| in the |
Privacy Bill needs
much more work
|
Tuesday 15 February 2000
ROGER CLARKE
WHEN the Federal Government released the key provisions of its Privacy
Amendment (Private Sector) Bill late last year, it was hoped the new document
would address shortfalls in the draft legislation.
But this has not been the case, and the new Bill fails to satisfy the needs of
the public.
Not only does it contain large numbers of exemptions and exceptions, but it
legitimises many unreasonable uses of personal data.
Every right that the draft bill appears to create is qualified so heavily that
it actually reduces existing privacy protection.
The ACS has made a formal submission to the Federal Attorney-General Daryl
Williams calling for the bill to be either substantially revised or withdrawn
and rewritten.
The ACS has offered the services of expert members to assist in such an
exercise.
Our issues with the draft bill relate to its inflexibility, lack of
accountability for system operators handling personal data, numerous
inappropriate exemptions and the failure to reflect the submissions provided
during the limited public consultation.
Australia has had a clear obligation to its people to legislate privacy
protections in the private sector since it acceded to the OECD Guidelines on
the Protection of Privacy and Transborder Flows of Personal Data (OECD 1980) in
1984.
Successive governments failed to fulfil that responsibility, so this
Government's commitment to do so, during its election campaign in 1995-96 and
then again in late 1998, was very welcome.
The ACS position on privacy legislation takes the perspective that privacy is a
fundamental human right and is to be very highly valued when balanced against
other interests; that the OECD guidelines represent a necessary, but far from
sufficient, set of requirements; that the many elements of a privacy regulatory
framework previously negotiated successfully among the Privacy Commissioner,
representatives of industry and privacy advocates should be respected; and the
most effective and efficient approach to privacy protection is a co-regulatory
scheme involving principles, a privacy commissioner with appropriate power and
resources, and codes for specific industry sectors and activities.
The Coalition's promise prior to winning government in 1996 was for a
co-regulatory arrangement involving a mix of legislation and codes, and action
by corporations, industry associations and the Office of the Privacy
Commissioner.
The ACS believes this approach would deliver practicable solutions, addressing
the needs of the public without imposing onerous requirements on business.
The Government now uses the term light-touch legislation, which might appear to
have much the same connotations, but really signals a shift away from people's
needs.
The draft bill is anything but light-touch.
In its efforts to comply with requests from special interest groups, the
Government has added large numbers of qualifying clauses.
The inevitable result is a long and complex document that contains many
ambiguities, which will result in unnecessary misunderstandings, suspicions and
rancour.
One of our key concerns relates to the Government's relaxation of requirements
for operators of a system to justify the need for it, for its purposes and for
its features, to some organisation with the power to reject that
justification.
This need has already been recognised in Australian law, in the context of data
matching by government agencies.
But despite this past awareness, the draft bill contains no formal mechanism
whereby an organisation can be called to account, no matter how invasive of
privacy the system, its purposes, or its features might be.
Given the dramatic increases in the power and capabilities of information
technology, such a mechanism must now be considered an essential feature of
privacy protection legislation.
We also believe there are inadequate requirements for organisations preparing a
code to consult with affected parties, and to reflect those parties' needs in
the draft code.
This was a point of substantial agreement among almost all parties that
negotiated in the context of the Privacy Commissioner's National Principles for
the Fair Handling of Personal Information during 1997-98, but it does not
appear to be reflected in the draft bill.
A good example of this has been the abject failure of the Australian Direct
Marketing Association (ADMA) to involve the affected public, representatives
and advocates in the design of its unilateral and extremely unsatisfactory
code.
The bill also grants what we consider to be entirely unacceptable freedoms to
direct marketing companies that effectively allow existing privacy abuses
inherent both in direct mail and in the especially unpopular outbound
telemarketing practices, which interrupt people in their home environments.
It even authorises privacy-abusive practices in Internet marketing, which it
has been clearly shown will be to the direct cost of consumers.
In a similar way, law enforcement agencies and national security agencies are
granted remarkable freedoms in terms of their access to personal data.
Rather than legislation that dilutes privacy protection for consumers,
Australia needs a straightforward and consistent privacy environment that will
encourage the uptake of e-commerce by boosting consumer confidence and giving
business a manageable environment in which to work.
We strongly urge the Government to rethink its policy in relation to this
critically important bill and return to the negotiating table to develop more
socially responsible legislation.
The ACS submission is at:
http://www.acs.org.au/boards/cab/elsic/privacy-2000-01-agd.html
Dr Roger Clarke is a member of the ACS Community Affairs Board's Economic,
Legal and Social Implications Committee and drafted the ACS submission to the
Attorney-General. Call (02) 9299 3666, e-mail info@acs.org.au or visit
www.acs.org.au/acshome.html