Submissions and consultations

36.50 In DP 72, the ALRC observed that the exemption of agencies listed under sch 2 of the FOI Act from the Privacy Act appeared to derive from their exempt status under the FOI Act. The ALRC noted that it had not received submissions from most of the relevant agencies and, accordingly, could not make an informed policy decision about whether they should remain exempt from compliance with the Privacy Act. The ALRC considered, however, that the relevant agencies should be provided with a final opportunity to make a case for retaining their exempt status if they considered their exemption from the Privacy Act justified.

36.51 The ALRC proposed, therefore, that certain agencies listed in Part I, div 1 and Part II, div 1 of sch 2 of the FOI Act be required to demonstrate to the Attorney-General that they warrant exemption from the operation of the Privacy Act. Those agencies included the Aboriginal Land Councils and Land Trusts, the Auditor-General and the National Workplace Relations Consultative Council, the Department of the Treasury, the Reserve Bank of Australia, the Export and Finance Insurance Corporation, ACMA, the Classification Board, the Classification Review Board, Austrade and the NHMRC. The ALRC further proposed that the exemption be removed if the relevant agency did not make an adequate case for retaining its exempt status.[80]

36.52 A number of stakeholders supported this proposal.[81] The OPC stated that exemptions should be kept to a minimum and justified on the basis of clear policy or public interest. Further, it submitted that any exemptions from the operation of the Privacy Act should be defined clearly. The OPC also suggested that a review of the existing exemptions from the Privacy Act should address irregularities in the coverage of the exemptions, and the potential of the exemptions to undermine national consistency and promote fragmentation in privacy regulation. While the OPC was not aware of any ‘clear and compelling justifications’ for the exemption of the agencies discussed in this chapter, it supported the approach proposed by the ALRC to determine the appropriateness of their exempt status.[82]

36.53 Some stakeholders expressed the view that agencies should not be exempt automatically from the operation of the Privacy Act by virtue of their exempt status under the FOI Act,[83] particularly given the different policy objectives of the Privacy Act and the FOI Act.[84] The Cyberspace Law and Policy Centre submitted that any difficulties in complying with privacy principles should be dealt with by way of selective exceptions to particular principles on the basis of detailed justification. It further suggested that these agencies also should justify their exemption from related provisions of the FOI Act.[85]

36.54 Other stakeholders also supported the proposal, but submitted that any review of the exemption of the agencies discussed in this chapter from the operation of the Privacy Act should be subject to a process of public consultation and allow for other interested parties, such as privacy advocates and consumer groups, to make submissions on the issue.[86]

36.55 The OVPC submitted that agencies should not be exempt completely from the Privacy Act. It was of the view that exemptions or exceptions should apply only to specific practices or principles, and that certain principles should apply universally, such as the ‘Data Security’ and ‘Data Quality’ principles. In addition, it suggested that ‘privacy legislation should only be subject to such reasonable limits … as can be demonstrably justified in a free and democratic society’.[87]

Aboriginal Land Councils and Land Trusts

36.56 One stakeholder specifically supported the removal of the exemption that applies to Aboriginal Land Councils and Land Trusts. It submitted, however, that the exemption should be removed as soon as possible, noting that certain land councils and land trusts have ‘repeatedly ignored or otherwise refused’ requests by Aboriginal people for access to their personal information, including information about their traditional rights and interests in lands and seas.[88]

36.57 The Law Council of Australia noted that the need for specialised consultations with Indigenous organisations had been identified in other legal contexts, such as native title and heritage protection. It therefore suggested that the appointment of an Indigenous consultant for the purpose of specific consultation with Indigenous organisations on the exemption would be desirable.[89]

NHMRC

36.58 The NHMRC advised that it is ‘unaware of the reasons for the exemption in the Freedom of Information Act and would not object to the exemption [under the Privacy Act] being removed’. It observed, however, that the exemption of the NHMRC from the FOI Act also may be reviewed in the context of the ALRC’s current inquiry into the FOI Act.[90]

