Privacy Law and Policy Reporter
The national DNA database, maintained and operated by the CrimTrac agency on behalf of all Australian governments, has been with us for over a year now. This article charts the history of the accountability mechanisms that have been built in to the Commonwealth part of the system, although they have yet to be tested. There are also many privacy safeguards in the Commonwealth legislation — such as separation of databases, restrictions on access and procedural measures — which are not covered here, but which are equally important and which will need to be kept under review.
In December 2000, the Senate Legal and Constitutional Committee reported on its Inquiry into the Commonwealth Crimes Amendment (Forensic Procedures) Bill 2000. This Bill was the Federal Government’s implementation of the February 2000 draft Model Forensic Procedures Bill developed by an intergovernmental working party.
The Bill contained amendments to the Crimes Act 1914 (Cth) and to the Mutual Assistance in Criminal Matters Act 1987 (Cth) dealing with international obligations. The Crimes Act amendments included revised rules for the taking of forensic material (including DNA) from both convicted prisoners and volunteers, and provisions concerning the centralised national DNA database to be established as part of the CrimTrac initiative. The CrimTrac agency had already been established (on 1 July 2000) as a Commonwealth agency providing a ‘common police service’ under an intergovernmental agreement — see <www.crimtrac.gov.au/>. CrimTrac maintains the National Automated Fingerprint Identification Service (NAFIS) and a child sex offender register as well as the new DNA database.
The Committee commented on the struggle to ‘find a balance in the legislation between protecting the rights and privacy of individuals required to, or volunteering to, provide forensic samples while at the same time affording the police reasonable access to the powerful investigative tool of a national database’ (para 4.1) and noted the failure over a prolonged period of debate and consultation to reach a consensus. The Committee recommended that because of the claimed advantages to law enforcement the Bill should proceed despite the fact that none of the concerned parties were completely satisfied with the compromise position reached.
The Committee expressed concern about ‘the lack of uniform legislation governing the collection, use, storage and destruction of forensic material in participating jurisdictions and the consequent potential for undermining the safeguards proposed in this Bill’ (para 4.7), but also acknowledged ‘that the Commonwealth Parliament has a very limited capacity to influence State and Territory legislation’ (para 4.9). It recommended ‘that other jurisdictions be encouraged to adopt requirements as to the collection, use, storage and destruction of forensic material similar to those set out in the Crimes Act, as amended by the Bill’ (rec 3).
In response to other concerns, the Committee recommended ‘an expansion of the role of the Federal Privacy Commissioner to include: oversight of the processes governing the retention of material on the DNA database; provisions for its destruction; oversight of the functioning of the new DNA database within the laboratory; and the operation of the database under the Bill’ (rec 4).
The Bill was enacted in March 2000 (Royal Assent 6 April and commencement of most parts 20 June 2001), with support from the Labor Party but with the Democrats opposing the Bill in the Senate, having had some of their key amendments rejected. The Government did respond in debate to the Committee’s concerns by making certain commitments and consequential amendments.
Senator Ellison, Minister for Justice and Customs, stated:
In relation to the committee’s fourth recommendation, I have engaged in discussions with the federal Privacy Commissioner and the Commonwealth Ombudsman in developing a response. Some serious issues have been raised in relation to the oversight of the national DNA database system. In addition to extending the legislation to include the Privacy Commission and the statutory review of Commonwealth forensic procedures, I have written to State and Territory ministers with a view to getting agreement on co-operation between Commonwealth, State and Territory bodies to ensure there is effective oversight of not only the operation of a DNA system within each jurisdiction but also the overall operation of the national system. This is best achieved by including formal independent monitoring mechanisms in the CrimTrac agreement with the States and Territories so that the total scheme is properly audited and monitored. I am making these statements because I did undertake with the federal Privacy Commissioner that I would make these statements in reply in this debate. Of course, matters will no doubt be taken further during the committee stage.
I might also mention that I expect to discuss oversight arrangements at the next meeting of the Australian Police Ministers Council in June. While recognising that CrimTrac is conscious of accountability issues and is constructive in the development of appropriate procedures, adequate and independent monitoring of a national DNA database system is critical if we are to have an effective system that ensures that any problems are quickly identified and remedied. The best way to do this is to ensure that there is adequate independent monitoring in each jurisdiction, and across the jurisdictions, which can, in turn, properly investigate complaints and pool information and better practices to safeguard information and ensure that DNA material is collected and matched in accordance with procedures. This is extremely important and must be addressed.
