Australian Privacy Regimes: Framework

Ketupa

overview

framework

principles

coherence

1988 Act

other law

2000 Act

states

codes

money

media

health

genetic

adoption

policing

justice

crimes

homes

workplace

retail

venues

politics

cases 1

cases 2

landmarks

related
Guides:

Privacy

Secrecy

Censorship

related
Profiles:

Human
Rights

Australian
Constitution
& Cyberspace

Credit
Reporting

Australia
Card

Registers

100 Points
Scheme

Intelligence
agencies

framework

This page outlines the Australian privacy regimes, highlighting the interaction of national and state/territory law, practice and consumer attitudes.

It covers -

introduction - making sense of the regimes
the international dimension - the impact of agreements and benchmarks
privacy statutes - the federal and state Acts
other law - contract and other law
codes and practice - industry self-regulation and day by day activity in the public and private sectors
attitudes - what do Australians think about privacy
the Australian model - different frameworks to the EU and US?
policy debate - framing discourse about privacy
studies

Principles, operational challenges and debates are discussed in more detail in the broader Privacy Guide elsewhere on this site, in the following pages and in supplementary notes on such matters as the Australia Card, unauthorised photography and ANPR.

introduction

This profile refers to plural privacy regimes - rather than a single, unified national system - for three reasons.

The first reason is that privacy law and practice in Australia involves the national (aka Commonwealth) government, the state governments and the major territory governments.

Those jurisdictions have all enacted specific personal privacy and other statutes, consistent with the formal demarcation of powers featured in the discussion of constitutional arrangements elsewhere on this site. Depending on the circumstances, an individual or organisation may potentially be affected by national and or state/territory law.

The second reason is that although discrete privacy statutes are important, much privacy protection (and disagreement about its adequacy) involves a range of statute law and common law rather than a single 'Privacy Act' and may be administered by multiple agencies rather than by a single official privacy watchdog.

Some of that statute law serves to extend or strengthen the rights of individuals; on occasion (for example the national Census Act) it predates the 1988 and 2000 national Privacy Acts. Some of the statute law features exceptions that have been criticised as weakening protection. Some common law does not recognise what overseas theorists and lawmakers regard as substantial privacy rights/responsibilities.

The third reason is that many Australians (including members of the legislatures and the judiciary) have traditionally conceptualised privacy on a 'use' basis rather than on the basis of overarching principles (for example as a key human right). Much Australian privacy law is thus industry or activity-specific and in practice may operate independently of specific Privacy Acts. There is no general tort of privacy and a broad right to privacy is not explicitly identified in the national Constitution.

privacy statutes

The Australian regimes feature both discrete legislation (eg the Privacy Act 1988) that is only concerned with privacy protection and specific provisions in legislation that has another purpose (eg non-disclosure provisions in the national Census Act and state motor vehicle registration statutes).

That legislation covers action by officials and by the private sector. It results from incremental development that has been episodic and sometimes inconsistent. As with much legislation, the creation of privacy statutes has tended to be reactive, after for example egregious abuses by private investigators, financial sector and health service providers.

Broadly we can discern several categories of 'privacy' statutes, which coexist -

legislation that is identified as a Privacy Act
complementary legislation identified as a Health Privacy Act
statutes concerned with 'workplace' or 'covert' surveillance
data protection provisions in other legislation, for example in the national postal, telecommunications, archives and taxation statutes
human rights charters such as the Victorian Charter of Human Rights & Responsibilities which feature a right to privacy.

The legislation has traditionally embodied a wariness about extending duties to the private sector, whether on the basis that courts did not recognise an underlying right of privacy or because concerns were thought to be addressed through other law.

It is important to note that the statutes typically allow individuals to waive rights and feature substantial exceptions for law enforcement/national security purposes.

     other law

[under development]

     codes and practice

[under development]

     attitudes

What do Australians think about privacy? What are expectations about rights and responsibilities?

The most useful answer to those questions is that there is real uncertainty, an uncertainty that is consistent with questions in other countries. There is little detailed independent authoritative data. Interpretation is contentious and bias is evident in much commercial research on "what Australians think".

Uncertainty reflects inconsistencies between expressed views and actual practice. It also reflects the diversity of roles, experience and interests. There isn't a single 'privacy demographic'. Perceptions and actions (or lack of action) are instead quite complex, affected by factors such as age, ethnicity, education, income, status and context.

A presentation at the 2006 Victorian Justice Department privacy workshop (PDF) noted that attitudes to privacy are often determined by which side of the counter - or the camera - the speaker is on and whether that person's privacy has been seriously breached in the past.

