Privacy Law and Policy Reporter
The Northern Territory’s first Information Commissioner is Peter Shoyer, a former Assistant Information Commissioner in Queensland. Mr Shoyer, who took up the position on ,3 March, will be responsible for over-seeing the implementation of the Information Act which is due to commence by 1 July this year. The ,Act combines public sector privacy, freedom of information and archives legislation.
The Federal Privacy Commissioner has remade two Credit Reporting Determinations which were due to lapse in late February. The Determinations allow access to credit reference databases by a range of utilities and other organisations that would otherwise fall outside the definition of credit provider in the Privacy Act 1988 (Cth), and by organisations acquiring debts owed ,to another party (debt factoring ,or assignment). Despite several submissions alleging non-compliance with the Privacy Act requirements by some of the organisations benefiting from the earlier determinations, the Commissioner has not limited his continued approval of the access arrangements. He warns in his ‘reasons for determination’ that credit providers should address criticisms ,— particularly those regarding the adequacy of notice ,to borrowers.
Following the European Parliament’s capitulation last year on the issue of data retention, the Article 29 Working Party of EU Data Protection Commissioners have continued the fight. In an Opinion issued in January, the Working Party noted that the Electronic Communications Privacy Directive, 2002/58/EC as passed (to take effect in November 2003) does not require any harmonisation of the period for which telecommunications bills can lawfully be challenged — thereby laying the foundation for a retention period. The Directive does, however, repeat the provision in the current Telecommunications Privacy Directive 97/66/EC limiting retention to the bill challenge period, whatever that may be in the particular jurisdiction.
In this Opinion, the Working Party reiterates its view that data users will still have to justify their data retention and that a reasonable period for billing purposes should be in the three to six month range, with exceptions where bills are in dispute. The Opinion expressly rejects the ‘excuse’ of tax obligations to justify much longer retention periods, as these obligations should only require aggregate amounts — not the underlying traffic data.
Opinion No 1 2003, Working ,Paper 69. See <europa.eu.int/comm/internal_market/en/dataprot/wpdocs/wp69_en.pdf>.
Following receipt of submissions to its earlier discussion paper on the international proposal for an ENUM — linking telephone numbers and email addresses — the Australian Communications Authority (ACA) has released a further paper Issues for consideration and held an industry workshop in Sydney on 4 March.
The National Office for the Information Economy (NOIE) has released its interim report The Spam Problem and How it Can Be Countered. The report recognises spam as a significant and growing problem. It concludes that a multifaceted approach, involving international co-operation, is required to address the problem. Action by the internet industry, regulators and individuals is recommended, and while legislation is not seen as a ‘silver bullet’, the report recommends consideration of both strengthening existing laws and new spam legislation, after further consultation. The Federal Government will respond to the report in due course.
The Organisation for Economic Co-operation and Development (OECD) Working Party on Information Security and Privacy has issued Privacy Online: Policy and Practical Guidance. The paper is addressed to OECD member countries, business and other organisations, individual users and consumers, and confirms the OECD’s view that its 1980 Guidelines remain relevant to online transactions and electronic commerce. The guidance supports adoption of and online notification of privacy policies; alternative dispute resolution; market based enforcement mechanisms; user education; the use of privacy enhancing technologies, and contractual solutions to transborder data flow issues.
Annexes to the paper include summaries of the OECD’s previous influential work on privacy, and the paper overall provides a useful overview of the OECD’s history in ,this area.
The Article 29 Working Party of EU Data Protection Commissioners has also released a Working Document on the Processing of Personal Data by Means of Video Surveillance (WP67). The document acknowledges the variety of different legal situations in the Member States, and aims to provide an initial analysis regarding the application of the Data Protection Directive 95/46/EC to the use of video surveillance. Unusually, the Working Party has called for submissions from interested parties on this subject, prior to considering recommendations.
The Article 29 Working Party has ,also recently issued guidance on online authentication systems (WP68).
For both, see: <europa.eu.int/comm/internal_market/en/dataprot/wpdocs/index.htm>.