Privacy Law and Policy Reporter
compiled by Graham Greenleaf and Nigel Waters
We will always acknowledge and encourage business leadership in commercial and technological advances in the networked economy, and to legislate only where necessary. Especially where all stakeholders are in agreement on the key points — for example, the Electronic Transactions Bill and legislation extending privacy protection to the private sector.
Source: Speech by Senator Richard Alston to Online Australia Western Australia Luncheon, Perth, 15 September 1999.
The following section on privacy was discovered in a recent (17 September) Australia-Korea joint statement on e-commerce:
Privacy: Ensuring the effective protection of privacy with regard to the processing of personal data on global information networks is necessary, as is the need to continue the free flow of information. The OECD Privacy Guidelines provide an appropriate basis for policy development. With regard to frameworks for personal data protection:
(a) Governments and businesses should consider consumers’ concerns about their personal data.
(b) Governments should support industry in implementing effective privacy protection. Legislation can be provided in harmony with such support where considered appropriate by the Government.
(c) Personal data should be collected and handled in a fair and reasonable manner consistent with generally accepted privacy principles.
Source: Government press release.
In Perth on 4 September 1999, Federal Attorney-General Daryl Williams spoke at the first of a series of consultative forums on the Government’s proposed private sector privacy legislation. In a press release, he said:
In December last year, the Minister for Communications, Information Technology and the Arts, Senator Richard Alston, and I announced that the Government would develop a national ‘light touch’ legislative scheme to support and strengthen self-regulatory privacy protection in the private sector.
I am pleased that there has been widespread support for the development of this legislation. The proposed legislation is being developed by my department in consultation with business, consumer and privacy interests as well as the Privacy Commissioner, the National Office for the Information Economy and State and Territory Government representatives. It is now time for broader consultation on the proposed legislation.
I am committed to ensuring that the legislation establishes sound privacy protection on a national basis without placing unnecessary burdens on business.
The legislation will support businesses that self-regulate to strengthen privacy protection and provide a default legislative framework. Self-regulatory privacy codes will be able to be approved by the Privacy Commissioner and have the same force as the legislation. Where there is no approved privacy code default legislative principles and a complaint handling regime will apply.
The proposed legislative scheme will be based on the Federal Privacy Commissioner’s National Principles for the Fair Handling of Personal Information.
Source: Attorney-General’s media release 4 September 1999.
The Telecommunications (Interception) Amendment Bill 1999 was passed by Federal Parliament on 21 October 1999. The amendments to the Telecommunications Interception Act 1979 (Cth) provides the basis for the Queensland Crime Commission and the Western Australian Anti-Corruption Commission to receive and use intercepted information originally obtained by other law enforcement agencies where the information relates to a matter the Commissions may investigate. The amendments also give the Commissions the potential, on the agreement of the Attorney-General, to become intercepting agencies in their own right.
The Bill also implemented one of the recommendations of the Telecommunications Interception Policy Review which was tabled on 25 August 1999 — the continuation of the provisions allowing interception warrants to be issued by nominated members of the Administrative Appeals Tribunal.
The Attorney-General stated, ‘This amendment will ensure that this critical function continues to be performed by persons with the necessary independence and experience. The Government believes that the nominated members of the Administrative Appeals Tribunal have demonstrated both the independence and experience necessary for this role.’
Source: Attorney-General’s media releases 3 September & 22 October 1999.
The Federal Magistrates Bill was passed by federal Parliament in October. [The Bill is relevant because it will take over jurisdiction from the Federal Court for hearing of matters under the existing Privacy Act and, in due course, the private sector extension — Editor.]
The Bill was part of the Federal Government’s response to delays in the Federal and Family Courts and the transfer of the Human Rights and Equal Opportunity Commission’s hearing powers to the Federal Court. The jurisdiction of the Magistrate’s Court would include Family Law Act, Trade Practices Act, Bankruptcy Act, Administrative Decisions (Judicial Review) Act and Workplace Relations Act matters. In addition, it will also have jurisdiction to hear appeals from the Administrative Decisions Tribunal and discrimination complaints under federal discrimination legislation.
PIAC’s preferred option for resolving the difficulties arising from Brandy’s case (that is, that determinations of HREOC were not legally enforceable since they were made by a Commission as opposed to a Court) was to transfer HREOC’s hearing functions to a Human Rights Division of the Federal Court. This division would have its own rules and procedures specifically designed for hearing discrimination cases. The Federal Government has, however, decided against implementing a Human Rights division, preferring instead to create a new Federal Magistrate’s Court to supplement the Federal Court.
PIAC has a number of concerns about the structure and procedure of the Court. Many of the attempts to encourage a quick and inexpensive system in the proposed Federal Magistrates Court — limiting the length of documents or submissions and allowing discovery only with the leave of the court — seem designed to limit the scope of the hearing rather than promote an informal and efficient procedure. The Bill also allows Magistrates to give reasons for their decisions orally.
The Court does not have any specialised divisions and the costs rules are the same as in the Federal Court; that is, ‘costs follow the event’.
PIAC believes that for the Magistrates Court to be at all effective it must have a Human Rights Division which has appropriate rules for the hearing of discrimination [and privacy? Editor] complaints. These rules would include a general no costs provision, except in limited circumstances.
