Minister O’Conner gives speech on privacy at iappANZ ANNUAL CONFERENCE 2011

November 30, 2011 |

Brendan O’Conner has delivered a speech on Privacy at theiappANZ ANNUAL CONFERENCE 2011

The speech reads:

I’d like to begin by acknowledging the traditional owners of the land on which we meet and to pay my respects to their elders, both past and present.

I am very pleased to be here this morning to open the 2011 Annual Conference for the Australia and New Zealand International Association of Privacy Professionals.

I spoke at this conference last year, and once again, I can see you have an impressive line up of speakers over the course of the day.

This conference is establishing a reputation for bringing practitioners together to discuss the latest privacy trends and issues.

With that in mind, today I’d like to talk briefly about where we’ve come from, and where we are going.

Information policy landscape

It has been just over 30 years since the OECD Privacy Principles were first developed. Over 20 since the Hawke/Keating Government introduced the Australian Privacy Act, and 10 years since the Privacy Act was extended to cover private sector organisations.

Those of you who have been working in privacy and information law for a great part of those three decades have transformed the way we think about privacy and the protection of personal information.

Technological advances, increased awareness of citizens, the tireless work of non-government organisations dedicated to improvements in privacy protection have changed how we collect, store and use and disclose personal information.

The challenge for government is how to ensure regulation keeps pace with those expectations. Which is why, once again, the Labor Government is making significant changes to the information policy landscape.

Open Government

In 2007, the Labor Party made a commitment to restoring trust and integrity in Government information.

At the heart of this commitment was bringing together the functions of privacy protection and freedom of information under the auspices of the Office of the Information Commissioner.

Co-locating these policy functions recognised that the Privacy and FOI Acts worked together to regulate government information. Further, bringing together privacy and FOI would ensure the Government’s information policy would be consistent and workable, even whilst reconciling the tensions between openness and confidentiality.

The Office of the Information Commissioner commenced last year, and our FOI reforms including a new pro-active Information Publication Scheme have also been implemented.

In the relative background, the Government has also been pursuing significant privacy reforms in response to the Australian Law Reform Commission’s “For Your Information” Report.

However, before I talk about these reforms, I might take a moment to reflect on the changing context for privacy reform.

Privacy – the early days

To dwell on how much has changed, I’d like those of you who can, to hark back to the days of old; the days when people worked in offices with screens on windows, not windows on screens.

In those days, no-one had a desktop computer or access to the internet.  People did not communicate by email and people did not use mobile phones.

There were no such things as text messages or portable storage devices.  USB stood for unsporting behaviour (for those soccer fans out there) not universal serial bus.  There were no silicon chips.

Information was stored in hard copy on a file – electronic files or folders were matters of science fiction. In many cases, there was only one copy of particular information. A carbon copy was just that – and CCs were a snack food.

Documents were not able to be copied or scanned.  They could not be uploaded or downloaded.  They could not be attached to emails and forwarded to groups of people with the touch of a button.

There was no information highway.

Having one copy of information in one physical location, however, did not mean that personal information was safe. There were still risks associated with the collection, use and disclosure of that information.

Recognising these risks, in 1984 the then Hawke Labor Government officially adopted the OECD Guidelines governing the protection of privacy and transborder flows of personal data (1980).  This was followed by the introduction of the Privacy Act 1988, which came into operation on 1 January 1989.

Privacy Reforms

For some of us it is difficult to envisage, or remember, the working environment of the 1970s or 1980s and see how technology has transformed our work practices.

Most of us can, however, reflect on the acceleration of technological change over the last decade.

The Australian community has embraced smart-phones, social media, tablet computers, satellite navigation, digital cameras, and chatting and sending videos over the internet.  These are just a few of the new, but now ubiquitous innovations of the last few years.

New technologies and modes of communication have generated enormous new opportunities for people to connect, collaborate and create.  New opportunities, however, can also pose new challenges.

In this rapidly changing environment it is incumbent on all of us interested in privacy to consider whether or not our protection framework is adequate to address the challenges of the present and the future.

The principles in the Privacy Act have been fundamental to the protection of personal information in Australia for many years.  Regulation must evolve continually, however, to reflect community standards and practices. And the Government is committed to this ongoing improvement of our privacy law and policy.

In advancing the 297 recommendations of the Australian Law Reform Commission, the Government is initially focussing on amending the Privacy Act to implement the Australian Privacy Principles (APPs) and new credit-reporting scheme.

Given the level of expertise in this room, I am sure many of you will have read the exposure drafts of the proposed new Australian Privacy Principles (APPs) and new credit reporting provisions. I am also sure many of you made submissions to the Senate Committee which conducted an inquiry on each of these exposure drafts.

The Senate Committee on Finance and Public Administration has now reported on these exposure drafts and the Government is carefully considering the Committee’s final recommendations, before finalising a legislative package for introduction into Parliament.

To support these initiatives, the legislative package will also include some proposed new powers and functions for the Information Commissioner.  For example, the new powers to approve external dispute resolution services and to implement the proposed new Credit Reporting Code of Conduct.

Subject to the usual caveats about legislative drafting resources, the Government is aiming to have this legislation introduced into the Parliament in the autumn sittings of 2012.

The introduction of legislation for the new APPs and the credit reporting scheme will be a significant milestone. But, of course, that is far from the end of the reform program.  There is still more to do.

The Government remains committed to responding to the rest of the Australian Law Reform Commission’s recommendations. Where appropriate the Government will proceed with legislation giving effect to those recommendations.

