A Critique of Australia’s Proposed Privacy Amendment (Enhancing Privacy Protection) Bill 2012
48 Pages Posted: 24 Aug 2012
Date Written: August 15, 2012
The Privacy Amendment (Enhancing Privacy Protection) Bill 2012 is claimed by the Australian government to be a major ‘pro-privacy’ reform of Australia’s Privacy Act 1988. This submission to the relevant Parliamentary Committees (prepared by the authors for the Australian Privacy Foundation) explains the many reasons why this is not so.
The Bill strengthens the powers of the Privacy Commissioner in a number of desirable ways, including civil penalty provisions, enforceable undertakings, enforcement of own-motion investigations, and limited requirements for Privacy Impact Assessments. But these reforms are undermined by inadequate reform of the Commissioner’s most important power, the making of determinations (enforceable decisions concerning complaints) under s52. Unless the Commissioner can be required by complainants to make decisions (only 9 have been made in 23 years), the new right of appeal against the Commissioner’s decisions will be meaningless. Appeal rights are no use if there are no decisions against which to appeal.
The proposed Australian Privacy Principles (APPs), while supposedly a welcome consolidation of disparate sets of principles, are in eight of the thirteen principles generally weaker than the UPPs proposed by the Australian Law Reform Commission (ALRC) or the current Act’s IPPs and NPPs. Particularly weak principles are those dealing with data exports, which abandons any idea of ‘border protection’ in favour of an unenforceable and largely valueless version of ‘accountability’, and the changes to the anonymity principle, which allow pseudonymity to be substituted for anonymity at the whim of a data collector.
The Bill gives the credit reporting industry the right to share information about Australians who have never had a credit default, a backward step for the privacy of every Australian who has ever had a loan or a credit card. Even though these changes to a form of ‘positive reporting’ are not as extensive or undesirable as in some countries, and may have some benefits in removing over-commitment, they have been brought in without sufficient responsible lending reforms. Some additional safeguards for credit reporting have been included and are welcome, but the overall effect of this part of the reforms is a major loss of financial privacy for all Australians.
The Bill does not remove the unjustifiable exemptions from the Act for ‘small’ businesses, employment records and political matters (reforms proposed by the ALRC). Australians will wait forever for a second reform Bill – there should be one comprehensive Bill including all reforms.
The Bill therefore does little overall to advance Australia’s case for an ‘adequacy’ finding by the European Union concerning Australia’s privacy protections. Whether the stronger enforcement powers can compensate for the negative aspects is questionable. Internationally, this seems like a missed opportunity for Australia.
Keywords: Australia, European Union, data protection, privacy, enforcement
Suggested Citation: Suggested Citation