Privacy Law and Policy Reporter
compiled by Graham Greenleaf and Nigel Waters
As promised, the Federal Government has released further details of the proposed private sector privacy regime, which is to be given effect by a Privacy Amendment (Private Sector) Bill. The paper, which was released on 14 December, is at <http://law.gov.au/whatsnew.html>.
The paper includes a revised version of the National Privacy Principles for the Fair Handling of Personal Information, core definitions, and details of the proposed media, employee records and small business exemptions, and of the Bill’s application to personal health information.
Coinciding with the Government’s ‘further details’, the federal Privacy Commissioner has released his advice to the Attorney General on personal health information and privacy, available at <http://www.privacy.gov.au/news/health.html>. This advice is the culmination of the consultation undertaken by the Commissioner earlier this year and has been taken into account by the Government in their revised principles and special treatment of health information.
The National Health and Medical Research Council (NHMRC) has developed revised guidelines for approval by the Privacy Commissioner under s 95 of the Privacy Act 1988 (Cth). The consultation period on the revised draft guidelines have closed but the document can still be inspected at the NHMRC web site at <http://www.nhmrc.health.gov.au/ethics/contents.htm>.
An Information Privacy Bill has been introduced into the Queensland Parliament by the One Nation member Jack Paff MLA. The Bill is available at <http://www.legislation.qld.gov.au/Bills/Bills49.htm>.
The Bill appears to establish a very basic version of the principles, and is ostensibly designed to implement the 1998 recommendations of the Parliamentary Committee. However, the Bill contains no compliance mechanisms or institutions and it is not clear how it would be intended to work in practice.
The World Wide Web Consortium (W3C) has released the final working draft of the Platform for Privacy Preferences, or P3P, protocol, for comment. It is available at <http://www.w3.org/TR/1999/WD-P3P-19991102>.
Source: Techweb via Quicklinks <http://www.techweb.com/wire/story/TWB19991105S0018>.
For anyone who doesn’t know what P3P is, or what it’s really about, Irene Graham recommends Computer Professionals for Social Responsibility (CPSR), which recently issued a FAQ which presents a view different to the W3C propaganda. It can be found at <http://www.cpsr.org/program/privacy/p3p-faq.html>.
Microsoft’s free Hotmail service has started filtering all email coming from servers listed on the Mail Abuse Prevention System’s (MAPS) Realtime Blackhole List (RBL). The list is composed of email servers known to be used by senders of unsolicited commercial email — or ‘spammers’.
Source CNET News via Quicklinks, <http://www.qlinks.net/items/qlitem5395.htm>.
A workshop on ‘online profiling’ was held jointly by the FTC and the National Telecommunications and Information Administration (NTIA) of the Department of Commerce on 8 November 1999.
Privacy advocates from EPIC, Junkbusters, the Center for Media Education, the Privacy Times, and the Privacy Journal called for the Federal Trade Commission (FTC) to immediately halt the practice of online profiling, launch an investigation into the privacy and consumer implications of the practice, and provide recommendations for proper privacy legislation; see <http://www.epic.org/privacy/internet/profiling_press_release.html>.
At the workshop, 10 companies that account for roughly 85 per cent of the advertisements on the internet unveiled a self-regulatory initiative aimed at allaying consumer fears and forestalling legislative action. The proposal includes notice of what information is collected and how it is used, and an opt-out so that consumers can request to not have their information collected from them. See <http://www.networkadvertising.org/> for further information.
Source EPIC News and Bizcom via Quicklinks <http://www.bizreport.com/news/1999/11/991109-2.htm>.
In a public, plenary session on 10 November 1999, members of the international Internet Engineering Task Force (IETF) decided overwhelmingly not to develop technical standards that would facilitate wiretapping of internet communications.
The rejected proposal arose when some IETF members asserted that the 1994 Communications Assistance to Law Enforcement Act (CALEA) required such internet standards. With the emergence of internet telephony, some have argued that the law should now be read to cover the internet. That view, however, is countered by the legislative history of the 1994 law, which clearly stated that CALEA ‘does not require re-engineering of the internet, nor does it impose prospectively functional requirements on the internet’.
Source: EPIC News 6.19.
Leading internet service provider AOL has come under attack for demanding that users restate their preferences for receiving unsolicited email. CNet reports that under AOL’s terms of service, users must restate their desire to not receive commercial email once a year, a move that has angered online privacy advocates. AOL has long enjoyed (if that’s the term) a reputation as a spammer’s paradise; new users routinely report receiving spam mail within days of setting up accounts, even if they haven’t given the address to anybody.
Source: Angus Kidman, Newswire 24 November 1999.