PRIVACY AMENDMENT (EXTERNAL DISPUTE RESOLUTION SCHEME) REGULATIONS 2019 (F2019L00599) EXPLANATORY STATEMENT

Commonwealth Numbered Regulations - Explanatory Statements

[Index] [Search] [Download] [Related Items] [Help]


PRIVACY AMENDMENT (EXTERNAL DISPUTE RESOLUTION SCHEME) REGULATIONS 2019 (F2019L00599)

EXPLANATORY STATEMENT

Select Legislative Instrument No.   , 2019

Issued by the authority of the Attorney-General

Privacy Act 1988

Privacy Amendment (External Dispute Resolution Scheme) Regulations 2019

 

The Privacy Act 1988 (Cth) (the Privacy Act) contains 13 Australian Privacy Principles (APPs), which regulate the collection, use, disclosure and storage of individuals' personal information. The APPs apply to government agencies and certain private sector organisations with an annual turnover of $3 million or more, as well as certain smaller organisations (APP entities).

Subsection 100(1) of the Privacy Act provides that the Governor-General may make regulations, not inconsistent with the Act, prescribing matters required or permitted to be prescribed, or necessary or convenient to be prescribed, for carrying out or giving effect to the Act.

Part IIIA of the Privacy Act sets out the regulatory scheme for credit reporting in Australia. Under subparagraph  21D(2)(a)(i), credit providers, including energy or water utilities companies, must be a member of an external dispute resolution (EDR) scheme recognised by the Australian Information Commissioner (the Commissioner) in order to participate in the  credit reporting system. The Commissioner's power to recognise EDR schemes to handle particular privacy-related complaints is set out at section 35A of the Privacy Act.

The policy intention of the credit reporting EDR requirement and the Commissioner EDR recognition process was to allow any EDR schemes already in place to be recognised for the purposes of the credit reporting provisions. In the Australian energy and water utility sector, states and territories either had existing EDR schemes that were recognised by the Commissioner for the purposes of the credit reporting provisions, or the energy and water utilities in a jurisdiction have joined other EDR schemes that had been recognised by the Commissioner.

EDR in relation to ACT energy and water utilities, however, is provided through the ACT Civil and Administrative Tribunal (the ACAT). The ACAT is not an organisation of which credit providers can become 'members'. As such, it is not possible for the Commissioner to recognise the ACAT as an EDR scheme under section 35A of the Privacy Act, since subparagraph  21D(2)(a)(i) requires that a credit provider be a 'member' of the EDR scheme.

Subparagraph 21D(2)(a)(i) of the Privacy Act provides, as an alternative to being a member of an EDR scheme, that a credit provider can be prescribed by regulations (the exemption). To clarify that ACT energy and water utilities can continue to participate in the credit reporting system, such regulations have been made. Regulation 14A of the Privacy Regulation 2013 (the Principal Regulation) provided utilities in the Australian Capital Territory and the Northern Territory with an exemption to the EDR membership requirement until 1 January 2018. Previous regulation 14B extended the exemption for ACT utilities to 1 January 2019, to allow time to progress necessary amendments to the Privacy Act such that there is no longer a requirement for providers to be a 'member' of an EDR scheme in order for the Commissioner to recognise such a scheme. It was unnecessary to include the Northern Territory in that extension as energy and water utilities in that jurisdiction had since joined a recognised EDR scheme.

 

Purpose and Operation of the Instrument

The purpose of the Privacy Amendment (External Dispute Resolution Scheme) Regulations 2019 (the new Regulations) is to amend the Principal Regulation to extend the prescription of energy or water utilities in the ACT, for the purposes of subparagraph 21D(2)(a)(i) of the Privacy Act, until 1 January 2020. This 12-month extension of the exemption for ACT utilities is required to allow additional time to progress the passage of a minor amendment to the membership requirement under subparagraph 21D(2)(a)(i) of the Privacy Act.

The new Regulations commence retrospectively from 2 January 2019. The exemption under previous regulation 14B has expired (that is, the prescription until 1 January 2019 no longer applies). Retrospective commencement will ensure the Regulations apply to any disclosures of credit information to a credit reporting body made by ACT energy and water utilities between 2 January 2019 and commencement of the new Regulations.

Details of the new Regulations are set out in Attachment A.

A Statement of Compatibility with Human Rights is set out in Attachment B prepared in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny Act) 2011.

Consistent with the requirements of section 17 of the Legislation Act 2003 (Legislation Act), the new Regulations have been the subject of consultation with the ACT Justice and Community Safety Directorate and the Office of the Australian Information Commissioner (OAIC). Both advised that they have no concerns regarding the retrospective operation of the new Regulations. Based on previous discussions with the OAIC in relation to previous regulation 14B (which expired on 1 January 2019), there is not anticipated to be any issues in relation to recognition of the ACAT as an EDR scheme. The Australian Government Solicitor was also consulted.

