Academic debate has tended to favour prisoner enfranchisement, on multiple grounds. In these accounts, the vote is seen as a fundamental, if not inalienable, human right in international law, whose denial to prisoners is indirectly racially discriminatory. Denying the vote is seen as counter-productive to the purpose of incarceration as social rehabilitation, and not sensibly understood as a form of punishment. There is more than a whiff of the discredited idea of ‘civil death’ about prisoner disenfranchisement.

On the political, and hence legislative front, however, prisoner voting has been fair game. This has chiefly been a symbolic battle, with conservatives seeing prisoners as having seriously breached the social contract. They remain part of the governed, but temporarily forfeit the right to select the governors.

For most of last century, prisoners were disqualified from voting, or nominating or serving as MPs whilst under sentence for an offence with a maximum of one year’s gaol. In 1983 the Hawke government expanded the federal franchise to prisoners whose offences carried a maximum sentence of less than five years. In 1995, the disenfranchisement was eased to an actual sentence of 5 years or more, largely for administrative convenience.

But in 2004 the Howard government reduced this to a three-year rule, in a compromise agreed by Labor. Then in 2006, this became a blanket ban on any prisoner under full-time sentence,4 at least for an Australian offence. Ironically, the voting rights of David Hicks, despite his US conviction on terrorism-related charges, were preserved. A further curiosity of the 2006 legislation was that prisoners were not freed of the compulsion to enrol. Rather, the Australian Electoral Commission (AEC) was to cleanse them from the certified lists for polling day.

The High Court of Australia was invited into this contentious fray by Vicki Roach. An Aboriginal woman who was sentenced in 2004 to six years for burglary including negligent injury and endangerment, Ms Roach had since completed a masters degree. Her case was driven by pro-bono lawyers and run through the Victorian Human Rights Law Resource Centre.

In late August this year, to the great surprise of most commentators, the High Court struck down the ban on prisoner voting. The surprise was a product of both the conservatism of the Court in the past decade, and its longstanding deference to parliamentary sovereignty in electoral matters.

The case was only a partial victory for Ms Roach, however. The 4-2 majority upheld the prior ban on voting by those subject to sentences of three years or more, and hence she will miss voting at the forthcoming federal election.

This note explores the compromise inherent in the Court’s reasoning, and reflects on its wider ramifications for the constitutionalisation of the right to vote given the absence of any mention of such a right in the Australian (or State) Constitutions.

In its submissions the Commonwealth advanced three alternative arguments for validity: -the 'geographic externality' argument - that ss.SOBA and SO BC are laws with respect to a matter physically external to Australia (ie, conduct outside Australia); -the 'external relations' argument- that ss.SOBA and SOBC are laws affecting Australia's external relations with other nations (being laws to curtail 'child sex tourism'); -and the 'international concern' argument- that ss.SOBA and SOBCare laws with respect to a matter of international concern (ie, 'child sex tourism').

The Full Court upheld the validity of the laws in question by a S:2 majority (Gleeson CJ, Gummow, Kirby, Hayne and Crennan JJ; Callinan and Heydon JJ dissenting). The order regarding validity was made at the conclusion of the hearing by the Full Courton 17November200S. Reasons were published on 13 June 2006.

The new Personal Data Protection Act enacted 26 May 2010 is in effect a new piece of legislation. It will not be brought into force until 2012 when the Enforcement Rules necessary for operation of some sections, are expected to be prescribed by the Executive Yuan. The Act is comprehensive in relation to both public and private sectors, and thus much more extensive than the previous Act in relation to the private sector. The revised Act still has no single oversight body, and does not create a data protection authority. Enforcement is left to the Ministries responsible for each industry sector. The obligations imposed by the Act have been considerably expanded, particularly those in relation to notice, and to sensitive data. Data exports (‘international transmission’) by private organisations (‘non-public agencies’) may be restricted by ‘the central competent authority for the relevant industry’ (A 21), but this is not an automatic prohibition on exports. The Act has the first example of an enforceable requirement to notify data subjects (but not the relevant authority) of data breaches enacted in Asian data protection legislation, although the data breach notification provisions in the 2011 Korean legislation is the first to come into force. However, the Taiwanese provision does not apply to all ‘data breaches’, only to those where the company or government agency has breached a provision of the Act. Contraventions of the Act, where damage is caused to another person, can be punished by imprisonment up to two years or substantial fines. Potentially more important are the extensive provisions for damages actions, and for class action litigation (where ‘the rights of multiple subjects are injured by the same causal facts’) by representative organisations which have objectives of protecting personal data. While not as innovative as Korea’s new law, this Act does bring Taiwan up to many aspects of international standards.

