Hostname: page-component-745bb68f8f-v2bm5 Total loading time: 0 Render date: 2025-01-30T22:53:49.290Z Has data issue: false hasContentIssue false
  • English
  • Français

The Privacy Act 1988 (CTH): A Study in the Protection of Privacy and the Protection of Political Power

Published online by Cambridge University Press:  24 January 2025

Lee A Bygrave
Lee A Bygrave*
Affiliation:
Department of Veterans' Affairs, Canberra
Get access Rights & Permissions [Opens in a new window]

Extract

The issue of the protection of privacy sums up a congeries of public anxieties about the standing of individuals in relation to those who exercise governmental and economic power. The issue has impinged increasingly on governmental and legal processes but it is one which these processes have had difficulty assimilating. At a general level, this article attempts to provide some insights into this difficulty, taking the Privacy Act 1988 (Cth) as its main focus.

Until now, analyses of the Privacy Act have tended to concentrate quite narrowly upon its provisions. Although a number of shortcomings have been identified as a consequence, no detailed or systematic explanations for these shortcomings have been advanced. This article seeks both to outline the deficiencies in the Act and to explain them. It takes as its point of departure the premise that the Act's deficiencies cannot be explained adequately by looking only at its provisions or formal legislative history.

Type
Research Article
Information
Federal Law Review , Volume 19 , Issue 2 , June 1990 , pp. 128 - 153
Copyright
Copyright © 1990 The Australian National University

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

Footnotes

Sincere thanks are due to Peter Bayne for his helpful comments and assistance during the research and writing of this article, and my father who originally typed the article.

References

1 (1849) 1 Mac & G 25; 41 ER 1171.

2 122 Ga 190 (1905).

3 381 us 479 (1965).

4 There is no explicit protection of the right to privacy in the Bill of Rights; in Griswold the right was found to exist in the “penumbra” of specific guarantees set out in the First, Third, Fourth, Fifth and Ninth Amendments: see generally RF Hixson, Privacy in a Public Society (1987) Ch 4.

5 Warren, SD and Brandeis, LD, “The Right to Privacy” (1890) 4 Harv L Rev 193CrossRefGoogle Scholar.

6 A full version of the Covenant is set out in Schedule 2 of the Human Rights and Equal Opponunity Commission Act 1986 (Cth). Article 17 of the Covenant basically embodies Anicle 12 of the Universal Declaration of Human Rights (1948).

7 SD Warren and LD Brandeis, supra n 5,205.

8 Morison, WL, Report on the Law of Privacy (1973) 13Google Scholar.

9 Australian Law Reform Commission, Repon No 22, Privacy (1983) Vol l, 10.

10 Benn, SI, “The Protection and Limitation of Privacy” (1978) 52 AU 601Google Scholar; Commission on Freedom of Information and Individual Privacy, Ontario, Public Government for Private People (1980) Vol 3, 499; see also AF Westin, Privacy and Freedom (1970) 31 for a different but basically complementary approach. Rather than identifying privacy interests, Westin lists four basic 'states' of privacy: solitude, intimacy, anonymity and reserve.

11 SI Benn, supra n 10, 608.

13 Kalven, H, “Privacy in Tort Law - Were Wam:n and Brandeis Wrong?” (1966) 31 Law and Contemp Prob 326, 339CrossRefGoogle Scholar.

14 Wacks, R, “The Poverty of Privacy” (1980) 96 LQR 73, 77Google Scholar.

15 SI Benn, supra n 10, 606.

16 McCloskey, HJ, “Privacy and the Right to Privacy” (1980) SS Philosophy 17, 37Google Scholar.

17 Fried, C, “Privacy: Economics and Ethics” (1978) 12 Ga L Rev 423, 427Google Scholar.

18 AF Westin, supra n 10, 33.

19 HJ McCloskey, supra n 16, 34.

20 Posner writes: “… history does not teach that privacy is a precondition to creativity or individuality. These qualities have flourished in societies … that had much less privacy than we have today”: Posner, R, “The Right to Privacy” (1978) 12 Ga L Rev 393, 407Google Scholar.

21 2l HJ McCloskey, supra n 16, 38.

22 ALRC, supra n 9, 17.

23 Ibid 18.

24 Supra text at nn 31-32.

25 SI Benn, supra n 10, 691.

26 For a detailed but rather particular account of the rise and fall of the Australia Card proposal, see E Smith, TM Australia Card: TM Story of ils Defeat (1989) Chs 6, 7.

