[Roger is a smart and thoughtful fellow who I respect greatly, but I suspect that our views on privacy legislation differ substantially. Reasonable people can disagree over whether the best way to protect privacy is through market forces and technology (something I prefer) or nationwide legislation aimed at restricting business practices. It looks like Roger and EFA supported the second approach in the beginning, but then (almost predictably) the legislation morphed into something they now oppose. --Declan] ********** Date: Sat, 1 Sep 2001 11:31:31 +1000 From: Roger Clarke <Roger.Clarkeat_private> Subject: Privacy Debacle in Australia Cc: Irene Graham <edat_private> To Roger's Personal List of Privacy Glitterati: Privacy legislation affecting the Australian private sector comes into force on 21 Dec 2001. As previously advised, it's the world's worst privacy legislation - 253 pages of exceptions and exemptions; and I refer to it as the Anti-Privacy Act. The Privacy Commissioner issued a draft set of guidelines, which contained an explanation of how he intended to interpret the legislation. They were liberal interpretations, which (if they'd had the force of law) would have adjusted some of the abuses in the Act back towards the standards of the OECD Guidelines of 1980. The Privacy Commissioner has caved into pressure from industry associations, doubtless strongly supported by his masters in the government, and the final version of the guidelines is no longer privacy-supportive. Below is an open letter from Electronic Frontiers Australia, which explains the latest debacle in the history of privacy in Australia. Some further source-material is after that. Feel free to use this as a basis for informing other people about the parlous state of privacy in Australia. EFA Open Letter to the Federal Privacy Commissioner 31 August 2001 Mr M Crompton Federal Privacy Commissioner L8, 133 Castlereagh Street Sydney NSW 2000 <http://www.privacy.gov.au> Dear Mr Crompton EFA has appreciated the opportunity to participate in the NPP Guidelines Reference Group during the past six months. As you are aware, EFA has previously been generally supportive of the approach being taken by the OFPC in relation to the Guidelines and we have commented to that effect publicly, including in media interviews. However, during the past few weeks information emanating from the OFPC has caused us to review our position and we advise accordingly below. EFA hereby records our strong disapproval of the significant reversals in the OFPC's approach as evidenced in the revised draft Guidelines and Information Sheets recently distributed to members of the NPP Guidelines Reference Group and, apparently, unnamed others. We also disapprove of the minimalist and secretive "consultation" process being undertaken given the changes to the public consultation draft issued in May are major and there is no evidence that these changes are desired or supported by ordinary members of the public whose privacy is at risk. We have previously indicated our concern regarding the extremely short time (two working days) granted to prepare comments on the substantially altered guidelines and the difficulties of commenting while the supplementary information sheets were not available. Having since received the draft information sheets, we are appalled to learn that a number of previously intended sheets will not be produced. Moreover, the remainder fail to address matters that are at the very core of whether the "privacy" legislation will provide adequate, if any, protection against privacy abusive practices by organisations required to comply with the Act. While some such matters are briefly mentioned in the gutted Guidelines, the information is either so hazy and ambiguous that it is useless or the content and tone appears likely to legitimise privacy invasion to a greater extent than the legislation itself does. We understand that a criticism of the public consultation draft was that it was too lengthy and we agreed that a shorter document plus supplementary sheets may be more user friendly. We did not expect however, that one means of reducing the size would be to simply delete guidance on some important matters, principally it appears where some (but not all) business lobby groups objected to the contents of the public consultation draft issued by your office. In view of the above, EFA declines to provide comments on the Information Sheets. In addition to the three day time frame for responses being totally inadequate, EFA considers that no benefit to EFA members is likely to arise from our continued participation in this "consultation" process. In our view it is clear that a decision has been taken to favour business interests over the privacy of ordinary citizens that the legislation is allegedly intended to protect. Moreover, after six months participation in this process, we are sure the OFPC is already well aware of EFA's views. With regard to the short comment periods on the revised material, we recognise this results from the OFPC decision to issue final guidelines earlier than scheduled because some business interest groups said the scheduled date did not