Australia Law Reform Commission has released its Invasions of Privacy Issues Paper

October 8, 2013 |

The ALRC released its issues paper Serious Invasions of Privacy in the Digital Era today.The closing date for submissions is 11 November 2013.  I am sure there is no symbolism in it being Armistice Day or, as known in France, the Day of Dupes (or the anniversary of Ned Kelly’s execution).  It is found here.

The media release (found here) provides:

The Australian Law Reform Commission (ALRC) today released the Issues Paper, Serious Invasions of Privacy in the Digital Era(ALRC Issues Paper 43, 2013), to begin the consultation process for its Inquiry. 

The Terms of Reference for this Inquiry ask the ALRC to consider the detailed legal design of a statutory cause of action, and in addition, other innovative ways the law might prevent or redress serious invasions of privacy.

ALRC Commissioner for the Inquiry, Professor Barbara McDonald, said “Although there has been significant privacy reform in recent years, there are still gaps in the legal protection of privacy. The digital era has created further challenges for the law, as, every day, we learn about new technologies for the tracking or surveillance of others and about new ways in which organisations and individuals may use and communicate all sorts of private information online.  The task of designing a civil action to allow people to sue for serious invasion of privacy requires a careful balancing of legitimate interests in privacy with other matters of public interest including freedom of speech and expression, media freedom to inform and investigate, the effective delivery of services including healthcare, and the promotion of a vibrant and prosperous national economy.”

Key considerations for the ALRC include ensuring that any new protection would be compatible with existing privacy laws and regulation and that any proposed legislation is adaptable to future technological changes, but not so vague as to cause uncertainty.

The Issues Paper builds on work previously undertaken by the ALRC in 2008 and the Department of Prime Minister and Cabinet in 2011, and the recent work of both the NSW and Victorian Law Reform Commissions. It asks for submissions not just on issues relating to a stand-alone cause of action but also about alternative ways that existing laws could be supplemented or amended to provide more and appropriate protection for privacy in the digital era.

Privacy law affects not just government, big business and the media. It affects a range of occupations and activities in all kinds of social contexts. It has the potential to affect everyone. The ALRC invites individuals and organisations to make submissions in response to the questions contained in the Issues Paper, or to any of the background material and analysis provided.  This community input will help inform the development of draft recommendations for reform to be released in a Discussion Paper due at the end of February 2014.

I am not sure to what Professor MacDonald refers when she states that there has been significant privacy reform in recent years.  It is a waffly say nothing sort of sentence.  If the Professor is referring to the enactment of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 then that hardly qualifies as “signficant privacy reform” in overall protection of privacy.  It has given the Privacy Commissioner some effective powers to regulate an imperfect piece of legislation.  There remains very many gaps in coverage.  For example it does not cover a large part of the small business sector (those with a turnover of less than $3,000,000).  Breaches of the Act almost invariably must be dealt with by the Privacy Commissioner.  This gatekeeper role is flawed as it is dependant upon the attitude, philosophy and resources of that office.  At the state level the specific regulation is patchy ranging from non existent (eg South Australia) to generally ineffective (New South Wales) to quite reasonable in theory but still limited in practice (Victoria). As it stands privacy protection is far from best practice.  Notification of data breaches are still not mandatory.  The pick up of the recommendations from the 2008 ALRC Report was selective and tended to the timid.

Technology has moved along at a pace and provides a challenge.  In the USA and Europe changes have been made, more in Europe than the US, to meet the challenges.  Australia has generally been frozen in time with causes of action which barely address 20th century technology let alone the current challenges.

Leave a Reply