Privacy law opinion piece in the Age

October 8, 2012 |

The Age has run a series of articles on privacy, mostly highlighting invasive practices.  Not so much in the privacy reform area.  Until now.  In Until privacy laws protect us, every move will be watched, the President of the Law Institute Michael Holcroft has weighed in with an article calling for greater privacy protections.  The Law Institute has been an active participant in the debate, providing excellent high quality submissions.

It is worth a detailed review.

Governments should do more to ensure we can mind our own business.

YOU might think you’re going about your day minding your own business, but people are watching. They are not just watching you, they are watching all of us, creating, as David Vaile, the Australian Privacy Foundation vice-chairman describes it, a ”honey pot” of data open to potential abuse.

Have a think about how our privacy can be invaded in the course of a normal day.

We get up in the morning, log on to our favourite website to check news and weather; our IP provider has a record.

Check Facebook and ”like” something, go to eBay and buy something; information and ”profiles are being created”.

Head to the train station, use your myki card. The card contains personal information, and if registered, could show banking and travel details. These could be shared with police as well as transport authorities and the company running the system.

Walk down the street and the CCTV cameras capture your image. Use your mobile phone, the network records the closest “line of sight” tower. In the lunch break, you go to a department store and use a loyalty card which contains personal details. The information on the card might be shared with marketing and data analysts, call and direct mail centres.

In the evening, you drive to a nightclub. If you travel on the toll-way, that information is recorded. At the door of the club, CCTV footage again. Your driver’s licence is scanned by a bouncer using biometric technology. It’s to prevent entry of banned patrons, but it is reported that the data may also be used to provide demographic information.

After the nightclub, you visit Facebook and share the details of the great night you have had. After a few drinks, be careful of the settings. You have just, maybe unwittingly, shared your night with the world, including Facebook Inc, its partners, advertisers and associated web developers.

Privacy law reform has long been on the Australian legal profession’s agenda.

The Law Institute of Victoria, in a 2009 submission to the Victorian Law Reform Commission’s inquiry into surveillance in public areas, argued that state laws need reform to provide more comprehensive and contemporary regulation of surveillance practices; an independent body should be established to regulate such laws; and, there should be a statutory cause of action for invasion of privacy.

The government is yet to respond – slow by normal standards, slower still when measured against the warp speed of advances in information technology.

Never a truer word was spoken.  The delay has been ridiculous.  The Australian Law Reform Commission commenced its (latest) consideration of the law of privacy in 2006. Its report, For Your Information (Volume 108) was released in 2008.  It made 295 recommendations.  The Government adopted a two stage response to the report.  In October 2009 the Government addressed 197 of the 295 recommendations.  The remaining 98 recommendations, most of which are the more challenging/controversial are in the wind so to speak.  There is about a year left in this term of the Federal Parliament.

Advances in information, communication, storage, surveillance and other technology have significant implications for individual privacy.

While this is true the issue of a right to privacy protected by a specific common law or statutory tort has been alive in the common law since the late 19th century.  It is a reality in the US and in a part common law part statutory form in the UK as well as in Canada.  The imperative for privacy protections has always been there. Technology advances and its more avaricious use has made the need more apparent.

Reform of privacy laws gained momentum recently when the federal government flagged a plan to have the phone and internet history of Australians stored by telcos for up to two years as a crime-fighting measure.

Last month, the House of Representatives passed reforms to the Privacy Act 1988. A federal parliamentary committee recommended passing the Privacy Amendment (Enhancing Privacy Protection) Bill 2012, which contains significant changes to the Privacy Act, including hefty fines for ”repeated and serious” breaches of privacy regulations.

The Law Institute of Victoria believes the protection of an individual’s privacy is fundamental to human dignity and is central to many other human rights, such as the right of freedom of association, movement and expression. We are not alone. The right to privacy is the most often cited right in cases concerning Victoria’s Charter of Human Rights and Responsibilities.

Essentially, the institute is concerned the bill does not adequately empower people to protect and control their information. We call for the collection of solicited personal information only when reasonably necessary for the activity in which the individual is engaging. People must also have the option of remaining anonymous when dealing with an entity.

A key problem with privacy reform has been the lack of empowerment of individuals.  This is incongurous given it is their information that is at stake.  That lack of empowerment extends to not being able to take action to enforce their rights.  Even within the Privacy Act structure that role belongs to the Privacy Commissioner.  Why he should have a monopoly on enforcement is a glaring inadequacy in the regulatory structure.

We also call for a clear definition of consent. We submit that individuals cannot consent to the collection of sensitive data where consent is obtained in a coercive or unreasonable way.

Again, very true.

We believe that when requested to do so, entities should be required to destroy primary personal information (name, address, date of birth) that is held about an individual.

The Law Institute of Victoria is concerned that under current business practices there is limited provision for the rights of individuals and the principles of privacy. What protection there is, is undermined by the technical and complex framework and by burdensome and costly requirements. We believe provisions imposing excessive requirements on people seeking to protect their privacy should be amended.

For example, the requirement on individuals to opt out of use of credit information for direct marketing. In our view, information collected for one legitimate purpose should not then be sold and used for purposes beneficial to companies without an individual’s consent.

We urge the federal and Victorian governments to act – and act quickly – to keep up with technology and ensure Australia can adequately protect people’s privacy. We have the right not to have our privacy unlawfully or arbitrarily interfered with.

Leave a Reply