The Bill does not include the extensive strengthening advocated by the Privacy Commissioner, but does propose modest improvements. Companies will always have to give individuals notice that they intend to sell their personal data, or even use it for their own marketing, but will still be allowed to do so unless the individual exercises an ‘opt out’ right. Breaches can make businesses liable to a fine of up to HK$1 million (US$128,500), an amount that is potentially crippling for a small business. There are considerable anomalies in these provisions. It seems that a blanket ‘Don’t ever sell my personal data’ notice would be possible. This raises the prospect that an inventive ‘Do not sell/market’ list broker could offer a service to send mass written notifications to major Hong Kong organisations, relieving individual data subjects of the burden of multiple notifications, thus turning direct marketing completely on its head. The drafter may also have overlooked the fact that public bodies controlling public registers sell personal data by providing copies of the information in their registers for a fee and are generally obliged to do so by the legislation governing the registers. The Bill would, on its face, apply to prevent them so doing this unless they complied with its notification and objection provisions.

The Bill will improve the current weak enforcement provisions. The Commissioner will now be able to order organisations to remedy contraventions of the Ordinance. Compensation proceedings will now be moved to the District Court, where the usual costs order is ‘no order as to costs’, which may reduce or remove the deterrent effect of the risk of expensive court costs. The Commissioner will also be empowered to assist litigants. For the first time, the Commissioner will also be empowered to assist parties to reach a settlement or compromise. It is possible that the Bill may be strengthened by the legislature (LegCo), because of the extent of public disquiet over the data breach scandals involving police and hospitals, and data sales scandals involving data from the Octopus transit card, banks and telcos.

However, a measure of certainty followed the Court’s endorsement, through the 1990s, of the formulation contained in the judgment of Mason J in Queensland Electricity Commission v Commonwealth (“QEC”). He framed the principle as comprising 2 elements, or limbs. The first limb, described in terms of discrimination, dealt with Commonwealth laws that singled out States for special burdens or disabilities; the second limb dealt with Commonwealth laws which, while not singling States out, operated so as to destroy or curtail their continued existence or capacity to function.

I do not share his Honour’s gloom. First, not all Federal or State Court decisions dealing with the Constitution cower under the damoclean sword of a successful special leave application or a s 40 removal. Many clearly dazzle in their own right (and perhaps light). Secondly, while some such cases do end up in the High Court so that, to that extent, the Federal and State Court decisions might be seen as “unfinished matters”, no-one doubts the utility of the intermediate decisions which, to quote Justice French again, “will settle the factual aspects of the case, dispose of lesser issues and sharpen the focus of interpretational choices that have to be made.”

Indeed French J shook off his gloom to a certain extent by asking rhetorically “where would we be without” such decisions. As he said, “most of the important constitutional law of Australia originates in proceedings in the lower courts.” This is demonstrated by the range of cases decided by the Federal and State courts in the 2003 term.

The Working Party’s favourable ‘Opinion 11/2011 on the level of protection of personal data in New Zealand’ (4 April 2011) is the first time a non-European country with legislation that largely predates Directive 95/46/EC and is modelled primarily on the 1980 OECD Guidelines on data protection has been given an adequacy finding. Moreover, the recommendation of adequacy has been given despite considerable shortcomings in the NZ data protection regime. This not only reiterates the by now trite point that adequacy does not equal equivalence, it also illustrates how much variation from the criteria set out in 1997 and 1998 is accepted as not preventing a finding of adequacy. So it is valuable to consider the Opinion in some detail, particularly with a view to drawing lessons on the balance that the Working Party is ready to strike between pragmatism and formalism.

