How Will Australia's New Privacy Laws Work Post-Snowden?

If you are trying to make sense of privacy in the age of Edward Snowden, Facebook, Google Glass, drones, Snapchat, genetic profiling and the Personally Controlled Electronic Health Record you could be forgiven for being confused. In 2014 the confusion isn't going to go away.

Snowden picture from Shutterstock

That's because people have different views of privacy, different priorities and get mixed messages from an increasingly complex patchwork of Commonwealth, state and territory law. Law is about sending messages rather than just about punishment.

On March 12 the amended national Privacy Act 1988 comes into effect. The Act covers all Australians but is weakened by exceptions. In the words of one of my students it has "more holes than swiss cheese".

Limits of the law

The Act covers information privacy — in essence the creation and use of computer files — rather than all privacy. It doesn't, for example, cover the increasingly prevalent workplace drug testing, police strip searches and nastiness such as covert private videos of your bedroom.

It is administered by the Office of the Australian Information Commissioner (OAIC), an agency that is seriously under-resourced. There are questions about its expertise and apparent permissiveness in dealing with big business and big government agencies. The OAIC has been softer than its peers in Europe, which are increasingly sending a strong legal message about privacy invasions by Google, Facebook and the NSA.

The Act permits any collection of information or invasion of privacy that is lawful. In the absence of constitutionally protected human rights, that "lawfulness" simply means whatever the government of the day can get through the parliament. That is convenient but results in complexity, confusion and omission.

In good company?

The Act sits alongside over 500 other Acts and provisions dealing with privacy.

Some are benign, such as protection of the census and tax records. There is a strong social good in people providing information to government. We could not enjoy the benefits of the welfare system and of the electronic payments system without providing some information to a wide range of agencies and businesses. We do so on the basis of trust, which public and private sector actors are tempted to abuse.

The value of other Acts depends on your perspective. Some critics for example regard any data collection by intelligence agencies as utterly abhorrent. Others, such as this author, recognise the appropriateness of surveillance in particular circumstances.

As media consumers and increasingly media creators we are habituated to practices that disrespect the privacy of other people or that facilitate the disregard of our own privacy. That complicity fosters visceral responses by the commercial media to inquiries by Leveson and Finkelstein. Media executives have for example rationalised egregious privacy abuses through claims that freedom of speech is more important than privacy as a freedom from interference. Claims that the public have a "right to know" or that all publication is "in the public interest" confuses public curiosity with public interest. What's good for Channel 7 or News Corp is not necessarily good for you or I.

Basic rights, not assumed

Non-interference is a deeply traditional value, inherent in common law since the middle ages and notions that an englishman's home is his castle. Regrettably it is not a value that seems to be acknowledged by the federal government in rhetoric about winding back law that erodes traditional freedoms. One freedom — disregarded by creeping surveillance law — is the freedom to be left alone if you are in a private space and causing no harm.

This year will see the report by the Australian Law Reform Commission about establishment of a privacy tort, with scope for action by individuals whose privacy has been unlawfully invaded. The report follows strong recommendations by other commissions and parliamentary committees for a tort that would fix holes in the privacy patchwork and deal with technological challenges such as drones and Google Glass.

If we are thinking about principles we need to consider potentially conflicting rights. There is no simple answer and we cannot magic away policy dilemmas in the style of one academic who dismissed privacy as something for woolly-minded members of the public who believe in santa and unicorns.

Do you have a right to be free of interference? Do you have a right to know, a right that covers celebrities and your neighbours and your children and the wife of the Indonesian president? Do we need watchdogs with teeth and a willingness to go out in stormy weather? Should we leave privacy to Mr Gates, Mr Brin, Mr Snowden and Mr Zuckerberg?

We need to look at principles and have an informed community discussion about social goods rather than being driven by personal or bureaucratic convenience.

Bruce Baer Arnold is Assistant Professor at the School of Law at the University of Canberra. He does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations.

The ConversationThis article was originally published on The Conversation. Read the original article.


Comments

    The starting point is a set of clear unambiguous principles that start by protecting the individual and allowing him/her to 'close the room door' and shut out any form of surveillance or monitoring when desired - providing, that is, there is no legally justified cause, such as being under suspicion for committing a crime.

    The principle is, of course, being presumed innocent until proven guilty. Only if directly under suspicion by a legally empowered law enforcement or intelligence agency, should a person' privacy be allowed to be invaded. I know there are degrees of investigation and invasion of privacy, but there still should be a legally justified cause, not a vague unproven 'anti-terror' scaremongering reason.

    If a person has the right to opt-out of spam or telemarketing calls, it is a recognition of that person's right to refuse uninvited communication. It is a recognition of their right to privacy. Why then do governments not apply that same principle to the mass collection of communication metadata?

    I'm able to stop a company from emailing me, but I'm not allowed to stop the government from tracking my emails - how does that work exactly? How is the government more entitled to invade my privacy than the corporations?

    What disturbs me most is the speed at which all of this has happened, and how quickly our so-called democracy has collapsed into a benign 'police state'. It is also extremely disturbing that the recent revelations have revealed our powerlessness to control the governments that supposedly represent us and work for us. We are rapidly discovering how weak we are and how powerful our governments really are, and how far they will go to maintain their control over us.

    This, of course, can only go in one direction, as it historically has done so many time - revolution, overthrowing governments, bloodshed, and immense suffering. Witness the Arab Spring and what it has cost in terms of lives and suffering, and still they struggle and die for the right to a form of freedom that they believe we have and they don't. Ours is still better, but worse than it was 20 years ago.

Join the discussion!

Trending Stories Right Now