Labor Senators’ Dissenting Report


Labor Senators’ Dissenting Report

Key Issues

1.1        Labor Senators of the Committee note serious concerns regarding the Migration Amendment (Strengthening Biometrics Integrity) Bill 2015 in its current form.

1.2        We argue that the bill lacks genuine independent oversight, and that the retention of and arbitrary collection of biometric information raises concerns from collection, and then subsequent use and retention.

Issues pertaining to retention of and access to data collected

1.3        Labor Senators would support a thorough review by the Privacy Commissioner, prior to passage of the bill, as to whether the current obligations to store biometric data securely are sufficient or whether increased security for the dataset is required, and support the recommendation of the majority report that a separate Privacy Impact Assessment (PIA) conducted by the department in relation to the specific measures contained in this bill be undertaken and made publically available.

1.4        We note evidence provided by Ms Ganopolsky regarding similar legislation passed in the United Kingdom:

... the common thread is the fact that under the UK model, albeit it is in its early phases since introduction, the focus on the technical questions around the controls for handling biometric data seem quite pertinent. Hence, further assessment of that model seems to be warranted, in particular the questions about how information is retained, what discretions are given for the review period and what assumptions are made. The focus of much debate, including some case law arising out of the UK, was around the presumption that information would be retained indefinitely. And that has caused some concern with the Council of Europe; and hence the legislative response that you see in the UK. The subject matter of biometric data and how the UK has dealt with the framework is worthy of consideration.[1]

1.5        It would appear from the evidence that the issue of indefinite biometric data retention has raised wide concern, and was as such addressed, particularly with regard to proportionality and the arbitrary nature of the retention.

Safeguards for the collection of data from minors & vulnerable groups

1.6        Labor Senators hold specific concerns around the lack of safeguards for minors and 'incapable' persons in the legislation, particularly that the consent or presence of a parent, guardian or independent person will not be required.

1.7        Submitters, including the Law Council, raised serious concerns on these matters, suggesting that:

...safeguards should be implemented in terms of guidelines to make sure that biometric information that is collected is done so in a respectful manner, and also that an independent guardian be appointed for unaccompanied minors.[2]

1.8        These concerns are echoed by the Labor Senators of the Committee. Balance must be ensured in the collection of data.

1.9        We also note that the aforementioned UK legislation inserted specific protections for vulnerable groups,[3] as such demonstrating that balance is possible when legislating for biometric data collection.

1.10      In the hearing, particular issues were raised with regard to how the collection and retention of data could specifically be harmful to a child:

Senator LINES: The example I was given was that there could be a custody matter between parents that involved a child, and that one of the ways you would identify that child is through biometrics. In the case of that child, when the child turns 18 and is no longer covered by the custody arrangement, are you suggesting that the biometrics for that child would then have this indefinite flag?

Ms Ganopolsky: With the current model—potentially, yes.[4]

1.11      Labor Senators also retain specific concerns that discretion will be decided by policy, and not proper parliamentary oversight:

Ms Ganopolsky: It goes back to the comments that were made about arbitrary and non-discriminate powers with no threshold. It needs to be seen in the context of comments already made about the collection and then subsequent use and retention that flows from it. So things start at the collection point, and the absence of those controls at the collection point are in essence potentially magnified as the information keeps moving along the chain of its use. The majority of times it would be a legitimate use, but taking it back to the legal framework, the lack of threshold tests and the lack of subsequent protections of concern—which has already been outlined in the submissions and, I think, aired here—

Mr Dunn: Absolutely. Mr Chair, we would presume that the department would implement some type of policy with respect to when that discretion would be used. I guess the concern that we would have in those restrictions not being in the legislation is that the policy could change at any time and the department's current good intentions may, at some time in the future, no longer be the case and they may have a very different intention or a different imperative. The concern is that legislatively it is unbounded and that is a particular concern because it can change at any time without the scrutiny or oversight of parliament in that regard.[5]

1.12      Particular concerns were raised in the hearing with regard to the indefinite period of retention of the data, where prima facie periods of retention with the ability for extension of retention times exist in similar legislation overseas.[6]

1.13      The changes in the bill also stand in opposition to the recently amended Privacy Act, where tests must exit when retaining data that it be reasonable, and only retained for a period for which it is useful. With evidence given by the Law Council, in particular as it relates to the usefulness of retaining data collected from children, it would appear that the useful life of the data is not indefinite, as prescribed by the legislation.

1.14      Whilst the majority report did note that the collection of personal identifiers from minors must be consistent with recognised rights of children, and noted that such issues would be addressed in the department's policies and guidelines, Labor Senators believe that only legislative measures will adequately provide the required safeguards.

Lack of regulatory powers of the Privacy Commissioner

1.15      Evidence presented by the Law Council of Australia highlighted the lack of regulatory powers of the Privacy Commissioner. Labor Senators support suggestions from Ms Ganopolsky of the Law Council, in that the matter has not yet been adequately tested, and therefore should warrant further investigation and consideration before legislation in this bill.[7]

1.16      Labor Senators would welcome amendments to the bill that provide for additional security measures reflecting the sensitivity of the data collected, and would support amendments that address a requirement to notify the individual and the Privacy Commissioner for data breach notification in the event of a breach.

Recommendation

1.17      Whilst Labor Senators note that the Committee majority recommends that a Privacy Impact Assessment (PIA) be undertaken and made publically available before passage of the bill, we believe that the concerns of the Committee are best addressed as amendments to the legislation.

1.18      As such, Labor Senators recommend that this Bill not be passed in its current form.

Senator Catryna Bilyk                                           Senator Sue Lines
Senator for Tasmania                                             Senator for Western Australia

Navigation: Previous Page | Contents | Next Page