The procedures in this legislation and the legislation of the States and Territories are to be put in place to prevent an undue impact on the lives of individuals who provide DNA for the system and to ensure that information obtained from it is used only for the purposes for which it is collected. It is therefore very important that we take steps to ensure that there is adequate independent oversight of compliance with agreed procedures. In view of the interjurisdictional nature of the scheme it is vital that we have arrangements that ensure that the oversight function is like the system itself: interconnected and properly coordinated. These arrangements must also ensure that complaints can be investigated easily without jurisdictional barriers becoming a problem. By encouraging compliance and avoiding problems later these measures will also play a role in improving the effectiveness and efficient use of the system by law enforcement agencies.
I consider these issues can be addressed within the 12 month period before the proposed review, but in order to ensure that there is adequate follow up on this issue it is proposed that the legislation be amended to provide for a further review within two years of that date if the review report indicates there are still deficiencies. This will cover the situation if there has been less progress than expected. So we have the review in 12 months and, if that reveals that there has not been the progress that was desired, then further review is possible within two years of that date. Let me make it clear: there is not just the one off review; there is a facility for further review if matters have not progressed satisfactorily. Similar arrangements would also appear to be useful in relation to other elements of the CrimTrac system. I will also be taking up the broader application of the proposed monetary and accountability mechanisms with state and territory ministers.
I now come to recommendation No 4. The legislative changes proposed in relation to this recommendation are: firstly, to include the Privacy Commissioner on the independent review team; secondly, to ensure the independent review considers the effectiveness of the independent oversight and accountability mechanisms for the DNA database system; thirdly, to defer the review until 12 months after the commencement of these new provisions — this will enable the review to assess the procedures in light of an operational DNA database; and to assess progress in developing the accountability mechanisms. With this deferral we will able to see how these provisions are operating in the meanwhile. There is a provision for a review due now but the government is of the view that this, perhaps, would not be worth while and wishes to defer it for 12 months and then have the review in the fashion mentioned.
The final response is to cause the minister to ensure a further review is undertaken if the initial written report tabled identifies any inadequacies with the matters considered in the initial review — that is the review within two years after that first review that I mentioned. Proposed government amendment No 27 deals with these matters. Proposed government amendment No 24 merely adds the Commonwealth Ombudsman and joins the Privacy Commissioner as a person to whom database information can be disclosed without that disclosure constituting an offence. This amendment recognises the own motion investigation powers of the Ombudsman and will improve independent oversight of the legislation.
Senate Hansard, 5 March 2001 p 22, 342 onwards.
This somewhat tortuous and confusing statement was implemented by the inclusion in the Crimes Act of a new section — s 23YV — providing for a so called ‘independent’ review of the operation of CrimTrac system 12 months after commencement of the amendment Act (that is, as soon as practicable after 20 June 2002) and the option of a further review within a further two years if the first review finds shortcomings.
The review team must include one nominee each of the Attorney General, the Commissioner of the Australian Federal Police, the Director of Public Prosecutions, the Ombudsman and the Privacy Commissioner, but can also include other persons who, in the Minister’s opinion, possess appropriate qualifications, which could result in the team being stacked further in favour of law enforcement interests.
The review is to cover the following matters (s 23YV(1)):
(a) the operation of this Part (Pt 1D dealing with forensic procedures); and
(b) the extent to which the forensic procedures permitted by this Part have contributed to the conviction of suspects; and
(ba) the effectiveness of independent oversight and accountability mechanisms for the DNA database system; and
(bb) any disparities between the legislative and regulatory regimes of the Commonwealth and participating jurisdictions for the collection and use of DNA evidence; and
(bc) any issues relating to privacy or civil liberties arising from forensic procedures permitted by this part; and
(c) any other matter in relation to this Part which, in the Minister’s view, should be considered.
Note that items (b) and (bc) resulted from a Democrat amendment.
The review promises to be a significant opportunity to test whether the privacy and civil liberty concerns expressed over the last few years are justified in the light of the operation of CrimTrac, and whether the safeguards and accountability measures are adequate. There is of course no guarantee that the review will lead to the further review provided for even if the Privacy Commissioner and/or Ombudsman have significant concerns, although one hopes that they would not be outvoted on such an important matter.
In the meantime, most States have passed their own legislation based on the model Bill, but in some cases, as the Senate Committee observed, with fewer safeguards. It is therefore particularly useful to have this issue specifically included in the review terms of reference.
Nigel Waters, Associate Editor.