This article concludes that the reasons given by the Working Party for finding adequacy despite putative weaknesses in New Zealand’s regime are primarily very practical ones relating to the geographical and economic position of New Zealand: its relative geographic isolation; the limited EU-sourced data likely to be transferred to New Zealand (which minimises the problem of onward transfers); and the reciprocal lack of direct marketing into the EU that could be expected from NZ. This Opinion signals significant pragmatic preparedness on the part of the Working Party. It also underlines the fact that it is the effect of a third party’s laws on EU citizens that counts toward adequacy, not the effect on the country’s own citizens. It will be relatively rare that personal data on EU citizens ends up in New Zealand, so a good deal of tolerance of variation from the core principles previously set out by the Working Party is permitted by them in delivering an adequacy opinion. We could say (with some exaggeration) that the standard of adequacy is in inverse proportion to proximity, provided that ‘proximity’ is considered to include the economic and social, not only the geographical.

In a country like India, where outsourcing of the processing of European data is of large scale, as are other forms of business and travel involving personal data, different considerations are likely to apply. In Europe they probably will not say ‘Delhi is far away’, even though they have found that Wellington is.

The draft Bill leaves most of the details of the demographic and biometric information which will be required to be included Regulations, and imposes no controls on which organisations can require UIDs, or what they can do with them. This article focuses on the planning documents for the UID, and the Bill, to argue that India may be building an identification system that puts peoples’ liberties at risk, and does so in a way which will be largely out of control of democratic or judicial restraints on such a powerful use of information technology. This article argues that the current operation of the aadhaar, and the draft Bill are deficient in that they lack at least the following protective provisions:

(i) Outsourcing of the operation of the CIDR should be by regulations identifying the outsourcing provider, and thus disallowable. Any movement of CIDR data outside India should also be by regulations. (ii) The Central Information Commission, or a similarly independent tribunal, should be empowered to adjudicate all disputes between the Authority and individuals. (iii) Individuals should be able to obtain compensation and injunctions for any breaches of their rights. (iv) The biometric and demographic information which can be collected by the Authority should be defined in the Bill, and collection of other personal data prohibited. New legislation, and thus positive Parliamentary approval, should be required for any expansion. (v) The Bill should clarify whether obtaining a UID is compulsory or voluntary, and whether services may be denied to people because they do not have one. (vi) If the UID is voluntary, any special measures in relation to marginalised groups should also involve special steps to ensure that voluntariness is respected. (vii) Incentives given to any persons involved in the enrolment process should be designed to ensure that voluntariness is respected. (viii) UID holders should not be required to update their identity details unless this is necessary for the integrity of their UID and authentication. A continuously updated population register is not necessary for an ID number. (ix) The legislation should specify with which other agencies, and in relation to which benefits, the CIDR data can be shared, and any future changes should also be by legislation. (x) It should be prohibited for anyone to require a UID holder to obtain their CIDR data. (xi) It should be prohibited for any other databases to record the UID number.

Amendments such as these would not necessarily make the UID safe for India’s 1.2 billion people, but they would reduce the risks of abuse. As India’s economy and society become increasingly similar to those of other successful capitalist economies, the Indian government will increasingly need to adopt a full data protection law, as is the case throughout Europe and in an increasing number of countries in the Asia-Pacific. It has often been the case that the introduction of a new data surveillance system such as an ID card or a data matching system has shown the need – and provided the political trade-off – for the introduction of a full data protection law.

Note: The Bill that is analysed in this article, which was written in July 2010, differs in some respects from the Bill introduced into the Indian legislature, and which is due for debate in November/December 2011.

A draft Privacy Bill, 2011 (India Legislative Department, 2011) also became public, but has not been introduced into Parliament. If enacted, it will create a three person Data Protection Authority of India (DPAI). The Bill will also create a statutory right of privacy (another first for the Asia-Pacific), open-ended in its definition but including rights of confidentiality, freedom from surveillance, and protection of personal data (possibly including the specific rights under the s43A Rules system). The Bill also sets out a detailed data privacy code, somewhat different from that under the s43A Rules. The DPAI will have very extensive functions, including keeping a register of data controllers (a step out of keeping with all other Asia-Pacific laws), and strong powers to investigate the actions of any data controller and issue directions to them. Individuals will be able to lodge complaints against data controllers with the CAT, which would be empowered to make any orders it thinks fit including compensation. A bizarre aspect of the Bill, for a country seeking an EU adequacy finding, is that it limits its protection to Indian citizens. The Bill is very complex, including detailed controls on surveillance as well, but only a draft as yet, and will undoubtedly be modified very considerably before it progresses.

