Privacy Bill Needs Much More Work
| in |
Privacy Bill Needs Much More Work |
Tuesday 15 February 2000
Dr Roger Clarke
When the Federal Government released its key provisions for its draft Privacy Amendment (Private Sector) Bill late last year, it was hoped the new document would address the existing shortfalls in the draft legislation.
But this has not been the case and the new Bill fails to satisfy the needs of the public.
Not only does it contain large numbers of exemptions and exceptions, but it legitimises many unreasonable uses of personal data.
Every right that the draft Bill appears to create is qualified so heavily that it actually reduces existing privacy protections.
The ACS has made a formal submission to the Federal Attorney-General Daryl Williams calling for the Bill to be either substantially revised, or withdrawn and re-written. We have also offered the services of expert Members to assist in such an exercise.
Our issues with the draft Bill relate to its inflexibility, lack of accountability for system operators handling personal data, numerous inappropriate exemptions and the failure to reflect the submissions provided during the limited public consultation.
Australia has had a clear obligation to its people to legislate privacy protections in the private sector since it acceded to the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (OECD 1980) in 1984.
Successive governments failed to fulfil that responsibility, so this Government's commitment to do so, during its election campaign in 1995-96 and then again in late 1998, was very welcome.
The ACS position on privacy legislation takes the perspective that:
The Government's promise prior to gaining Government in 1996 was indeed for a 'co-regulatory' arrangement which would have involved a mix of legislation and codes, and action by corporations, industry associations and the Office of the Privacy Commissioner.
The ACS believes this approach would deliver practicable solutions, addressing the needs of the public, but without imposing unduly onerous requirements on business.
The Government now uses the term 'light-touch legislation', which might appear to have much the same connotations, but really signals a shift away from people's needs.
In reality, the draft Bill is anything but light-touch. In its efforts to comply with requests received from special interest groups, the Government has added large numbers of qualifying clauses.
The inevitable result is a long and complex document that contains many ambiguities which will result in unnecessary misunderstandings, suspicions and rancour.
One of our key concerns relates to the Government's relaxing of requirements for operators of a system to justify the need for it, for its purposes and for its features, to some organisation with the power to reject that justification.
This need has already been recognised in Australian law, in the context of data matching by government agencies.
However, despite this past awareness, the new draft Bill contains no formal mechanism whereby an organisation can be called to account, no matter how privacy-invasive the system, its purposes, or its features might be.
Given the dramatic increases in the power and capabilities of information technology, such a mechanism must now be considered an essential feature of privacy protection legislation.
We also believe there are inadequate requirements for organisations that are preparing a code to consult with affected parties, and to reflect those parties' needs in the draft code.
This was a point of substantial agreement among almost all parties that negotiated in the context of the Privacy Commissioner's 'National Principles for the Fair Handling of Personal Information' during 1997-98; but it does not appear to be reflected in the draft Bill.
A good example of this has been the abject failure of the Australian Direct Marketing Association (ADMA) to involve the affected public, representatives and advocates in the design of its unilateral and extremely unsatisfactory code.
The Bill also grants what we consider to be entirely unacceptable freedoms to direct marketing companies that effectively legitimate existing privacy abuses inherent both in direct mail and in the especially unpopular outbound telemarketing practices, which interrupt people in their home environments.
It even authorises privacy-abusive practices in Internet marketing, which it has been clearly shown will be to the direct cost of consumers.
In a similar way, law enforcement agencies and national security agencies are granted remarkable freedoms in terms of their access to personal data.
Rather than legislation which dilutes privacy protections for consumers, Australia needs a straight-forward and consistent privacy environment which will encourage the uptake of e-commerce by boosting consumer confidence and giving business a manageable environment in which to work.
We strongly urge the Government to rethink its policy in relation to this critically important Bill and return to the negotiating table to develop more socially responsible legislation.
The ACS submission is at: http://www.acs.org.au/boards/cab/elsic/privacy-2000-01-agd.html
Dr Roger Clarke FACS is a long-standing member of the ACS Community Affairs Board's Economic, Legal and Social Implications Committee and drafted the ACS submission to the Attorney General.
To contact the ACS, call on (02) 9299 3666, email: info@acs.org.au or visit the ACS Web site
![[Start of Document]](../images/arrow2.gif)
![[Australian Columns]](../images/ozstrp.gif)