Australians often claim to greatly value their own privacy and, as discussed later in this profile, embrace notions such as "a man's home is his castle" but act as if there is a 'right to know' that legitimises media surveillance of celebrities (including harassment by paparazzi), 'foot in the door journalism' and vilification of stigmatised groups such as 'dole bludgers'.

As a community we appear to be keen on closer surveillance of known - or even potential - terrorists, drug traffickers and paedophiles but reluctant to peer behind the veils sheltering tax evaders. Young people appear to be particular sensitive to exposure of health information to parents but, along with many of their adult peers, actively divulge personal information for an opportunity to win a prize or as part of interaction with their peers through media such as blogs and social software services.

Is there a broad 'privacy consciousness' in Australia?

Some of the inconsistencies evident in what people say they want and what they do can be attributed to a digital quietism, with expectations that individuals lack capacity to change the regimes and perceptions that lack of publicity means no problems are occurring (one reason why US mandatory data reporting is significant).

The OFPC has conducted several studies of consumer attitudes

2007 (PDF)
2004 (PDF)
2001 (PDF)

and business attitudes

2001 (PDF)

     the Australian model

Expectations regarding privacy and mechanisms for its regulation are culturally influenced. Conceptualisation of privacy and of, for example, the role of the state in articulating community wants or acting on behalf of citizens, may vary significantly from one nation to another.

The regimes described in the following pages can be viewed through a US, EU or UK lens but differ in some degree from overseas regimes. That is significant for two reasons.

The first is that Australia is situated in a global economy, with policymaking being influenced by business and government agencies in North America and Europe. Astute observers have commented that principle is not always reflected in practice (and that there is substantial variation on a national basis, in for example the UK, or in 'commercial' rather than 'national security' treatment) but broadly Europe is more protective of privacy than the US. Australia, like Canada, is being pulled in both directions; tensions are evident in government (which contrary to some claims often does not speak with one voice), within the commercial and academic legal communities, and within business.

The second reason is that advocates look overseas for benchmarks, for codes of practice and legislation that might be adapted by Australia, and more broadly for a 'language' that can used in debate - both to conceptualise needs/concerns and to rally constituencies.

     policy debate

Inconsistencies also reflect the way that debate about privacy principles, law and practice has been framed.

That is evident in characterisation of privacy as something that inhibits or prevents social goods. Polemicists have claimed that it is antithetical to economic growth, improved health services and public safety. Academic Mirko Bagaric thus commented in 2007 that "the right to privacy is the adult equivalent of Santa Claus and unicorns" and that privacy (along with human rights) "is a middle-class invention by people with nothing else to worry about".

Others - including the Australian Law Reform Commission and High Court Justice Michael Kirby - have argued that respect for privacy represents a respect for individuals that is fundamental to maintenance of a 'moral' civil societ, is not antithetical to good governance and may indeed underpin economic growth by ensuring exchange of accurate information on a basis of trust.

Arguably much debate about privacy in relation to public policy is quite shallow, with a poor understanding of issues and current practice. Much debate has been determined by US rhetoric; a disappointing aspect has been the tendency of liberties groups to emulate US anxieties about a government 'big brother' while ignoring private sector privacy abuses. Another disappointment has been dismissal by government and by some business sectors of privacy as something that is valued but must be sacrificed in the interests of national security or financial stability.

     studies

The absence of a comprehensive academic study of Australian privacy law (past and present) may come as a surprise to some readers. Unfortunately there is no definitive study of the different statutes and of how Australian courts, businesses, government agencies and citizens have engaged with the law. Much writing is instead distinctly atomistic and often located in specialist journals or commercial newsletters.

Points of entry into the Australian literature include Brett Mason's Privacy Without Principle: The Use and Abuse of Privacy in Australian Law and Public Policy (Melbourne: Australian Scholarly Publishing 2006), the provocative Privacy Law in Australia (Leichhardt: Federation Press 2005) by Carolyn Doyle & Mirko Bagaric, Margaret Jackson' Hughes on Data Protection in Australia (Pyrmont: Lawbook 2001) Des Butler's 2005 'A Tort of Invasion of Privacy in Australia?' in 29 Melbourne University Law Review 339 and successive reports from law reform bodies, in particular the Australian Law Reform Commission (1979, 1983, 2004 and 2006).

A perspective is offered by Colin Bennett & Charles Raab's The Governance of Privacy: Policy Instruments in Global Perspective (Cambridge: MIT Press 2006); other works are highlighted in the more detailed Privacy guide elsewhere on this site.

   next page (australian privacy principles)