The Office of Best Practice Regulation (OBPR) was consulted and has stated that a Regulation Impact Statement is not required for the new Regulations (OBPR ID: 25066).

The new Regulations are a legislative instrument for the purposes of the Legislation Act.

The new Regulations commence the day after registration, except for Schedule 1 which commences retrospectively on 2 January 2019.

Schedule 1 engages section 12 of the Legislation Act. Subsection 12(1A) of the Legislation Act permits legislative instruments to commence retrospectively. Subsection 12(2), however, provides that a provision of a legislative instrument does not apply in relation to a person to the extent that the retrospective commencement causes the person's rights to be disadvantaged, or imposes liabilities on the person. The new Regulations would not affect an individual's right to make a privacy-related complaint regarding the disclosure of their credit information.


 

Attachment A

Privacy Amendment (External Dispute Resolution Scheme) Regulations 2019

 

Preliminary

Section 1 - Name

Section 1 provides that the title of the instrument is the Privacy Amendment (External Dispute Resolution Scheme) Regulations 2019.  

Section 2 - Commencement

Section 2 provides that the Regulations commence the day after the instrument is registered, except for Schedule 1, which commenced on 2 January 2019.

Subsection (1) provides that each provision of the instrument specified in column 1 of the table commences in accordance with column 2 of the table. Columns 1 and 2 provide that the Regulations commence the day after the instrument is registered, except for Schedule 1 which commences on 2 January 2019.

The note to subsection (1) clarifies that the table only relates to the provisions of this instrument as originally made, and that it will not be amended to deal with any later amendments to the instrument.

Subsection (2) provides that information in column 3 of the table is not part of the instrument. It is designed to assist readers, and may be updated or changed in any published version of the Regulations. Column 3 is empty at the time of making the instrument.

Section 3 - Authority

Section 3 provides that the Regulations are made under the Privacy Act 1988 (Privacy Act).

Section 4 - Schedules

Section 4 provides that each instrument that is specified in Schedule 1 to this instrument is amended or repealed as set out in the applicable items in the Schedule concerned, and any other item in that Schedule has effect according to its terms.


 

SCHEDULE 1 - Amendments

Item 1

Item 1 inserts section 14B in the Privacy Regulations 2013. Section 14B(1) states that entities that engage in the retail sale of electricity, gas, water, sewerage or draining services in the Australian Capital Territory are prescribed credit providers for the purposes of subparagraph 21D(2)(a)(i) of the Privacy Act for the calendar year beginning on 1 January 2019.

Section 14B(2) provides that section 14B is repealed at the end of 1 January 2020.


 

Attachment B

Statement of Compatibility with Human Rights

Prepared in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011

Privacy Regulation 2013

This Legislative Instrument is compatible with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of the Human Rights (Parliamentary Scrutiny) Act 2011.

Overview of the Legislative Instrument

The Privacy Amendment (External Dispute Resolution Scheme) Regulations 2019 (the Regulations) amend the Privacy Regulation 2013 to extend, until 1 January 2020, the exemption of energy and water utilities in the Australian Capital Territory from the requirement to be a 'member' of a recognised external dispute resolution (EDR) scheme in order to participate in the credit reporting system regulated by the Privacy Act 1988 (Privacy Act).

Human rights implications

This Legislative Instrument engages the right to the protection against arbitrary interference with privacy, protected in Article 17 of the International Covenant on Civil and Political Rights (ICCPR).  The right to privacy in Article 17 of the ICCPR prohibits unlawful or arbitrary interferences with a person's privacy, family, home and correspondence.  In order for an interference with a right not to be 'arbitrary', the interference must be for a reason consistent with the relevant Convention and reasonable in the particular circumstances.

The new Regulations relate to the use and disclosure of credit information, which is personal information. The Regulations ensure that consumers within the Australian Capital Territory are not disadvantaged simply due to the ACAT not being an EDR scheme with a strict 'membership' structure as contemplated by the Privacy Act. The prescription is limited to utilities operating in the Australian Capital Territory, where individuals are still able to make privacy complaints to an equivalent EDR scheme: the ACAT. The measures are time limited, reasonable, necessary and proportionate as they ensure that a discrete subset of personal data is used for the purpose of providing essential services to Australians.  These are legitimate objectives consistent with the Privacy Act.

Conclusion

This Legislative Instrument engages the right to privacy, by facilitating ACT utilities' participation in the credit reporting system involving the use and disclosure of personal information. To the extent that the Legislative Instrument may limit the right to privacy, those limitations are reasonable, necessary and proportionate to achieve the legitimate aims of the Legislative Instrument.


AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback