Anonymity and pseudonymity under the new changes to the Privacy Act

March 24, 2014 |

In Want to be anonymous? Now you have a right to be the Age reports on Australian Privacy Principle 2, the general right to anonymity and pseudonymity.  It is an important right and one that is not properly understood by many business organisations, as the article makes clear.  As with much of the new regulatory regime it is important for the Privacy Commissioner to put muscle behind the APPs and their accompanying guidelines.

It provides:

Australian citizens now have the right to remain anonymous or use a pseudonym when interacting with government agencies, private health service providers, and large organisations under new privacy laws.

The Australian Privacy Foundation says the laws, which came into effect on March 12, are a huge win for those who don’t wish to use their real identity when interacting with organisations and companies that have a turnover of more than $3 million a year.

The law states individuals “must have the option of dealing anonymously or by pseudonym”.

There are a number of caveats though. For example, an entity is not required to provide anonymity or pseudonymity where they are required or authorised by law to deal with identified individuals and where it is “impracticable” for them to deal with non-identified individuals.

The Office of the Australian Information Commissioner’s (OAIC) website lists examples of cases where an entity would still need to be given a person’s real identity.

It says an organisation would need to identify an individual when processing an application for an identity document (such as a passport, licence or security pass), issuing a tax file number, paying a social security or health care benefit, opening a bank account, and supplying a prepaid mobile phone where legislation requires identification.

Roger Clarke, chairman of the Australian Privacy Foundation, said that in the “vast majority” of circumstances if an individual said “I want you to use this pseudonym when dealing with me” then an organisation’s default position should be that they need to enable pseudonymity. He said if an organisation asked for a person’s identity and didn’t need it then they didn’t have to give it to them.

“Tell me how that can be justified as being impracticable? We’ll listen to any government and any organisation that comes up with an argument. There might be some that will have one we hadn’t thought of, but the default position is that they need to enable pseudonymity,” Mr Clarke said.

Mr Clarke didn’t think organisations were ready for the new laws. “A lot of organisations simply don’t get it and are going to have trouble when people put this to them …”

He claimed the new laws applied to web companies such as Google and Facebook. In recent times such companies have been cracking down on those who don’t use their real identity.

“The laws apply to anybody who isn’t exempted under the law,” Mr Clarke said. “There are arguments about enforceability internationality – but absolutely it applies to everybody.”

The laws dealing with anonymity and pseudonymity are part of a number of new Australian Privacy Principles. Organisations that don’t comply with them face fines of up to $1.7 million

Leave a Reply

Verified by MonsterInsights