Australian Democrats' Additional Comments
1. Summary
1.1 I have advocated a comprehensive national legislated scheme where
the community is either covered by legislated privacy principles or the
private sector develop their own codes of practice with the co-operation
of the Privacy Commissioner.
1.2 The codes of practice would be intended to maintain comprehensive
and enforceable privacy protection with powers conferred on the Privacy
Commissioner which are similar to those presently set out in the Privacy
Act 1988 (Cth).
1.3 This is essential to keep pace with the developments in other countries
and the advances in information collection and exchange technology. We
are all likely to benefit from such a scheme, through continued access
to the world data flows and the confidence of consumers that their personal
information is adequately protected in their dealings with their information.
2. Road to a privacy inquiry
2.1 On 12 September 1996 the Attorney General released a Discussion Paper
which set out a scheme based on the existing Information Privacy Principles
in the Privacy Act 1988 and added to this Codes of Practice and a range
of additional provisions which addressed the particular concerns of the
private sector. Then on 21 March 1997 the Prime Minister announced the
Privacy Act 1988 would not be extended to the private sector. The
Prime Minister ended Australia's chance at an international best practice
privacy scheme which had cross party support in the Parliament.
2.2 The reasons for this decision, and another broken election promise,
are still unclear.
2.3 In response to the Government's 'backflip' on privacy laws on 21
March 1997, I tabled an exposure draft Privacy Amendment Bill 1997
on 25 August 1997, with a view to seeking the support of the Senate to
refer the matter to a Committee for further investigation and comment.
2.4 On 28 August 1997 I moved a motion referring the exposure draft Privacy
Amendment Bill 1997 together with other terms of reference to the
Legal and Constitutional Committee. These other terms included an examination
of the need for Commonwealth legislation to be extended to the Australian
community having regard to relevant international standards and obligations,
international comparisons, current legislative and other frameworks for
privacy regulation in the Commonwealth, States and Territories, the role,
responsibilities and practices of Commonwealth, State and Territory governments,
the needs and responsibilities of the private sector and the rights of
consumers. This motion was rejected by the Senate on 23 September 1997,
41 votes to 10. The Coalition and Labor Party combined to vote against
this motion, while the Democrats, Greens and Senator Harradine voted in
favour. If the Labor Party had voted the other way the motion would have
passed and the Legal and Constitutional Committee would be gearing up
to investigate privacy laws in Australia now.
2.5 The reasons for the Labor Party 'backflip' following their keen support
in earlier debates is uncertain. Since then, Labor's Senator Nick Bolkus
has stated: "The proposal by the Australian Democrats to establish
a Senate inquiry is misguided. We have had inquiry after inquiry into
this issue - all of which have come to the same conclusion - that the
private sector must be subject to the Privacy Act". There
is some merit in this conclusion, except that there was something different
before the Prime Minister which affected his decision. The Government
Discussion Paper was consistent with other inquiries, but his decision
went the other way. What made him change his mind? Further, the rapid
advances of the information economy are arguably more pressing now than
ever before and it is appropriate that this concern should be elucidated
by the Parliament.
2.6 This inquiry has place on record the empirical evidence for a comprehensive
and enforceable privacy scheme.
3. Why the Committee process is essential
3.1 The Committee process is a good forum to bring out a range of issues
focussed on the need to implement legislation extending privacy to the
private sector. I appreciate there are different views on what is the
most appropriate outcome, but it is essential that this outcome follows
a decision based on an informed debate following consultation with the
community.
3.2 I believe the Prime Minister's 'backflip' failed to take into account
all the relevant concerns and the Committee process has placed all submissions
on the record and required a report setting out the different views. This
forum exposes a diversity of views, educates the Parliament about the
relevant issues and forces decision makers to take these diverse views
into account in reaching their decisions.
4. Democrats on Privacy
4.1 The Democrats have always advocated the private sector should
be covered by a legislated privacy scheme. When the Privacy Act 1988
was being debated in the Senate, Senator Janine Haines moved an amendment
to cover the private sector which was defeated by the then Government
and Opposition. Interestingly, the Coalition required privacy legislation
in order to agree to the then Government's move on tax file numbers.
4.2 The Democrats support the Chair's report and welcome the recognition
of a need to regulate privacy across all sectors of the Australian community.
4.3 The Democrats also recognise the limited state of the privacy debate
in Australia. This inquiry focused on personal information privacy. I
am concerned other areas of privacy should also be considered in this
broader debate. I have introduced the Genetic Privacy and Non-discrimination
Bill 1998 which provides a stand alone scheme for the protection of
genetic privacy. Without a comprehensive scheme across all sectors these
stand alone schemes will be necessary. However, I would welcome a broader
approach to privacy regulation in Australia and believe these broader
privacy issues are best dealt with in a comprehensive scheme. Bills such
as the Genetic Privacy and Non-discrimination Bill 1998 should
be seen as a contribution to the broader privacy debate.
5. Conclusion
5.1 The Committee has examined self-regulation in some detail and recommended
privacy regulation should not rely on regulation which is not backed by
legislation. The Australian Democrats are sceptical of any regulation
by self-regulation and question this approach as an effective form of
regulation. In this instance, privacy regulation by self-regulation does
not provide the certainty and guarantee of protection necessary to safeguard
personal information. The reasons for this have been clearly stated by
the Australian Law Reform Commission with respect to privacy self-regulation:
The Commission considers that voluntary privacy codes can never be an
entirely effective form of regulation as they suffer from a `free-rider'
problem. This is as the effectiveness of a voluntary scheme depends on
whether or not a firm has agreed to participate in the code. Disreputable
organisations, which do not participate in the voluntary code, can ride
on the back of the industry's reputation as responsible and safe, due
to the existence of and participation in an industry based voluntary code
by reputable organisations. The voluntary nature of the code can therefore
suggest to individual members of the public that the industry has in place
adequate levels of privacy protection and safeguards for breaches thereof,
and disguise the fact that there is no remedy against disreputable firms
which do not voluntarily subject their operations and activities to the
privacy code (Australian Law Reform Commission, Submission 49, at page
8).
5.2 I have expressed my support for a co-regulatory approach to privacy
protection which is supervised by the Privacy Commissioner. I am however
concerned the role of the Privacy Commissioner should be an active one
and the codes provide an effective scheme for privacy protection. Having
rejected self-regulation as an approach to privacy laws, we need to be
sure any legislated privacy scheme does deliver the complaints, investigation
and enforcement mechanisms necessary to be sure personal information (of
whatever kind) is safe and is not misused.
5.3 Privacy laws for the private sector are inevitable and we should
work to developing a scheme which recognises the special needs of industries
and the importance of personal information privacy (of whatever kind)
to individuals. This process is essential for the development and uptake
of new technologies based on personal information. The benefits from jobs,
wealth and improved lifestyles are great, but we need to make sure we
have the necessary legislative guarantees, and in particular the privacy
of personal information.
Senator Natasha Stott Despoja
Senator for South Australia
December 1998