provide businesses with adequate time to prepare. While we commend efforts to provide final guidelines as soon as possible to organisations who genuinely desire guidance from the Commissioner, it is pertinent to note that some (perhaps all) of the groups critical of the scheduled release date are the very same ones who do not wish the Commissioner to provide guidance on compliance with the law at all, and/or who have indicated intent to comply with their organisation's interpretation of the legislation irrespective of any interpretation by the Commissioner in the guidelines. These groups are obviously well aware that the guidelines are just that, guidelines, not the law. Such groups have already had some nine months to prepare to comply with the legislation and the claim that they cannot do so until the final guidelines are issued is nonsense. We believe there are reasonable grounds for the view that the guidelines have been gutted at the request of some business lobby groups who seek to ensure that: - members of the public will have little guidance available to them about the obligations (if any) of businesses to respect their privacy and about the prospects of a complaint being upheld by the Commissioner, and - businesses will have the opportunity to claim insufficient guidance from the Commissioner and hence expect "kid glove" treatment in dealing with complaints. In acquiescing to the demands of various business lobby groups, the Commissioner's office is likely to fail, not only citizens, but also many businesses who seek clear guidance on compliance with the law so as to avoid the potential for complaints and/or genuinely wish to undertake best practice in protecting their customers' privacy. In summary, it presently appears that the Federal Privacy Commissioner's office has been hijacked by politically powerful big business lobby groups with minimal interest in their customers' right to privacy. If such a perception is not factual and is not to become a widely held view in the general community, the current draft guidelines require another major overhaul, this time to restore backbone and balance. Yours sincerely Irene Graham Executive Director on behalf of the EFA Board ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Irene Graham Executive Director - Electronic Frontiers Australia Inc. (EFA) EFA: <http://www.efa.org.au> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Some background materials: http://www.efa.org.au/Issues/Privacy/#bill Roger's notes from January 2001: The Privacy Act 1988 (Cth) currently relates to the federal public sector plus credit reporting practices. The Privacy Amendment (Private Sector) Act 2000, passed 6 December 2000, amends it to apply some new provisions to the private sector. But its purpose, and its effect, are to legitimise privacy-invasive practices, not to protect privacy. I outright opposed the Bill, arguing strongly that it would *worsen* relationships between consumers and business, and hence served *no-one's* interests. I've written a series of things on the Bill, of which this is the most recent and succinct: http://www.anu.edu.au/people/Roger.Clarke/DV/SenatePBSub2000.html and this is the most comprehensive: http://www.anu.edu.au/people/Roger.Clarke/DV/PAPSSub0001.html The Bill was introduced by the Government (Liberal + National/Country parties = Tories). It was considered by House and Senate Committees. The Opposition (Labor) has never been a friend of privacy (the Australia Card initiative of 1985-87 was theirs). Labor moved some weak-kneed amendments, some of which were eventually accepted by the Government. The Opposition then supported the Bill; consequently the cross-benches (Democrats and Independents) were unable to achieve any more significant amendment. If one were to assume that the statute was actually intended as an implementation of the OECD Guidelines, then it's the world's worst privacy legislation. I believe it's far more appropriate to refer to it as the Anti-Privacy Act, and leave it at that. The Act as passed is at: http://www.austlii.edu.au/au/legis/cth/num_act/pasa2000n1552000373/index.html An unofficial consolidated version of the Privacy Act 1988, now 100 pp. [error: 253 pp.!] of amazingly convoluted verbiage, is at: http://www2.austlii.edu.au/privacy/Privacy_Act_1988/ The EU has made clear that the provisions fall far short of compliance with the EU Directive: http://www.europa.eu.int/comm/internal_market/en/media/dataprot/wpdocs/index.htm The Attorney-General rudely rejected the EU's comments, just as he had earlier rudely rejected the advice of his own so-called 'Core Consultative Group'. -- Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/ Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916 mailto:Roger.Clarkeat_private http://www.xamax.com.au/ Visiting Fellow Department of Computer Science The Australian National University Canberra ACT 0200 AUSTRALIA Information Sciences Building Room 211 Tel: +61 2 6125 3666 ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. Declan McCullagh's photographs are at http://www.mccullagh.org/ To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Aug 31 2001 - 19:13:20 PDT