This is a response to the Australian Law Reform Commission (ALRC)’s Issues Paper 31, Review of Privacy, which is the first stage in the ALRC review of the extent to which the Privacy Act and related laws provide an effective framework for the protection of privacy in Australia.
The submission addresses not only the privacy principles themselves but also some definitional and threshold issues, exemptions and questions of enforcement. A single set of core principles is favoured, but consistency should not come at the expense of higher standards. Some principles need to be revised to remove uncertainty in their application and to overcome the unexpected effect of narrow interpretations by Commissioner’s tribunals and courts. The definitions and principles combined should aim to ensure maximum coverage, and exemptions should be strictly limited to where competing public interests can clearly be demonstrated. The submission also makes a case for strengthening principles in relation to purpose justification, anonymity, security breach notification and automated decision making. The problems of forced and bundled consent need to be addressed. There should be a greater emphasis in enforcement on achieving systemic changes with more proactive monitoring and enforcement and encouragement of representative complaints.
Date of this Version
Graham Greenleaf, Nigel Waters, and Lee Bygrave, "Implementing Privacy Principles: After 20 Years, It’s Time to Enforce the Privacy Act" (May 2007). University of New South Wales Faculty of Law Research Series. Working Paper 31.