Privacy Law and Policy Reporter
Privacy Amendment Bill 2003 responds to European criticisms
The Federal Government has sought to amend the Privacy Act 1988 under legislation introduced to the Lower House early in December. The amendments, which respond to some of the criticisms made by the European Commission as well as domestic critics, are contained in four parts.
Part 1 amends the Privacy Act to ensure that NPP 9, which places conditions on the ability of an organisation to transfer personal information overseas, applies equally to the personal information of Australians and non-Australians alike. This is a reaction to suggestions that s 5B(1) of the Act may limit the operation of NPP 9 to the personal information of Australians only.
Part 2 seeks to remove the nationality and residency limitations on the power of the Privacy Commissioner to investigate complaints relating to the correction of personal information. The amendments extend an individual’s right to correct information held by a government or private sector organisation under the Act to non-Australians.
Part 3 seeks to remove existing limitations on the matters that may be covered in privacy codes. Presently privacy codes may only regulate those acts and practices not exempted by the Act (s 7B) and therefore cannot regulate individuals in a non-business capacity, organisations acting under Commonwealth or State or Territory contracts, employee records, or media organisations in the course of journalism. The amendments allow approved privacy codes to regulate these otherwise exempt acts and practices.
Part 4 of the amendments seeks to increase the power of the Privacy Commissioner to exempt a class of organisation, identifier or circumstance from the requirement to comply with the NPPs without undertaking consultations with each affected body. l
Spam Act passed
The Spam Bill 2003 has been passed un-amended despite attempts by the Opposition and Democrats to make changes in response to criticisms.
The Act appears tough, with penalties of up to $1 million per day for the sending of unsolicited emails or SMS messages, but many of those most likely to send such messages are exempt. Political parties, charities, religious organisations and businesses which have an established relationship with a consumer can all still send messages without express consent, and the definition of inferred consent also means that a lot of unexpected spam will still be legal.
The Government has accepted that the legislation will be ineffective against spam from outside Australia (the overwhelming majority), as the legislation is only enforceable against organisations with an ‘Australian link’.
The regulatory scheme assumes that codes of practice will be developed, probably by the Australian Direct Marketing Association and the Internet Industry Association, fleshing out the requirements of the Act. Complaints will then be handled initially by the Telecommunications Industry Ombudsman, with the Australian Communications Authority investigating serious and systemic breaches. l