Attorney General’s Review of the Privacy Act Report; Chapter 9, the Journalist exemption; analysis and review. The Report supports the core of the status quo but recommends amendments to require proper data security and compliance with the Data Breach Notification Scheme.
June 4, 2023
The Attorney General’s Report on the Privacy Act review considers the status of the of the journalistic exemption at chapter 9. Unlike the small business exemption and the business records exemption the exemption for journalism has a strong public policy basis. Notwithstanding the media being involved in very serious privacy breaches over the years there has always been an acknowledgment that that there should be some form of exemption. The Report did not alter the core of the exemption but proposes bringing media organisations under the regulation of the Privacy Act regarding data security and data breach notification.
There was never likely to be a significant change to the way in which the Privacy Act dealt with the journalism exemption. In 2008 the Australian Law Reform Commission did not recommend a change to the exemption. That does not mean that the current regime is without flaws and problems which will continue after the Act is amended.
In the main the responses ranged from strongest supporters of retaining the exemption, primarily media companies, to those who wanted reform but were not prepared to remove the exemption. The rationale for the exemption is that it recognises the important and beneficial role of journalistic output in Australian society. That is made clear from the Explanatory Memorandum which provides that it is to balance ‘the public interest in providing adequate safeguards for the handling of personal information and the public interest in allowing a free flow of information to the public through the media.’
The exemption is set out in section 7B(4) of the Privacy Act. It provides:
(4) An act done, or practice engaged in, by a media organisation is exempt for the purposes of paragraph 7(1)(ee) if the act is done, or the practice is engaged in:
(a) by the organisation in the course of journalism; and
(b) at a time when the organisation is publicly committed to observe standards that:
(i) deal with privacy in the context of the activities of a media organisation (whether or not the standards also deal with other matters); and
(ii) have been published in writing by the organisation or a person or body representing a class of media organisations.
A media organisation may publish such standards itself, or be a member of an industry body which has a published code of conduct containing privacy standards.
The Report noted Read the rest of this entry »