Home | Databases | WorldLII | Search | Feedback Privacy Law and Policy Reporter

Waters, Nigel --- "Privacy exemptions in FOI laws - an unnecessary barrier to accountability" [2002] PrivLawPRpr 24; (2002) 9(1) Privacy Law and Policy Reporter 17

Privacy exemptions in FOI laws — an unnecessary barrier to accountability

Nigel Waters

This paper was given at an International Symposium on Freedom of Information and Privacy, Auckland, 28 March 2002, organised by New Zealand Privacy Commissioner Bruce Slane, and is reproduced here by kind permission of the Commissioner — Associate Editor.

There is a continued problem of privacy exemptions in FOI law being misused and giving privacy a bad name. This makes a major contribution to the widespread jaundiced media view of privacy law, even though it is not actually privacy law that is to blame.

The privacy exemption in the Australian Freedom of Information Act 1982 (Cth) (FOI Act) originally operated on a concept of ‘personal affairs’ — agencies could withhold information if its ‘disclosure would involve a unreasonable disclosure of information relating to the personal affairs of any person ...’ (s 41(1)). Cases over the period 1982-1991 established that information about public servants’ work was not ‘personal affairs’ and could not be withheld, at least under this exemption (there are plenty of other excuses!).

But in 1991, in an understandable but misguided attempt to align the FOI Act with the recently passed Privacy Act 1988 (Cth), references to ‘personal affairs’ were replaced with ‘personal information’.[1] This was admirable in relation to access by individuals to information about themselves. Agencies could no longer deny an employee access to work related information — often precisely the information that was in dispute or relevant to another grievance.

But the (unintended?) effect on s 41(1) was to allow withholding if ‘disclosure would involve the unreasonable disclosure of personal information about any person’. While the reasonableness test fortunately remains, the starting point is much worse; information related to public servants’ performance of their duties (much of which is indisputably personal information under the definition imported from the Privacy Act) is at least prima facie exempt from disclosure to third parties. The result, not surprisingly, has been much greater recourse to the privacy exemption to withhold information about matters of public interest on the arguably spurious grounds that it would reveal the identity or work related activities of the public servants involved. The reasonableness test at least allows an applicant to argue against the grossest abuses of this exemption, but the onus is shifted to the applicant and the presumption of openness is removed.[2]

I have argued previously that the problem that has been created stems from a stubborn refusal to acknowledge the two separate purposes of privacy and FOI legislation and to adopt definitions that suit each purpose, instead of trying to achieve a neat equivalence of language.

The present position serves neither public interest well.

To the extent that tribunals and courts try to uphold the spirit of FOI laws by reading down the breadth of ‘personal information’ in cases about exemption, they run the risk of limiting the rights of individuals to access information about themselves. To the extent that, in individual access cases, they favour a broad definition, they set precedents that can be used by agencies to withhold information from third parties.

While the main public interest justifying FOI law is third party access to the workings of government, it is clear from the history that by far the dominant use of the legislation has been the arguably secondary or ‘incidental’ purpose of giving individuals access to information about themselves.

In my view, the solution lies in separating the two functions of FOI law. Access by individuals to information about themselves is an integral part of the package of privacy rights conferred by privacy or data protection laws. In Australia, because privacy laws have post-dated FOI laws, the access principle tends to defer to the established provisions and machinery of FOI law. Instead, the rules and mechanisms for ‘subject access’ should be transferred to the privacy laws, leaving FOI to focus on access by third parties. Grounds for withholding information on ‘personal privacy’ grounds will still be needed, but they can be drafted carefully to clearly avoid their use to withhold important ‘public interest’ material.

The 1995 joint Australian Law Reform Commission (ALRC) and Administrative Review Council (ARC) Report on their review of FOI entitled Open Government[3] acknowledged the issue, and recommended a clear statement of the two separate purposes of FOI law. But the report only proposed a partial, and in my view unsatisfactory, substantive change: to introduce a clear public interest test into s 41. Personal information could only be withheld if ‘its disclosure would not, on balance, be in the public interest’. The ALRC further suggested that the proposed FOI Commissioner consult with the Privacy Commissioner in developing Guidelines on s 41. The ALRC rejected the solution adopted in some other jurisdictions (such as British Columbia)[4] of detailed statutory criteria for the personal information exemption on the grounds that this is too inflexible.

The federal government has yet to respond formally to the ALRC report. The ALRC recommendation is unsatisfactory because it leaves the broad definition of personal information as prima facie exempt, with effectively an onus on the applicant to fight what would most likely become a routine decision that disclosure was not in the public interest.

A brief review of some old and new FOI laws in other jurisdictions suggests that the same confusion between FOI and privacy objectives has been incorporated into their personal privacy exemptions.[5] The presumption that personal information should be protected, combined with a broad definition of personal information, means that most FOI laws can be exploited by government agencies to withhold policy material on the grounds that it contains information about the public servants concerned. The accountability function of FOI laws is thereby fatally undermined, and in the process, privacy protection becomes synonymous with secrecy and evasion.

Even in the most recent Australian attempt — the draft Northern Territory Information Bill — the issue is not resolved. There is a confusing provision that appears to leave agencies with a public interest balancing test when considering disclosure of third party personal information, but no clear guidance on whether disclosure of information about public servants work is to be regarded as ‘unreasonable’.[6]

There is no substitute in my view for a clear statutory declaration that the identity and activities of public servants in the performance of their duties should not be protected by any privacy law or privacy exemption from disclosure to third parties under FOI law. The Western Australian law stands out as it contains an exemplary statement of this principle[7] — although whether it has proved more effective in practice is another question.

The same information should of course remain accessible to the individuals themselves, quickly and easily, under either privacy or FOI law,[8] and should remain subject to the other privacy principles such as collection, use, security, quality. For this reason, the narrow concept of personal affairs is not an appropriate basis for privacy laws, even though it was probably quite well suited as the basis for a privacy exemption from FOI law, at least in relation to public servants.

Separate treatment is called for to ensure that privacy exemptions from FOI laws do no more than their job of protecting genuine third parties while leaving public servants open to legitimate scrutiny. l

Nigel Waters is Principal of Pacific Privacy Consulting, Convenor, Australian Privacy Charter Council and Associate Editor, Privacy Law & Policy Reporter.

[1] Freedom of Information Amendment Act 1991 (Cth).

[2] In Victoria, this problem has been compounded by an ill-considered reaction to a case in which personal details about nurses were released to a convicted prisoner. In 1999, the then Government amended the FOI Act to provide an absolute exemption for all personal information (FOI Act (Vic) Pt 3A), which has the effect of preventing release of any information identifying individual public servants.

[3] See <www.alrc.gov.au>.

[4] Freedom of Information and Protection of Privacy Act 1992 (BC) s 22(3) and (4).

[5] For instance, the New Zealand Official Information Act 1982 and the new UK Freedom of Information Act 2001.

[6] See <www.nt.gov.au/ntg/information/index.shtml>.

[7] See FOI Act 1992 (WA) Sch 1 cl 3 and FOI Reg 9.

[8] See FOI Act 1982 (Cth) s 15A for an expedited mechanism for access to personnel records.