- A Senate committee has reported on the draft Australian Privacy Principles (APPs), taking into account 45 submissions received.
- The committee recommends simplifying the APPs in a number of areas, and also the production of various guidance material to aid interpretation.
- The committee’s recommendations largely avoid re-examining the policy positions on which the draft APPs were based.
- Further privacy reform activity in relation to online privacy, health and credit reporting, is continuing.
The Senate Finance and Public Administration Legislation Committee has released its report1 on the draft Australian Privacy Principles (APPs). The report follows a consultation period which included a public hearing2 and 45 submissions.3
Most of the committee’s 29 recommendations relate to matters of drafting and interpretation. They have largely avoided questioning the policy positions on which the draft APPs are based.
We wrote about the draft APPs in June 20104.
Structure and clarity
The committee has recommended that the APPs be redrafted in a way that is simpler, more concise and avoids unnecessary repetition. In particular they have noted in this regard provisions relating to direct marketing, unsolicited personal information, extraterritorial application of the Privacy Act and information access during negotiations.
Collection of personal information
The committee has recommended that consideration be given to strengthening APP 3 to say that:
- information collected must be necessary, not just ‘reasonably necessary’, for an entity’s functions or activities, and
- the ‘necessary’ test should apply in all cases for private sector organisations—it should not be enough that information is ‘directly related’ to the organisation’s functions or activities.
As with the existing National Privacy Principles and Information Privacy Principles, the APPs are drafted as high-level principles intended to be applied across a wide range of situations. Naturally this can give rise to issues of interpretation, and so the committee has recommended that further explanation or guidance be given in relation to certain matters including the following:
- the meaning of terms ‘personal information’, ‘consent’ and ‘destruction’
- direct marketing to minors and other vulnerable individuals
- the meaning of ‘disclosure’ in the cross-border disclosure principle
- contractual arrangements suitable to meet cross-border disclosure requirements
- accountability for the conduct of foreign recipients of personal information, and
- data-matching by government agencies.
The committee recommends considering whether to allow a transition period for compliance with the new Privacy Act, given that the changes will be extensive. When the National Privacy Principles were legislated in 2000, organisations were given a full year before they took effect.
Federal privacy reform
The APPs are just one element of a range of privacy reforms currently being considered by the Federal Government.
In January, the government released exposure draft credit reporting provisions5 to amend Part IIIA of the Privacy Act, along with a companion guide.6 A public hearing7 on these provisions was held in May and the committee is preparing a separate response.
The government is also working to release draft provisions regarding health privacy and the powers and functions of the Information Commissioner. These will also be responded to in turn by the committee.
Another senate committee (the Senate Standing Committees on Environment and Communications) issued a report8 in April of their inquiry into online privacy. That report made a number of recommendations relevant to the APPs and other aspects of the Privacy Act.