Dissenting Report of the Australian Labor Party and Australian Greens


1.1        Labor and Greens Senators are of the view that the Privacy Amendment (Re‑identification Offence) Bill 2016 (the bill) should not be passed as it provides a disproportionate response to the identified gap in the Privacy Act 1988 (Privacy Act) and the bill does not achieve its objectives.

1.2        The privacy of Australians is of paramount importance; however, a careful balance must be achieved between maintaining privacy, ensuring that government agencies properly de-identify datasets prior to its publication, and encouraging research into the areas of information security, cryptology and data analysis. The bill fails to provide a holistic response and neglects to consider the de-identification process and consequences for agencies for releasing datasets that have been poorly de‑identified. As outlined by the NSW Office of the Privacy Commissioner:

...it places a disproportionately high onus on external recipients to be aware which released datasets are considered to have undergone a de‑identification process. The proposed provisions do not appear to create corresponding obligations on the releasing entities to certify each released dataset as deriving from personal data or the treatment used to achieve the outcome of non-identifiable data.[1]

1.3        Rather, if passed, the bill adopts a punitive approach towards information security researchers and research conducted in the public interest. In contrast, government agencies that publish poorly de-identified information do not face criminal offences and are not held responsible. While the Privacy Act does not apply to most Australian universities, as outlined by Melbourne university researchers, the implications of the bill are not clear for researchers at the Australian National University, students, and individuals acting on their own initiative who happen to be university employees.[2] Additionally, no consideration has been given as to whether an individual who re-identifies their own information, or their dependent's or client's information, should also be subject to the bill.[3] The bill discourages research conducted in the public interest as well as open discussion of issues which may have been identified.

1.4        Labor and Greens Senators are opposed to the retrospective application of the bill and agree with the concerns raised by the Senate Scrutiny of Bills Committee and the Law Council of Australia that retrospective provisions offend a fundamental principle in the rule of law and that this is particularly acute in the case of criminal offences.[4]

1.5        Moreover, while the Attorney-General has claimed that the retrospective application of this bill was made clear in his announcement on 28 September 2016, the submission by the Melbourne university researchers indicates a level of ambiguity. They explain that they had interpreted a commitment that 'all legitimate research would be allowed to continue [as opposed to] some designated research should be exempt'.[5]

1.6        Labor and Greens Senators also disagree with reversing the evidential burden of proof. As justification for reversing the burden of proof, the Explanatory Memorandum noted that it would not be difficult for the entity to demonstrate that one of the exemptions apply and that it also reflects the seriousness of the prohibited conduct.[6] However, as outlined by the Senate Scrutiny of Bills Committee, the fact that it would be easy for an entity to provide evidence that one of the exemptions apply, or conversely, that it may be difficult for the prosecution to prove that the exemption does not apply, is not sufficient justification for reversing the burden of proof.[7] Also, it is not apparent that it would be particularly onerous for the prosecution to prove that the exemption did not apply.[8] As such, the justification for reversing the burden of proof is neither reasonable nor appropriate.

Conclusion

1.7        The bill provides a disproportionate reaction to the identified gap in the Privacy Act. It neglects the initial process of de-identification and does not hold government agencies responsible for publishing poorly de-identified datasets. Instead it penalises public interest research and discourages open investigation and discussion of potential issues relating to information security. The disproportionate response is also evidenced through the retrospective application of the bill as well as the reversal of the burden of proof.

Recommendation 1

1.8        Labor and Greens Senators recommend that this bill not be passed.

Senator Louise Pratt                                                                      Senator Nick McKim
Deputy Chair

Navigation: Previous Page | Contents | Next Page