Review of the Privacy Act 1988 (Cth) – Issues Paper Attorney-General’s Department 17 December 2020 Telephone +61 2 6246 3788 • Fax +61 2 6248 0639 Email [email protected] GPO Box 1989, Canberra ACT 2601, DX 5719 Canberra 19 Torrens St Braddon ACT 2612 Law Council of Australia Limited ABN 85 005 260 622 www.lawcouncil.asn.au Table of Contents About the Law Council of Australia ............................................................................... 3 Acknowledgement .......................................................................................................... 4 Executive Summary ........................................................................................................ 5 General Comments ......................................................................................................... 7 From ‘notice and consent’ (user privacy self-management) to accountability of APP entities ........................................................................................................................... 7 Objectives of the Privacy Act (Question 1) ................................................................... 8 Australian Privacy Principles ......................................................................................... 9 Definition of personal information (Questions 2 to 5) .................................................10 Flexibility of the APPs in regulating and protecting privacy (Question 6) .................12 Exemptions ....................................................................................................................13 Small business exemption (Questions 7 to 12) .............................................................13 Employee exemption (Questions 13 to 15) ...................................................................14 Political exemption (Question 16) .................................................................................16 Journalism exemption (Questions 17 to 19) .................................................................16 Notice and consent (Questions 20 to 35) .....................................................................17 Consent requirements including default privacy settings ..............................................17 Default privacy settings ................................................................................................18 Control and security of personal information (Questions 43 to 47) ...........................19 Security and retention ..................................................................................................19 Erasure of personal information....................................................................................20 Overseas data flows and third-party certification (Questions 48 to 52) .....................21 Enforcement powers under the Privacy Act and role of the OAIC (Questions 53 to 55) ...............................................................................................................................23 Direct right of action (Question 56) ..............................................................................23 Statutory tort (Questions 57 to 62) ...............................................................................24 Notifiable Data Breaches scheme: impact and effectiveness (Questions 63 to 65) ...................................................................................................................................25 The impact of the notifiable data breach scheme and its effectiveness in meeting its objectives .....................................................................................................................25 Interaction between the Privacy Act and other regulatory schemes (Questions 66 to 68) ..........................................................................................................................26 The desirability and feasibility of independent certification scheme to monitor and demonstrate compliance with Australian privacy laws ..................................................26 Data privacy and artificial intelligence ...........................................................................26 Review of the Privacy Act 1988 (Cth) – Issues Paper Page 2 About the Law Council of Australia The Law Council of Australia exists to represent the legal profession at the national level, to speak on behalf of its Constituent Bodies on national issues, and to promote the administration of justice, access to justice and general improvement of the law. The Law Council advises governments, courts and federal agencies on ways in which the law and the justice system can be improved for the benefit of the community. The Law Council also represents the Australian legal profession overseas, and maintains close relationships with legal professional bodies throughout the world. The Law Council was established in 1933, and represents 16 Australian State and Territory law societies and bar associations and the Law Firms Australia, which are known collectively as the Council’s Constituent Bodies. The Law Council’s Constituent Bodies are: • Australian Capital Territory Bar Association • Australian Capital Territory Law Society • Bar Association of Queensland Inc • Law Institute of Victoria • Law Society of New South Wales • Law Society of South Australia • Law Society of Tasmania • Law Society Northern Territory • Law Society of Western Australia • New South Wales Bar Association • Northern Territory Bar Association • Queensland Law Society • South Australian Bar Association • Tasmanian Bar • Law Firms Australia • The Victorian Bar Inc • Western Australian Bar Association Through this representation, the Law Council effectively acts on behalf of more than 60,000 lawyers across Australia. The Law Council is governed by a board of 23 Directors – one from each of the constituent bodies and six elected Executive members. The Directors meet quarterly to set objectives, policy and priorities for the Law Council. Between the meetings of Directors, policies and governance responsibility for the Law Council is exercised by the elected Executive members, led by the President who normally serves a 12 month term. The Council’s six Executive members are nominated and elected by the board of Directors. Members of the 2020 Executive as at 1 January 2020 are: • Ms Pauline Wright, President • Dr Jacoba Brasch QC, President-elect • Mr Tass Liveris, Treasurer • Mr Ross Drinnan, Executive Member • Mr Greg McIntyre SC, Executive Member • Ms Caroline Counsel, Executive Member The Secretariat serves the Law Council nationally and is based in Canberra. Review of the Privacy Act 1988 (Cth) – Issues Paper Page 3 Acknowledgement The Law Council acknowledges the assistance of the Privacy Law and Media and Communications Committees of its Business Law Section, the Law Society of New South Wales, the Law Institute of Victoria, the Law Society of South Australia and the Law Society of Western Australia in the preparation of this submission. Review of the Privacy Act 1988 (Cth) – Issues Paper Page 4 Executive Summary 1. The Law Council appreciates the opportunity to provide this submission to the Attorney-General’s Department (the Department) in response to the Privacy Act Review Issues Paper (Issues Paper). 2. The Law Council notes that the Privacy Act 1988 (Cth) (Privacy Act) has now been in operation for over 30 years and that the Privacy Amendment (Private Sector) Act 2000 (Cth) was introduced some 20 years ago, extending privacy obligations to the private sector to provide a minimum set of privacy protections for individuals. During this time there have been significant changes to the landscape in which these pieces of legislation operate and therefore the Law Council welcomes the current review of the legislative framework. 3. The Law Council has not sought to respond to each of the 68 questions tendered in the Issues Paper in the time available in which to respond. Instead, the Law Council’s responses are grouped under the headings outlined in the Issues Paper, which are based on key themes or issues. The focus of the responses is on legal issues, noting that this area of law is highly sensitive to the speed of technological and social changes and impact on policy. 4. Noting that the Issues Paper is the first step in a broader review of the Privacy Act, the Law Council will endeavour to engage with its Constituent Bodies and other key stakeholders with the view to arriving at a settled and unified position on key privacy issues prior to participating in the next stage of the review. 5. The Law Council looks forward to contributing to future components of the Department’s review. At this point in the consultation process, the Law Council provides the following recommendations, designed to assist in the Department’s development of a Discussion Paper in early 2021, namely that consideration be given to: • Reinforcing accountability as part of Australia’s privacy framework. This needs to be considered in the context of other obligations and the limitations of the consent driven model. • Amending the objects of the Privacy Act to include ensuring that acts and practices of Australian Privacy Principle (APP) entities do not unreasonably interfere with the privacy of individuals and providing enforceable rights for individuals to seek redress for an interference with their privacy, in addition to any complaints process. • Including, as expressly operative concepts within the APPs, additional matters to help
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages27 Page
-
File Size-