Home | Databases | WorldLII | Search | Feedback Privacy Law and Policy Reporter

Greenleaf, Graham --- "Private sector privacy Act passed (at last)" [2000] PrivLawPRpr 56; (2000) 7(7) Privacy Law and Policy Reporter 125

Private sector privacy Act passed (at last)

Opposition tinkering rejected

Private sector privacy Act passed (at last)

Graham Greenleaf

The Privacy Amendment (Private Sector) Bill completed its passage through the Australian Federal Parliament on 7 December 2000, almost two years since the Liberal Government abandoned its opposition to privacy laws for the private sector. The passage was a political compromise, resulting from government acceptance of the substance of some of the amendments proposed by the Labor Party. The Act covers the 6 per cent of Australian businesses estimated by the Government not to be ‘small’ businesses, plus ‘small’ businesses that trade in personal information, and those that decide to voluntarily ‘opt in’. The Act is likely to be proclaimed before the end of this year, and come into force in a year’s time at the end of 2001.

Twelve Christmases after the Privacy Act 1988 covered part of the public sector, Australia has made a small step toward complying with its 1984 commitment to adhere to the OECD Privacy Guidelines ... but still fails to comply. Nor will the Act comprise ‘adequate’ privacy protection in relation to most Australian businesses for the purposes of the EU Privacy Directive.

The amendments that formed the basis of the compromise can be summarised as follows.

• ‘Existing information’ (essentially, that collected before the Act is in force) is now subject to access and correction rights (NPP 6) once the information is ‘used or disclosed’, unless this would cause the organisation an unreasonable administrative burden or expense. However, this won’t apply to exempt businesses, so most businesses will still be able to make decisions on the basis of possibly inaccurate personal information, and disclose it to others (although not for profit), without the person concerned having any rights of access and correction.
• A complainant may now appeal from a decision of a code adjudicator to the Privacy Commissioner, who can investigate the complaint, and whose determination will be substituted for that of the code adjudicator (s 18BI). On the other hand, the right of complainants to obtain judicial review of the actions of code adjudicators under the Administrative Decisions (Judicial Review) Act 1977 (Cth) was removed from the Bill. The Privacy Commissioner will be able to review any aspect of the code adjudicator’s decision, not only the narrower grounds of judicial review, and this is a significant improvement. However, it is an odd type of progress that sees a Privacy Commissioner with no legal qualifications being substituted as the only form of review of the legality of the actions of code adjudicators. A right of appeal to the Federal Court against decisions of the Commissioner is still needed if Australia is to develop a legally sound privacy law.
• The Commissioner now has powers to ‘review’ the operation of a code (s 18BH). These allow the Commissioner to inspect the records of a code adjudicator, and ‘interview’ the adjudicator, but do not allow the Commissioner to inspect the records of the businesses complained about to the adjudicator, or to ‘interview’ the businesses or the complainants. This could be summed up as the Commis-sioner having the powers to do a ‘pseudo-audit’ of the operation of a code, but not a real audit, since the Government has always opposed this.

Attorney-General Williams was accurate when he hastened to assure businesses that the amendments only mean that the Bill has been strengthened in ‘minor respects’.

There are other minor amendments:

• code adjudicators will be required to include in their annual report (which they don’t have to publish, but only provide on request) more details of ‘each complaint finally dealt with’ during that year — where complaints are not ‘finally dealt with’, there is no obligation to report anything; and
• there is now a note to clarify that the exemption to political organisations does not go so far as to allow them to trade in personal information.

Opposition tinkering rejected

Some of the amendments proposed in the Senate by Labor and the Democrats were rejected. Among those left on the cutting room floor were amendments to create:

• additional protection for DNA samples and genetic information;
• a narrowing of the employee records exemption, along the lines recom-mended by the House of Representatives committee (see 7(1) PLPR 6);
• exceptions to the ‘small’ business exception, to ‘de-exempt’ employee records, tenancy records, and any business that sold goods or services online;
• a general right to access and correct existing information (now limited to where it is used or disclosed);
• a criminal offence for serious privacy breaches of the NPPs, in cases of ‘grave or systemic’ interferences with privacy; and
• special protection for children by giving parents more control over the information collected by commercial website operators.

Labor did not even propose amendments to repeal some of the most objectionable aspects of the Bill, such as the ‘small’ business exemption. It was content to tinker at the edges of the flawed approach of ‘privacy-free zones’ (see 7(1) PLPR 1). As a result, the political process has failed to deliver Australian citizens, consumers and businesses privacy legislation of world standard.

Graham Greenleaf, General Editor.