27 Morison, WL, Report on tM I.Aw of Privacy (1973) 10Google Scholar.

28 New South Wales Privacy Committee, Privacy Protection: Guidelines or Legislation? (1980) 4.

29 New South Wales Privacy Committee, Annual Report 1982 (1983) 15.

30 Id.

31 Some of the matters which were taken to be beyond the scope of the report but which the Commission recognised as being relevant to the subject of privacy were: (i) issues relating t-l domestic privacy, such as noise levels, overcrowding and inferior building standards; (ii) issues relating to homosexual practices and private obscenity; and (iii) claims by corporations to privacy.

32 The OECD Guidelines are set out in ALRC, supra n 9, 270-272. The Information Privacy Principles are discussed in more detail in Pan 3 of this paper.

33 Ibid 258.

34 Ibid 191.

35 This is required in most overseas legislation on information privacy: eg Canada: Privacy Act 1982 s 11; France: Act 78-17 of 6 January 1978 Concerning Data Processing, Files and Libenies s 19; West Germany: Federal Data Protection Act 1977, ss 12, 19.

36 The strictest licensing. schemes operate in Sweden and France where record systems may operate only after inspection and approval by the licensing authority on a case-by-case basis: see generally New South Wales Privacy Committee, International Legislation for Privacy Protection in Data Systems (1978); cf the weaker requirements of the Data Protection Act 1984 (UK) - approval by the Data Protection Registrar of record systems follows automatically simply upon registration of basic formal details of the systems (see esp ss 4(3), 7(2), 42(2)).

37 Californian law is strictest in this regard: see Information Practices Act 1977 (Cal), Cal Civil Code s 178.25.

38 This is required under Danish law: Private Registers, Etc, Act 1978 (Denmark) s 11(2).

39 The strongest criminal penalties are found under Swedish and French laws both of which provide for fines, imprisonment and damages. The Data Protection Act 1984 (UK) also provides for criminal penalties (s 19) and damages (s 22).

40 Australian Law Reform Commission, Repon No 22: Privacy (1983) Vol 2, 86.

41 Id.

42 Ibid 197.

43 Ibid 193.

44 Ibid 24.

45 Ibid 20; Australian Law Reform Commission, Report No 11: Unfair Publications: Defamation and Privacy (1979).

46 ALRC, supra n 40, 26.

47 “The provision of general registers in which are kept details of personal information systems held by agencies, should be sufficient as a means of assisting the motivated individual, concerned about possible intrusion into his information privacy, to initiate the inquiry that will disclose whether or not the information privacy principles have been breached… ”: ibid 194 (emphasis added)

48 As Grabosky and Braithwaite note in relation to consumer affairs complaints: “Most consumers cannot be bothered lodging a written complaint even when they know they are victims of significant fraud. More often they do not even know”: Grabosky, P and Braithwaite, J, Of Manners Gentle: Enforcemenl Strategies of Australian Business Regulatory Agencies (1986) 78Google Scholar.

49 ALRC, supra n 9, 31, 191.

50 ALRC, supra n 40, 194.

51 ALRC, supra n 9, 37.

52 Ibid 38.

53 Id.

54 Ibid 39.

55 Ibid 49.

56 Australian Law Reform Commission, Report No 25: Annual Report 1984 (1985) 33.

57 Introduced in October 1986.

58 Treasury Press Release, 14 June 1988.

59 Sen Deb 1988, No 17 (Weekly Hansard) 2342 (9 November 1988).

60 These weaknesses are canvassed in Part 3 of this paper. For rather scathing criticisms of the 1986 Bill see generally the vast majority of submissions to the Senate Standing Committee on Legal and Constitutional Affairs Inquiry into the Feasibility of a National Identification System (1988).

61 ALRC, supra n 9, 273-274.

62 Lloyd, LJ, “The Data Protection Act - Little Brother Fights Back?” (1985) 48 Mod L Rev 190, 190-191Google Scholar.

63 Re Control Investments Pty Ltd and Australian Broadcasting Tribunal (No 1) (1980) 3 ALD 74, 79 and 81, on the meaning of s 27 (1) of the Administrative Appeals Tribunal Act 1975 (Cth), which allows a person whose “interests are affected” by a decision to seek a review of that decision. An individual possibly would also have had to show more than mere intellectual concern over the breach of the IPP: Australian Conservation Foundation Incorporated v Commonwealth of Australia (1980) 146 CLR 493, 548.

64 R Clarke and G Greenleaf, “Australian Proposals to Implement the OECD Data Protection Guidelines”, submission to the Senate Standing Committee on Legal and Constitutional Affairs Inquiry into the Feasibility of a National Identification System (1988) 1367, 1379.

