|
|
[Home] [Help] [Databases] [WorldLII] [Feedback] | |
Privacy Law and Policy Reporter |
Compiled by Graham Greenleaf
The WA Commission on Government's first report in August 1995 contains extensive recommendations for enactment of privacy laws in WA (para 2.3.4.5):
Privacy legislation should be enacted to address specific privacy issues surrounding the storage, use and retrieval of personal data and data matching between government agencies. This legislative scheme should:
(a) be based upon Information Privacy Principles modelled upon those in the Privacy Act 1988 (Cth) which establish a minimum standard for the collection, use and distribution of personal information by government agencies and instrumentalities;
(b) apply to the public sector and private sector contractors performing government work;
(c) make provision for the endorsement of codes of conduct which would be legally binding and could be tailored to different agencies;
(d) establish a Privacy Committee responsible to the Attorney-General charged with advising upon wider aspects of privacy protection and having some complaints handling power; and
(e) expressly provide that it is subject to the operation of the Freedom of Information Act 1992.
The recommendations are put forward in the context of the need to protect privacy if secrecy provisions in legislation are repealed (which the report also recommends). In relation to its proposed Privacy Committee, the Commission says:
We see some merit in the legislation providing for the establishment of a Privacy Committee as envisaged by the Mann Committee Report (Parliament of WA, Committee to Examine the Question of Privacy and Data Banks, 1976). This Committee should be empowered to address a full range of privacy issues outside those of data protection. In addition to having a general advisory role, the Privacy Committee should also be able to investigate specific privacy complaints referred by the Attorney-General, monitor agency compliance with Information Privacy Principles, conduct research, issue guidelines, report to Parliament and recommend any proposed legislative changes. The Privacy Committee should have statutory backing and be representative of the general community.
While in other respects the proposals are for quite a strong combination of aspects of the Commonwealth Privacy Act and the NSW Privacy Committee Act, two glaring weakness stand out. The proposed limitation of the complaints handling function to complaints referred by the Attorney-General is contrary to both the Commonwealth and NSW Acts, and would effectively subject the Committee to political control as to whom it investigates. Bipartisan support would seem unlikely. Second, there is no mention of enforcement powers, which is at odds with the enforcement of the IPPs in the Commonwealth Act, and would largely remove their value.
As reported in 2 PLPR 120, the WA Government is having an options paper on privacy legislation prepared.
A new NSW Privacy Committee has been appointed, but with appointments running only for nine months until 29 August 1996. Perhaps this is the clearest indication yet of the expected gestation period of the NSW government's new Privacy Act. As the NSW Parliament is not expected to sit again until April, due to the federal election, this may turn out to be a rather brief time for a Bill to be debated and passed, and a new office to be established.
New members of the Privacy Committee are Judge PR Bell (NSW District Court), Dr Susan Gibb (Freehills), David Kirby QC, Gail Gregory (NSW Labor Council) and Graham Greenleaf (UNSW Law Faculty). Continuing members are Chris Puplick (Chairman), Bill Grant, Diana Temple, Michael Norsa, Mark Richardson, Andrew Smyrnis, Bob Vermeesch and Ian Macdonald MLC. The leader of the Opposition has yet to nominate a Committee member.
A useful summary of Australian privacy laws by Privacy Commissioner Kevin O'Connor, assisted by David Robinson, has been published as section 21, chapter 4 in Laws of Australia, Law Book Co, 1995. It covers the general law protection of privacy as well as the statutory regimes.
On 2627 February, IIR Conferences will hold 'Managing Information in the Public Sector', at the Ritz Carlton, Sydney. The first day is on ethics in information management, and on providing government information via the Internet. The morning of day two will be on privacy, and will include contributions from Roger Clarke, Kevin O'Connor, Graham Greenleaf, and Anne Caine (Gilbert & Tobin). Contact IIR on tel (02) 9954 5844 or fax (02) 9959 4684 or e-mail iir@ozemail.com.au
How Canadians view the possibility of prohibitions of personal data transfers from Europe because of the EU privacy Directive (see 2 PLPR 81) is of particular relevance to Australia because of our similar federal structure and lack of comprehensive privacy laws. Canadian privacy expert Colin Bennett, after reviewing the Directive, considers it 'impossible to predict' whether transfers to Canada will be blocked. He notes that North American data users may be able to convince their European counterparts that 'a combination of contracts and 'professional rules' (that is, codes of conduct) and security measures affords 'adequate' protection', but this will require a series of case-by-case battles which are likely to favour multinationals who can afford to fight for their interests. Meanwhile, Canada will have lower privacy standards than some former European dictatorships and some East European countries ('Canada under the gaze of the European Sphinx', Privacy Files, October 1995, Vol 1 No 1). Paul-Andre Comeau, chairman of Quebec's privacy Commissioners, when addressing the annual Data Protection Commissioner's Conference in Copenhagen in September, expressed considerable anxiety about the Canadian Standards Association's new Model Code for privacy (see 2 PLPR 134), caused by the possibility that EU authorities might regard it as 'adequate protection'. If this occurs, he considers it would be a 'formidable obstacle' to the development of privacy legislation in Canada.
The Canadian Direct Marketing Association (CDMA) has written to John Manley, Canadian Minister of Industry requesting the government to 'pass national privacy legislation governing the private sector'. CDMA hopes that the legislation will be based on the Canadian Standards Association's Model Code (see 2 PLPR 134), but considers that the failure of privacy self-regulation in Canada to date means 'there seems to be realistic possibility of comprehensive self-regulation' (from EPIC Alert 2.11, October 16 1995).
Germany's Deputy Federal Data Protection Commissioner, Dr Ulrich Dammann, argues that his office will focus on questions of information infrastructure more in future, and that 'there should be a principle that electronic services may be offered to the public only if the service includes ways of anonymous use and anonymous payment', and that this 'could be the core of the new data protection era'.
(Privacy Laws & Business Newsletter, September 1995).
This occasional item lists new privacy resources available on the Internet's world-wide-web. Links to these items are also available (free) from PLPR's Privacy Guides to the Net (http://arkady.austlii.edu.au/~ graham/PLPR_guide.html). Some new items are:
The Canadian Privacy Commissioner (http://infoweb.magi.com/~privcan/) - with a summary of privacy developments in all Canadian provinces, and links to the Canadian Act.
The NSW Privacy Committee's reports on Smart Cards and on Workplace Surveillance (http://www.austlii.edu.au/au/other/privacy/).
The Telemarketing Report by Austel's Privacy Advisory Committee (http://www.austel.gov.au/info/reports/TMPrivRev/TMPrivRev_ToC.html).
The NSW Law Reform Commission's report No 75 on Defamation (http://www.austlii.edu.au/au/other/nswlrc/rpt75).
The Center for Democracy and Technology (http://www.cdt.org/) in the US.