Privacy Law and Policy Reporter
The Victorian Privacy Commissioner has reported to the Minister for Local Government on the use of building permit data. The Report follows consultation on an earlier issue paper, which in turn responded to public disquiet about unwelcome uses of building permit data, particularly for direct marketing.
The Commissioner recommends that the purpose of building permit registers be clearly defined as inspection to check that a permit has been issued, and to ascertain the location and type of proposed building work.
Two common uses of the registers — direct marketing and compilation of industry statistics — should be allowed to continue but only on conditions. Direct marketing should only be permitted to addresses where the applicant has ‘opted in’, and statistics should be in a de-identified form.
Names of applicants should no longer be included in the public register, and ,a facility should be provided for applicants to apply for suppression of address on grounds of personal safety.
Users would be required to provide ,a written assurance that they will not undertake or facilitate direct marketing to addresses where the applicant has not ‘opted in’. They should be reminded that they may be subject to privacy law.
If a Council becomes aware of a user persistently breaching the written assurance, they should restrict access to read only electronic access and physical inspection at the Council’s premises, and remove any bulk access privileges.
The Commissioner considered a role for binding schemes or contracts but has nor recommended them following criticism that they would both be unworkable and be contrary to legislative intent (in that they would represent a defacto extension of the Victorian Act into the private sector). The Commissioner considers that his proposals should lead to significant reductions in unwelcome marketing, but warns that if this does not transpire, heavier regulation may be required.
Source: Office of the Victorian Privacy Commissioner, Report 01-02, Public Registers and Privacy: Building Permit Data August 2002.
The Australian Law Reform Commission (ALRC) has issued a very comprehensive discussion paper as part of its joint Inquiry, with the Australian Health Ethics Committee (AHEC), into the protection of Human Genetic Information.
The paper gives an useful lay introduction to genetic testing, and an explanation of the current regulatory environment. Then follow sections on human genetic research and databases and on the use of genetic information in health services, insurance, employment and law enforcement.
The paper includes both further questions and draft proposals, on which comments are requested. Submissions are invited by 29 November.
Source: ALRC Discussion Paper 66 Protection of Human Genetic Information, August 2002.
Directive 2002/58/EC concerning ,the processing of personal data and ,the protection of privacy in the electronic communications sector (Directive on Privacy and Electronic Communications) was passed by the Council in July 2002. This replaces ,the old Telecommunications Privacy Directive 97/66/EC. The new name deliberately and significantly encom-passes all electronic communications. The Directive requires revised ,legislation in all EU Member ,States by 31 October 2003.
The European Commission has presented a proposal for a Directive aiming to facilitate the re-use of public sector information throughout Europe. The aim is to lower the barriers which Europe’s content companies face as ,they develop a new generation of information services and products ,based on public sector information.
The Summit’s aim is ‘to develop a common vision and understanding of the Information Society and to draw up a strategic plan of action for concerted development towards realising this vision’. It is to be held,in two phases: the first in Geneva, ,10-12 December 2003 hosted by the Swiss Government, and the second ,in Tunisia in 2005.
The HK Privacy Commissioner has issued for consultation a proposed amendment to the 1998 Credit Reporting Code of Conduct to allow some ‘positive reporting’ in response to rising default rates. The Commissioner has accepted arguments from the business community and other government agencies that the public interest in reducing the default rate outweighs individuals’ interest in keeping the extent of their credit commitments confidential between themselves and the lenders. Under the proposal, businesses will be able to share, through credit reference agencies, details of individuals’ current exposure, such as number of facilities, credit limits, outstanding amounts and monthly repayment record, other than for a residential mortgage loan. Other personal information such as personal income, deposits, other assets and non-credit related information will not be permitted to be shared through the credit reference agencies. The new system would be phased in over two years.
The Commissioner has requested submissions on the proposed changes ,by 25 October.
The proposed changes follow other amendments to the Code made earlier in 2002 (see (2001) 8(7) PLPR 147), at which time the possibility of allowing positive reporting was raised.
Source: Media release available at <www.pco.org.hk/english/infocentre/press_20020828.html>.
Privacy Commissioner Raymond Tang Yee-bong has suggested that the provision in Hong Kong’s privacy law designed to protect the personal data of Hong Kong people overseas cannot be enforced if the country’s business interests in Asia are to be safeguarded.
Section 33 of the 1995 Privacy Ordinance, which prohibits the transfer of personal data overseas unless certain criteria is met, has not commenced. There have been calls to commence opertation of this provision before allowing the positive credit reporting (see separate item), but the Commissioner has said such a provision would make it difficult to do business not only with the mainland but also with Japan, the United States and most other major trading partners in Asia, ,as few had the same data protection policies as Hong Kong.
‘The requirement for us to export data only to those jurisdictions which have adequate protection is necessary in principle but may be impractical at this time because it would effectively impact all of our transactions with our biggest trading partners,’ Mr Tang said.
The Commissioner’s office has provided guidelines, along with a model contract, for firms to use with sub-contractors to whom they were transferring clients’ personal data. ,He has pointed out that data collectors in Hong Kong are still accountable for use of that data on the mainland.
It is for the Hong Kong legislature to decide if and when to commence s 33, although they could be expected to take the Commissioner’s advice. However, ,it has been suggested that the Commissioner’s apparent concern for trade implications of the section, if it were in force, may go beyond his statutory functions (s 8) — there is no equivalent in the Hong Kong law to ,s 29 of the Australian Privacy Act ,1988, which requires the Australian Privacy Commissioner to have regard ,to other public interests.
Source: Mark Berthold and South China Morning Post.