AUSTRAC

36.59 In DP 72, the ALRC expressed the view that the exemption that currently applies to AUSTRAC should remain. The ALRC noted that the exemption is limited to AUSTRAC’s law enforcement functions, and expressed the view that the application of the Unified Privacy Principles (UPPs) to AUSTRAC could cause difficulties for AUSTRAC’s operations. Further, the ALRC noted that AUSTRAC officials are subject to strong information-handling and secrecy provisions.[91]

36.60 The Australian Privacy Foundation and the Cyberspace Law and Policy Centre submitted that, like other agencies that are exempt from both the FOI Act and the Privacy Act, AUSTRAC also should have to justify its exemption from the Privacy Act.[92]

36.61 AUSTRAC submitted that its partial exemption from the Privacy Act should remain. It suggested that there are two important policy reasons behind the exemption concerning the reporting of suspected illegal transactions. First, individuals should not be alerted to the fact that suspect transaction reports were made in relation to them because

such reports may be relevant to criminal investigations or investigation relating to terrorism financing and tipping off may prejudice those investigations. In addition, cash dealer staff members that report such transactions may be put at risk if it is disclosed that a suspect transaction report has been lodged.[93]

36.62 AUSTRAC stated that cash dealers have legitimate concerns about protecting their staff from retribution for filing a suspected transaction report. It submitted that if information concerning the existence of a suspected transaction report could become known to the subject of the report, there would be a decrease in both the number and quality of suspected transaction reports.[94]

36.63 AUSTRAC submitted further that ‘protecting the privacy of AUSTRAC’s information is a key priority for the agency’. It submitted that there is a high level of privacy protection in relation to AUSTRAC’s information. In particular, information held by AUSTRAC is protected by:

  • the provision of training for all staff on privacy requirements;

  • secrecy and access provisions under Part 11 of the AML/CTF Act;

  • limited access to AUSTRAC information pursuant to an Instrument of Authorisation signed by the AUSTRAC CEO under s 126(1) of the AML/CTF Act;

  • Memoranda of Understanding between the AUSTRAC CEO and the Chief Executive of 29 of the 33 designated agencies that are entitled or authorised to have access to AUSTRAC information;

  • audit trails of access to suspected transactions reports by its own staff, the Australian Taxation Office and designated agency officers; and

  • a legislative requirement that, in the performance of his or her functions, the AUSTRAC CEO consult with the Privacy Commissioner.[95]

ABC and SBS

36.64 In DP 72, the ALRC expressed the view that the exemption of the ABC and the SBS from the Privacy Act by virtue of their exempt status under the FOI Act was not justified, and that they should not be treated differently from media organisations in the private sector. The ALRC therefore proposed that the exemption that applies to the ABC and the SBS under the Privacy Act be removed.[96]

36.65 Some stakeholders supported this proposal.[97] The OPC did not comment specifically on whether the exemption that applies to the ABC and the SBS should remain. It stated, however, that it supported the retention of the journalism exemption in its revised form, which would apply to exempt the ABC and the SBS from the Privacy Act in the context of their journalistic activities.[98]

36.66 Both the ABC and the SBS submitted that their exemption from the Privacy Act should be retained, on the basis that their programming materials are not ‘commercial activities’ and therefore are not, and should not be, subject to the Privacy Act. They argued that they should not be regarded as being in commercial competition with private sector media organisations because they have specific statutory functions and governance requirements that are different from those that apply to other media organisations.[99] The ABC and the SBS submitted further that being exempt from the operation of the IPPs and NPPs in relation to their program-making activities does not mean that they are not subject to privacy regulation or oversight. They observed that they are subject to privacy provisions in their editorial policies, as well as codes of practice that are lodged with ACMA, which investigates complaints about alleged breaches of the codes.[100]

36.67 The SBS submitted that removing the exemption ‘would affect the ability of national broadcasters to carry out their unique role in the Australian media, cultural and political landscape’. It observed that both the ABC and the SBS have statutory functions to inform, educate and entertain Australians, and that they play an important role in communicating political, cultural and other information to the Australian public. The SBS argued that the importance of its role is recognised by its enabling legislation, which establishes certain standards for programming as well as a duty to maintain the independence of the SBS.[101]

