and patients. Stevens’ report was described by Commissioner Bruce Slane as ‘disquieting’, and as ‘raising a number of serious concerns’. The report Medical Records Databases: Just What You Need? (April 1998) is available from the Commissioner’s offices at a cost of $5. (Email — email@example.com)
The British Government is moving to implement a Freedom of Information law, one of ‘New Labour’s’ 1997 election promises. Following a December 1997 White Paper, a draft Bill is expected in September 1998, with the aim of legislation commencing by 2000. A lot of thought has been given to the interaction of FOI and privacy laws. The EU data protection Directive provides for exceptions to privacy rights in relation to other rights and freedoms, which would include ‘open government’. The FOI law will contain a ‘public interest’ balancing test where FOI access rights and privacy protection may conflict. Data Protection Registrar Elizabeth France has expressed some concerns about the balance between openness and privacy protection in the White Paper and hopes that these concerns would be addressed in the draft Bill.
The UK Campaign for Freedom of Information, which has been pressing for FOI law for more than 30 years had welcomed the White Paper as unexpectedly progressive, but has recently expressed concerns that the proposals might be being weakened. There have been press reports about wide exemptions for law enforcement, and weakening of the application of FOI to outsourced and privatised functions. It sounds familiar. (Source: Nigel Waters from Privacy Laws & Business conference, Cambridge, July 1998.)
The EU Telecommunications Privacy Directive (see (1998) 4 PLPR 143) takes effect alongside the general Data Protection Directive in October 1998. Members states have to implement the telecoms directive (previously known as the ISDN Directive) in domestic law. In the UK, the Department of Trade and Industry (DTI) put out a consultation paper in April 1998 (at www.dti.gov.uk/cii/tpdp/condoc.htm). Regulations under the European Communities Act are being drafted to give effect to the Directive and a draft will be issued for comment at the end of July, prior to tabling in September.
The areas of national discretion on which views are still being sought are the need for a digit suppression option in itemised bills; methods for recording preferences for no telemarketing; and charges for silent lines. There is a difference of opinion as to whether the provisions of the Directive (and consequently of the regulations) concerning unsolicited calls should be applied to e-mails. The DTI view is that they don’t, although there is no dispute that direct marketing faxes can only be sent with prior consent (opt-in?). Another area of uncertainty is the effect of Article 5 of the Directive on participant monitoring and recording, although the licence conditions under the UK Telecommunications Act already require consent or warning. (Source: Nigel Waters from Privacy Laws & Business conference, Cambridge, July 1998.)