The Government has formed a National Electronic Authentication Council (NEAC) to provide high level industry and community input to government decision-making on electronic authentication and e-commerce issues. NEAC’s 13 members represent industry providers and users of authentication products and services, consumer organisations, the small business and retail sectors, banking and finance, professional services, academia, the legal sector and relevant government agencies. The NEAC held its first meeting in October. [Note: Charles Britton represents the Australian Consumers, Association and is well tuned in to privacy issues — Editor.]
Sources: Government press releases.
The EU’s art 29 Working Party has issued a number of new papers, including an interesting assessment of the Swiss data protection laws which provides the first indication as to how the EU is setting about the task of assessing adequacy in third countries (Switzerland is not a member of the EU).
The papers are:
Source: John Tuckwell, EU delegation, Canberra.
The Dutch data protection authority has published another in its series of issues papers on technology and privacy. At Face Value — on Biometrical identification and privacy, September 1999, is available from the authority at <www.registratiekamer.nl>.
The NZ High Court has reduced a damages judgment against an Auckland lawyer, imposed after he covertly taped phone conversations with a client’s former partner.
In May the Complaints Review Tribunal ordered the lawyer to pay $7500 damages after it found he breached the Privacy Act and humiliated the woman whose calls he taped. The lawyer appealed the decision through the High Court.
In their appeal decision, released on 13 August, Justice Smellie, with Complaints Review Tribunal members Margaret Shields and Dennis Emery, reduced the damages order to $2750.
In July 1996 the lawyer taped two conversations with the woman, who was the former partner of a man he was representing on a charge of breaching a non-violence order.
At the initial hearing the woman, whose name is suppressed, said when the matter came to court the lawyer pointed her out in the public gallery, held up the tapes he had made, said he would call her to give evidence and implied the tapes would show she had acted improperly.
At the High Court review hearing, the lawyer’s representative argued that taping the conversations did not amount to collecting personal information under the Privacy Act. The lawyer had not solicited the phone calls and had a duty to collect evidence regarding a case he was defending, it was claimed.
The High Court appeal panel upheld the tribunal’s finding that the lawyer had breached the Privacy Act but said the $7500 judgment was too high because the breaches were at the lower end of the spectrum.
According to a recent article in the E-Commerce Times, a new report by Forrester Research Inc finds that 90 per cent of websites fail to comply with basic privacy principles. The report strongly contradicts the findings of the Federal Trade Commission, which recently told Congress that industry self-policing is working. ‘The vast majority of such policies, like those of the Gap, Macy’s and JC Penney, use vague terms and legalese that serve to protect companies and not individuals.’
Meanwhile, a Wall Street Journal/NBC News polls finds that the loss of personal privacy is the number one concern of Americans as the 21st century approaches. When asked what concerns them the most about the next century, 29 per cent of respondents answered ‘the loss of personal privacy’. Overpopulation and terrorist acts on US soil followed at 23 per cent, racial tensions at 17 per cent, world war at 16 per cent and global warming at 14 per cent.
The Wall Street Journal/NBC News poll was based on nationwide telephone interviews of 2,025 adults.
Source: EPIC News.
Engineers creating a new internet address system are proposing to include a unique serial number from each personal computer within every parcel of data.
That could vastly simplify the sometimes befuddling job of setting up computers so they can talk to each other on a network. But critics warn that, if adopted, the move could potentially strip away a measure of anonymity and security.
Source: Associated Press — see <http://www.msnbc.com/news/322369.asp>.
The US Federal Trade Commission (FTC) will step up its investigations into companies who violate their own privacy policies. The FTC move is intended to put teeth into privacy seal programs like TrustE and BBBOnline, allowing the US to calm European fears over self-regulation while stopping short of adopting European style privacy legislation.
Source: Silicon — see <http://www.silicon.com/a33248>.
All website owners are required to list their name, address and phone number for billing purposes. All that information is contained in a publicly available online database called ‘whois’.
And because of a mandate from the Department of Commerce, all the ‘whois’ information is completely stripped of any privacy protections.
Source: MSNBC <http://www.msnbc.com/news/322926.asp>. See also ‘The big privacy lie’ (ZDNN) at <http://www.zdnet.com/anchordesk/cgibin/print_story.cgi?story=story_3970 > and ‘These websites know your past’ (ZDNN) at <http://www.zdnet.com/filters/printerfriendly/0,6061,2352917-2,00.html>.
Computer users who refuse to divulge their passwords to the authorities face up to two years in jail under increased police powers to be unveiled in next month’s Queen’s speech. Other measures drawn up by the Government will make it easier for companies to monitor employees’ phone calls and emails. A third part of the crackdown will give the police new authority to tap mobile phone calls, pager messages and email.
The plans are already attracting criticism, with one Tory MP warning that the Government risked creating ‘a state surveillance system like something out of Orwell’s 1984 ’.
Government ministers will justify the measures as necessary to trap pornographers, drug traffickers and fraudsters who exploit new technology. Police officers who gain a search warrant from the courts can already look at computer files, but provisions in the forthcoming e-commerce Bill will allow them to demand passwords used to protect sensitive data. A suspect who withholds them faces a jail term of up to two years.
‘Paedophiles and drug barons tend to send material that can be unlocked only if you know a code often extending to many digits,’ said a senior government source last night. ‘The law has to catch up with this.’
The Bill will also legally oblige internet service providers (ISPs) to keep records showing to and from whom material has been sent and received. In spite of industry complaints about the cost, ministers want the ISPs to keep detailed records on all customers for days at a time.
Source: Sunday Times.