The Government also remains committed to a highly consultative process in developing policy changes. We understand that while the Australian Law Reform Commission itself consulted extensively, the Commission’s recommendations are relatively high level, and we all know, the devil can be in the detail.

Statutory Cause of Action for Privacy

This is why I chose to release an issues paper to facilitate greater consideration of the ALRC recommendation to introduce a statutory cause of action for serious invasions of privacy.

The Commission proposed that individuals should be able to seek a remedy from a court where their private life has been seriously invaded in a way that ordinary Australians would consider highly offensive.

The issues paper canvassed what the scope of a cause of action might be, and what remedies and defences might be available.

As one might expect in relation to such a controversial proposal, there was strong interest and participation in the consultation process.  Over 70 submissions in response to the issues paper were received.

Not surprisingly, a wide range of views has been expressed in the submissions.

Some people believe that the creation of a cause of action is long overdue, while others argue that existing laws are adequate.

Some people simply took the opportunity to tell the Government their personal stories of how their privacy had not been respected and the consequences for them and their families of that sort of violation.

All the submissions will receive attention and inform the Government’s consideration of whether or not to create a new cause of action. As I have said before, I have an open mind about whether a statutory cause of action for privacy is warranted. I wanted to make sure, however, that we didn’t get caught up in a yes/no argument, and I thank submitters for moving beyond this polarised debate into a genuine exploration of the issues.

One of the key questions asked was what an appropriate threshold would be if there was to be a cause of action for serious invasions of privacy. The issues paper considered whether serious invasions of privacy should be limited to actions that ordinary Australians would consider highly offensive and completely inappropriate.

Some submissions suggested that this view was too restrictive and could result in there being no remedy for many activities that a reasonable person would consider distressing.  On the other hand, arguments were made that a lower threshold could lead to a proliferation of trivial and minor cases, which would have a deleterious effect on business and the media.

Another key issue that came up in the course of consultations related to who would be in a position to use a statutory cause of action. Some people argued that a statutory cause of action would only be accessed by the rich and famous because of the cost barriers to litigation. Obviously it is not just public figures whose privacy can be invaded.  Many ordinary Australians have suffered serious invasions of their privacy. The Government is aware that taking expensive legal action may not always be the most desirable option. Submissions made a number of suggestions about how best to deal with this issue, including support for an offer of amends process similar to that used in defamation actions, or using the Privacy Commissioner to resolve complaints.

There were also a range of views about whether a statutory cause of action would pose a threat to freedom of speech.

As I have said since the beginning of this process, the Government acknowledges that the media has a very important role in keeping the public informed of local, national and international affairs as well as ensuring that important issues are subject to public scrutiny.

If the government were to introduce a statutory cause of action, it would be designed to ensure it did not prevent the media reporting on matters of public interest.

The Government is considering the ALRC recommendation because there is a legitimate debate occurring in the community right now, about what privacy protection individuals should have.

Of course, as with every discussion about privacy there is a balance to be found.  A world of absolute privacy has never and will never exist.

While the Government believes in protecting individual privacy, it must not come at the expense of freedom of expression or the freedom of the media to seek out and disseminate information of public concern.  Nor can it unreasonably impose on the implied constitutional freedom of political communication.

It is not consistent with our modern democracy, however, to permit arbitrary interference in the private lives of private citizens where there is no valid right or reason to do so.


The Government’s approach to a statutory cause of action for is the same as its approach to the other privacy reforms.

I believe that it is important that our laws and protections keep pace with advances in technology and changes to the way in which people store and use information.  And the Government is keen to hear the views of all Australians on how that should be achieved.

It is about ensuring that regulation strikes the right balance between individual and business interests, and is robust enough to keep pace with changing technology.

How we get to that balance is by talking and listening to the widest range of people possible.

As I said at the beginning, much has changed over the last 30 years.

But some fundamentals remain the same.

The Government believes that all Australians should feel confident when dealing with government, business or engaging with family and friends.

That we are confident that our personal information is secure, confident that government and businesses are actively protecting our personal information, and confident that we can access information held by government – our information – when we need to.

The Government wants to make sure Australia is equipped for the challenges of the decades ahead.

This is a long road, but we are steadily stepping towards a modern privacy protection framework in this country.  We are walking that road shoulder to shoulder with many of you here today, and I thank you for your ongoing commitment.

As I have said, there is still more to do and I look forward to your contributions as that work progresses.

As speeches go it is quite good.  What can anybody interested in privacy issues glean from it.  The Minister’s comments regarding a proposed statutory cause of action was a good encapsulation of the various positions.

If one was to engage in tea leaf reading there is more likelihood than not that there will be some statutory right of action in the future.  The support for privacy protections seem to be more than the usual platitudes.  The question is, and was always going to be, the structure.  The speech highlighted the key issues, the threshholds, the defences and ensuring that freedom of speech is not chilled (which is a bogeyman but like one, is a fear which has no basis in reality).

That the Minister seemed to suggest that enforcing statutory privacy protections through the Privacy Commissioner as even a possibility  is not good news.  The Privacy Commissioner’s approach to privacy protection is just administrative damage control and usually papering over and providing insipid findings which all too often are the legal equivalents of bromides.  His record is not good.  It is little wonder that the Australian embraced the Privacy Commissioner’s submission.  If there is to be a statutory cause of action, which it hates and resists fiercely, let it be administered in the most aneamic fashion possible with the least possible exposure to those who breach privacy.  Dealing with complaints in within a structure maintained and controlled by a body which is more focused on managing a problem than enforcing a right is a terrific way to gut any viable privacy protection by a natural person.  And the Privacy Commissioner is well equiped and practised in those dark arts.

Leave a Reply