Yet another reheated article about the Privacy Act exemptions for political parties being wrong… correct but nothing new in any of that

February 19, 2019 |

David Crowe, one of the more energetic commentators at the Fairfax Press has put together a piece about the ridiculous exemption that political parties have from regulation of the Privacy Act 1988 in Political parties should be stripped of Privacy Act exemptions after hack: experts.  It is one of those topics that columnists dust off from time to time. Peter Van Onselen has repeatedly drawn from that well though pretty much saying the same thing again and again and again in an Australian article in Political parties violate our rights to privacy  on 23 July 2011, raising the issue in a jeremiad about politicians generally in a Conversation piece in 2016 and returning to it in May 2018 with  Big Tech not the only entity with your personal data on tap.  He did some research earlier with a couple of academic pieces being Political Party Databases: Proposal for reform and Political Databases and Democracy: Incumbency Advantage and Privacy Concerns in 2004 and  Suiting Themselves: Major parties, electoral databases and privacy in the Australasian Parliamentary Review in 2005. But the pieces in the Oz are superficial and generally a general complaint about the obvious problem without too much analysis and detail.

The same complaint can be made of Crowe’s piece. Like many superficial filler opinion pieces it starts with the hook, something recent and in the news.  Here it is the Chinese attempted hack of the Australian Parliament and political parties web sites.  Then it follows with the complaint about why the exemption is unfair.  And finally to bolster the point and get some usable quotes from “experts” there is a ring around from the usual suspects, privacy commentators who while being privacy commissioners in the State or Federal level were remarkably ineffective.  Having moved out of those roles they are available to complain about the state of affairs.  The insights are far from profound.  The net result is a flaccid piece which touches on but barely gets into the problems associated with this scandalous state of affairs.

The exemption is a standing failure of public policy. 

It is understandable that journalists under constant pressure to push out 2 – 3 columns a week should reach for staples that can be massaged a bit,  have a top and tail put on it with something that is happening now to give it immediate relevance and make a few calls to underworked academics or self proclaimed experts for some sombre quotes.  But it does blessed little to improve the knowledge of the issue or put any pressure on government. 

Future articles about this state of affairs should, at minimum, deal with what data is hoovered up by political parties, in detail, how it is used using sophisticated algorithms and how these parties don’t have to institute the sort of controls and systems that organisations that non political parties have to implement.  And the potential disaster to individuals in having their personal information collected in this way, stored for an eternity and potentially being accessed by hackers.  Perhaps even some work on the consequences of a identity theft, a very real prospect when personal information is stolen. 

The Crowe article provides:

The major political parties are facing calls to comply with privacy and security laws that could assure millions of Australians their personal details are safe, almost two decades after politicians gained a rare exemption from the safeguards.

Former privacy commissioners have called for an end to the exemption in the wake of an online attack that left the parties exposed to fears that a “sophisticated” agency had obtained highly confidential records.

Senior government minister Michaelia Cash arrived at the Federal Court to be grilled this morning over the leaked AFP raids on the Australian Workers Union in 2017.

“The exemption for political parties from the Privacy Act is not justifiable – it never was and should never have been legislated in the first place,” said Anna Johnston, former deputy privacy commissioner in NSW and now the director of Salinger Privacy in Sydney.

“It means not only that the political parties have no obligation to keep the data they hold secure, it also means we as citizens have no right to access the data they hold about us.”

The exemption was included in the Privacy Act in 2000 in the name of protecting freedom of political communication, but experts said it meant the parties were spared from the obligation to protect valuable information based on the electoral roll.

A former federal privacy commissioner, Malcolm Crompton, said the parties should be compelled by law to notify authorities of a “notifiable data breach” under legislation that came into effect one year ago and applies to all federal agencies, health service providers and businesses with a turnover of more than $3 million.
The parties escape the “notifiable data breach” obligation because they are exempt from the Privacy Act.
“The political parties have access to some of the most accurate details about voters in Australia that there is,” said Mr Crompton, the founder and lead consultant at Information Integrity Solutions.
“They have access to the electoral roll and it contains more demographic detail than simply name and address.
“In addition, each of the major parties have their own systems for ingesting further detailed information about voters, for example in regard to every contact somebody might have with the electoral office of each parliamentarian, [and] other information that they can purchase from information aggregators.”
While it has become common for banks or others to notify customers of a privacy breach, there is no similar requirement for the political parties.
Privacy laws enable consumers to demand access to personal records at companies and agencies but political parties are also spared this obligation.
A Liberal Party spokesman said the party was working with security agencies, but Labor national secretary Noah Carroll declined to comment on the hacking.
Mr Crompton opposed the exemption for political parties when he was the federal privacy commissioner in 2000 and noted that the Australian Law Reform Commission recommended an end to the special treatment in 2008.
“In the interests of promoting public confidence in the political process, those who exercise or seek power in government should adhere to the principles and practices that are required of the wider community,” the commission said.
Ms Johnston said the hacking incident highlighted the risk to democracy if hackers gained access to the party’s systems and used the personal information in the way seen ahead of the US election in 2016, with “fake news” and propaganda on social media.
Another former privacy commissioner said the US experience, in which hackers broke into the Democratic National Committee, showed the risk to Australian voters from illegal access to the party systems.
“None of it is secure,” he said.
Former Victorian privacy commissioner David Watts said the political parties could use their databases to analyse personal information in a way that could be a threat to democracy if obtained by others.
“If that information is obtained illegally it can be used to influence people, whether it’s through targeted messages or Facebook or personal contact,” he said.
Professor Watts, now at La Trobe Law School, said the argument about freedom of political communication needed to be balanced by an obligation to protect the data.
He noted that European Union data protection law, for instance, permitted the compilation of personal data by political parties but added a caveat: “provided that appropriate safeguards are established.”




Leave a Reply