India is therefore one of the few countries to have enacted data privacy laws for its private sector, but not for its public sector. That may not prove to be tenable in the longer run.

From the mid-1990s the world-wide-web provided the necessary technical platform to enable free public access to computerised legal information – a low cost distribution mechanism. In many countries the first attempts to exploit the advantages of the web for providing legal information came from the academic sector rather than government, and did so with an explicit ideology of free access provision. The first group of such organisations became known collectively as ‘legal information institutes’ or ‘LIIs’. Two distinguishing characteristic of the ‘LIIs’ are that (i) they publish legal information from more than one source (not just ‘their own’ information), for free access via the Internet, and (ii) they collaborate with each other through membership of the ‘Free Access to Law Movement'.

Most but not all share three other characteristics. They collaborate through data sharing networks or portals, and also technical networks for back-up security purposes. Most are independent of government, though this is diminishing as a distinguishing feature. The majority use one of two open source search engines: the Sino search engine developed by AustLII and the Lucene search engine utilised by LexUM in the development of various LIIs.

Three LIIs played key roles in early developments: the Legal Information Institute (Cornell), AustLII, and LexUM. They each developed from research projects on various aspects of legal automation going back to the 1980s, and were ready to capitalise on the world-wide-web’s sudden emergence into public prominence around 1994. Their roles are explained.

From 2000 AustLII started to use its search engine and other software to assist organisations in other countries, initially limited to those with academic roots, to establish LIIs with similar functionality. AustLII helped to establish between 2000-04 servers and databases for six LIIs (BAILII, PacLII, HKLII, SAFLII, CyLaw and NZLII). It operated the servers for a period on behalf of its local partners, with progressive local take-over of operations. Responsibility for obtaining and developing legal data was usually undertaken by the local partner from the outset. Each of these LIIs is described. Having established CanLII, LexUM used the tools it had developed to create, with local partners, Droit Francophone (2003), JuriBurkina (2003) and JuriNiger (2007).

The Free Access to Law Movement (FALM), established in 2002, is a loose affiliation of 33 legal information institutes as of March 2010. The ‘Law via Internet’ Conferences have since 1997 been the principal means by which this cooperation was established. The Declaration on Free Access to Law (2002) sets out FALM’s aims as ‘the primary role of local initiatives in free access publishing of their own national legal information’ and secondly that ‘All legal information institutes are encouraged to participate in regional or global free access to law networks’.

The development of multi-LII portals since 2002 is described, particularly WorldLII, CommonLII and AsianLII, plus the LawCite citator, operated by AustLII in cooperation with twelve other LIIs. The Global Legal Information Network (GLIN), operated by the US Library of Congress, and by LexUM’s development of Droit Francophone, are also described. The number of databases provided by all of the LIIs of the Free Access to Law Movement has been growing rapidly ever since 2002, and amounted to 1190 databases in 2009.

Different models for networking free access LIIs are discussed. The LII networks provided through WorldLII, CommonLII and AsianLII primarily utilise a replication / synchronisation model, and differences within FALM on this strategy, compared with ‘federated searching’, are outlined. Various other policy differences within FALM are also discussed.

The extent to which FALM is global is analysed, including the role that ‘government LIIs’ can play in FALM. It is clear that there is far more free access to law than is provided by the current members of the Free Access to Law Movement. The geographical scope of FALM membership is nevertheless as yet far more limited than the spread of free access to law as an idea and a reality, being concentrated on the Anglophone and Commonwealth countries, some parts of the francophonie, and parts of Asia. This is a challenge for a movement which is potentially global, but also indicates that the Free Access to Law Movement and the development of LIIs may yet be far from reaching its maximum impact. The extent of free access outside FALM is outlined.

Reasons why impediments to full free access to law are decreasing are outlined, particularly in relation to copyright law and access to data. The extent to which FALM members have established standards for citations are discussed.

The most concerted discussion of some of the principles in the Declaration on Free Access to Law, and further development of them, took place at an expert meeting called by the Hague Conference on Private Law in 2008, resulting in 18 draft Principles on desirable conduct of States in relation to free access to legal information. The relationship between LIIs and Internet search engines like Google, and why most LIIs block search engines from indexing their case law, are also discussed.