65 Most overseas legislation avoids the problem by defining personal information to take account of the need to identify an individual using one set of information in combination with another: eg the Data Protection Act 1984 (UK) defines personal data as “data consisting of information which relates to a living individual who can be identified from that information (or from that and other information in possession of the data user) … ” (s 1(3)).

66 ALRC, supra n 40, 82.

67 However Norwegian, Austrian, Danish and Luxembourg laws cover both legal and natural persons; ibid 198.

68 New South Wales Privacy Committee. supra n 28. 6.

69 Even information originating with, or received from, intelligence agencies or the National Crime Authority is exempted from coverage by the IPPs (ss 7(1)(f), 7(l)(e) and 7(l)(g)).

70 AlRC, supra n 40, 206.

71 Privacy Amendment Bill 1989. A mixture of legislation and voluntary agreements already regulates the credit industry in most of the States but coverage is neither uniform nor extensive. The Fair Credits Report Act 1974 (SA) perhaps affords individuals the most protection in this area and in some respects is stricter than the Privacy Amendment Bill (cf ss 6(2)(a) and 6(2)(b) of the Act with cl 18G of the Bill; s 8(3) with cl 18H; and s 7(b) with cl I8M). Overall, however, the Bill is more extensive in coverage. Most importantly, it provides for limits on the disclosure of personal information by those in the credit industry (cl 18(K)). This is not provided for in any State legislation.

72 See further ALRC, supra n 40, 189-193.

73 Obviously it would be difficult to formulate satisfactorily a principle specifying that personal information be collected only for certain well-defined purposes. The “social justification principle” put forward by the New South Wales Privacy Committee in 1977 represented one of the few attempts to do so. The principle stated: “a personal data system should exist only if it has a general purpose and specific uses which are socially acceptable”: New South Wales Privacy Committee, Guidelines for the Operation of Personal Data Systems (1977). The principle would have been virtually unenforceable because of its vagueness.

74 United States Congressional Committee on Government Operations, Report No 8: Who Cares About Privacy? Oversight of the Privacy Act of 1974 by the Office of Management and Budget and by the Congress (1988).

75 Sen Deb 1988, No 20 (Weekly Hansard) 3673 (7 December 1988).

76 These state, inter alia, that “the purposes for which personal data are collected should be specified not later than at the time of data collection … “quoted in ALRC, supra n 9, 270.

77 Supra n 75, 3674.

78 The Government seems simply to have assumed the principle does require this, as have the Democrats: Sen Deb 1988, No 20 (Weekly Hansard) 3791 (8 December 1988).

79 Explanatory Memorandum to the Privacy Act 1988, 22.

80 Supra n 75, 3674.

81 Note that only citizens and permanent residents of Australia can compel amendment: Freedom of Information Act (s 48) and indirectly Privacy Act 1988 (s 41(4)). For criticism of this rather arbitrary restriction, see ALRC, supra n 40, 125-126.

82 Department of Social Security v Dyrenfurth (1988) 15 ALD 232. See also the Administrative Appeals Tribunal's recent controversial application of that decision in Re Jones and Attorney-General's Department (1989) 16 ALD 732; cf the Tribunal's earlier, less restrictive approach in Re Wiseman and Department of Transport (1986) 12 ALD 707.

83 ALRC, supra n 40, 125; Sen Deb 1981, vol 90, 2364-2365 (29 May 1981).

84 (1984) l AAR 456, 460.

85 (1984) 2 AAR 327, 343; see also Re Witherford and Department of Foreign Affairs (1983) 5 ALD 534, 536-537; Re Lander and Australian Tax Office (1985) 85 ATC 4674; and Re VXF and Human Rights and Equal Opportunity Commission (1989) 17 ALD 491, 506..

86 Eg Re Barkhordar and Australian Capital Territory Schools Authority (1987) 12 ALD 332, 337.

87 Eg see the Federal Court majority decision in Corrs Pavey Whiling & Byrne v Collector of Customs (Vic) (1987) 14 FCR 434, 436; see also the AAT decisions in Re Anderson and Australian Federal Police (1986) 4 AAR 414, 426; Re Dwyer and Department of Finance (1985) 8 ALD 474, 482. For further detailed discussion of this rationale of the Act, see P Bayne, Freedom of Information (1984) 96-102.

88 In the 1986 Bill, Principles 10 and 11 applied only to personal information solicited from the information-subject, thereby substantially reducing the level of protection for personal information solicited from, or volunteered by, third parties.

89 Senate Standing Committee on Legal and Constitutional Affairs, Feasibility of a National ID Scheme: The Tax File Number (1988) 78.

