A Critique of Australia’s Proposed Privacy Amendment (Enhancing Privacy Protection) Bill 2012

48 Pages Posted: 24 Aug 2012

See all articles by Nigel Waters

Nigel Waters

University of New South Wales (UNSW) - Faculty of Law

Graham Greenleaf

University of New South Wales, Faculty of Law

Date Written: August 15, 2012

Abstract

The Privacy Amendment (Enhancing Privacy Protection) Bill 2012 is claimed by the Australian government to be a major ‘pro-privacy’ reform of Australia’s Privacy Act 1988. This submission to the relevant Parliamentary Committees (prepared by the authors for the Australian Privacy Foundation) explains the many reasons why this is not so.

The Bill strengthens the powers of the Privacy Commissioner in a number of desirable ways, including civil penalty provisions, enforceable undertakings, enforcement of own-motion investigations, and limited requirements for Privacy Impact Assessments. But these reforms are undermined by inadequate reform of the Commissioner’s most important power, the making of determinations (enforceable decisions concerning complaints) under s52. Unless the Commissioner can be required by complainants to make decisions (only 9 have been made in 23 years), the new right of appeal against the Commissioner’s decisions will be meaningless. Appeal rights are no use if there are no decisions against which to appeal.

The proposed Australian Privacy Principles (APPs), while supposedly a welcome consolidation of disparate sets of principles, are in eight of the thirteen principles generally weaker than the UPPs proposed by the Australian Law Reform Commission (ALRC) or the current Act’s IPPs and NPPs. Particularly weak principles are those dealing with data exports, which abandons any idea of ‘border protection’ in favour of an unenforceable and largely valueless version of ‘accountability’, and the changes to the anonymity principle, which allow pseudonymity to be substituted for anonymity at the whim of a data collector.

The Bill gives the credit reporting industry the right to share information about Australians who have never had a credit default, a backward step for the privacy of every Australian who has ever had a loan or a credit card. Even though these changes to a form of ‘positive reporting’ are not as extensive or undesirable as in some countries, and may have some benefits in removing over-commitment, they have been brought in without sufficient responsible lending reforms. Some additional safeguards for credit reporting have been included and are welcome, but the overall effect of this part of the reforms is a major loss of financial privacy for all Australians.

The Bill does not remove the unjustifiable exemptions from the Act for ‘small’ businesses, employment records and political matters (reforms proposed by the ALRC). Australians will wait forever for a second reform Bill – there should be one comprehensive Bill including all reforms.

The Bill therefore does little overall to advance Australia’s case for an ‘adequacy’ finding by the European Union concerning Australia’s privacy protections. Whether the stronger enforcement powers can compensate for the negative aspects is questionable. Internationally, this seems like a missed opportunity for Australia.

Keywords: Australia, European Union, data protection, privacy, enforcement

Suggested Citation

Waters, Nigel and Greenleaf, Graham, A Critique of Australia’s Proposed Privacy Amendment (Enhancing Privacy Protection) Bill 2012 (August 15, 2012). UNSW Law Research Paper No. 2012-35. Available at SSRN: https://ssrn.com/abstract=2134838

Nigel Waters

University of New South Wales (UNSW) - Faculty of Law ( email )

Kensington, New South Wales 2052
Australia

Graham Greenleaf (Contact Author)

University of New South Wales, Faculty of Law ( email )

Sydney, New South Wales 2052
Australia
+61 2 9385 2233 (Phone)
+61 2 9385 1175 (Fax)

HOME PAGE: http://www2.austlii.edu.au/~graham

Register to save articles to
your library

Register

Paper statistics

Downloads
272
Abstract Views
1,009
rank
111,303
PlumX Metrics