90 Note, though, that under s 80(i) a Public Interest Determination allowing an agency to breach the IPPs is a disallowable instrument for the purposes of s 46A of the Acts Interpretation Act 1901 (Cth).

91 The inclusion of such a provision may be a reflection of the 'new managerialism'; discussed supra text at nn 113-115.

92 P Grabosky and J Braithwaite, supra n 48.

93 Ibid 144.

94 Representative complaints are permitted under s 36(2).

95 R v White; ex parte Byrnes (1963) 109 CLR 665, 670-671.

96 Similar to s 81(2) of the Sex Discrimination Act 1984 (Cth) and s 25(z)(2) of the Racial Discrimination Act 1975 (Cth).

97 R v Kirby; ex parte Boilermakers' Society of Australia (1956) 94 CLR 254; see too the comments of Spender J in relation to analogous determinations made by the HREOC under the Sex Discrimination Act 1984 (Oh): Aldridge v Booth (1988) 80 ALR 1,7.

98 This occurred in Maynard v Nielsen (1988) EOC 92-226 (CCH) when the Federal Court refused to enforce a determination made by the HREOC that there was a valid complaint of discrimination under the Racial Discrimination Act 1975 (Cth).

99 See ss 91(1), 92, 93(1) and 93(3), and the discussion of their effect in M Batskos, “The Government's Obligation to Maintain Privacy of the Individual” (1989) 24 Australian Law News, No 3, 29. Basically, these provisions implement the recommendations of the ALRC: ALRC, supra n 40, 146-147.

100 This is in line with the Sex Discrimination Act 1984 (Cth) and the Racial Discrimination Act 1975 (Cth).

l0l Supra n 75, 3674.

l02 P Grabosky and J Braithwaite, supra n 48, 207.

103 ALRC, supra n 9, xliv-xlv, 258; supra n 40, 8-9.

104 Remember, for example, that the IPPs set out by the ALRC made no distinctions between solicited and unsolicited information or between information solicited from the information-subject and information solicited from third parties, whereas the IPPs in the Privacy Act do: supra text at nn 75-76.

105 Thom, JA and Thorne, PG, “Privacy Principles - Tacit Assumptions Under Threat” (1986) 2 Jnl of Law and Information Science 68, 71-72Google Scholar.

106 A system that stores implicit information is termed relational or deductive since the information can only be gleaned using a stored code or rule of some kind. Latent information, on the other hand, can only be ascertained by using a unique identifier that is not a stored or external rule. Hence latent information can only be discovered by accident or exhaustive research, using what is commonly termed a free-text retrieval system: ibid 74-75; Greenleaf, Gand Clarke, R, “A Critique of the ALRC's Information Privacy Principles” (1986) 2 Jnl of Law and Information Science 83, 102-107Google Scholar.

107 Supra text at nn 64-65

108 Cranston, R, “Reform through Legislation: The Dimension of Legislative Technique” in R Tomasic (ed) Legislation and Society in Australia (1980) 88, 91Google Scholar.

109 ALRC, supra n 9, Vol 1 304-305.

110 Note also the requirement under federal administrative law that Commonwealth Government officials base their decisions on relevant considerations: Administrative Decisions (Judicial Review) Act 1977 (ss 5(2)(a) and 5(2)(b)).

111 R Clarke and G Greenleaf, supra n 64, 1413.

112 Greenleaf, G, “No Confidence in the Commonwealth Privacy Bill” (1988) 62 AU 78, 80Google Scholar.

113 Bayne, P, “Administrative law and the new managerialism in public administration” (1988) 62 ALJ 1040Google Scholar; Barnes, J, “The Politics of Administrative Law - A New Phase?” (1989) 2 ABL Rev 157Google Scholar.

114 P Bayne, supra n 113, 1045.

115 Bayne, P, “Freedom of Information: democracy and the protection of the processes and decisions of government” (1988) 62 AU 538, 538Google Scholar.

116 P Grabosky and J Braithwaite, supra n 48, 142-143.

117 Ibid 143.

118 Ibid 149.

119 Ibid 10, 23.

120 See cl 1 14-20 of the Privacy Amendment Bill 1989.

121 See ss 31 and 32 of the Law and Justice Legislation Amendment Act 1989 (Cth).

122 Privacy Commissioner, First Annual Report on the Operation of the Privacy Act (1988), 35.

123 Id.

124 Id.

125 P Grabosky and J Braithwaite, supra n 48, 2.

126 Eg TW Arnold, The Symbols of Government (1935); V Aubert, “The Social Functions of Law” in V Aubert (ed) The Sociology of Law (1972) 116-126; R Cotterrell, The Sociology of Law: An Introduction (1984) 108-11l.