36.68 The SBS also submitted that it should continue to be exempt in relation to access to, and correction of, personal information. The SBS was concerned that allowing access to, and correction of, personal information in relation to its program materials would have implications for matters such as the protection of copyright and confidentiality of sources; and may impede the free flow of information to the public, for example, if an injunction were granted based on knowledge of the program’s content. The SBS observed that, while a number of these situations would be covered by other exemption provisions in the FOI Act, such as the exemption for internal working documents and documents relating to business affairs, they lack the certainty an exemption for the SBS’s program materials provides. In addition, the SBS argued that the need to consider requests for access on a case-by-case basis ‘could impede the timeliness and topicality of its news and current affairs reporting and have a deleterious effect on its independence and integrity’.[102]

36.69 Further, the SBS argued that removing the exemption of the SBS and the ABC from the operation of provisions dealing with access to, and correction of, personal information in either the FOI Act or the Privacy Act would subject the national broadcasters to an additional layer of regulation and accountability that does not apply to other broadcasters.[103]

36.70 The ABC was concerned that, in the event that its exemption from the Privacy Act is removed, its journalistic activities would not fall under the journalism exemption and therefore would be subject to the IPPs. The ABC argued that, since its program materials do not relate to ‘commercial activities’, s 7A of the Privacy Act—which requires that certain agencies comply with the NPPs in relation to their commercial activities—would not apply to deem the ABC to be an ‘organisation’ and therefore it would not be a ‘media organisation’ for the purposes of the journalism exemption.[104]

36.71 In addition, the ABC argued that the fact that the ABC and the SBS Boards oversee the development of the national broadcasters’ codes of practice, without the need for prior consultation with ACMA, clearly indicates that Parliament has recognised the primary role of the Boards in overseeing programming-related matters. The ABC submitted that the proposed removal of its exemption would reduce the ABC Board’s statutory oversight of the ABC’s program activities by empowering the Privacy Commissioner to deal with privacy-related complaints in relation to such activities and interfere with the role of ACMA in investigating alleged breaches of the privacy provisions of the ABC’s Code of Practice. It argued that:

the role envisaged for the Privacy Commissioner that will follow from removal of the … exemption runs directly counter to that governance regime, and would constitute a significant encroachment on the ABC’s statutory independence.[105]

[80] Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Proposal 33–2.

[81] See, eg, Australian Bankers’ Association Inc, Submission PR 567, 11 February 2008; Australian Privacy Foundation, Submission PR 553, 2 January 2008; Public Interest Advocacy Centre, Submission PR 548, 26 December 2007; Office of the Privacy Commissioner, Submission PR 499, 20 December 2007; Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007; P Youngman, Submission PR 394, 7 December 2007.

[82] Office of the Privacy Commissioner, Submission PR 499, 20 December 2007.

[83] Public Interest Advocacy Centre, Submission PR 548, 26 December 2007; Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007.

[84] Public Interest Advocacy Centre, Submission PR 548, 26 December 2007.

[85] Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007.

[86] Australian Privacy Foundation, Submission PR 553, 2 January 2008; Public Interest Advocacy Centre, Submission PR 548, 26 December 2007.

[87] Office of the Victorian Privacy Commissioner, Submission PR 493, 19 December 2007.

[88] Midena Lawyers, Submission PR 363, 3 December 2007.

[89] Law Council of Australia, Submission PR 527, 21 December 2007.

[90]National Health and Medical Research Council, Submission PR 397, 7 December 2007.

[91] Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), [33.62]—[33.63].

[92] Australian Privacy Foundation, Submission PR 553, 2 January 2008; Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007.

[93] AUSTRAC, Submission PR 216, 1 March 2007.

[94] Ibid.

[95] Ibid.

[96] Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Proposal 33–3.

[97]Australian Bankers’ Association Inc, Submission PR 567, 11 February 2008; Australian Privacy Foundation, Submission PR 553, 2 January 2008; Public Interest Advocacy Centre, Submission PR 548, 26 December 2007; Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007; P Youngman, Submission PR 394, 7 December 2007.

[98] Office of the Privacy Commissioner, Submission PR 499, 20 December 2007. The journalism exemption is discussed in detail in Ch 42.

[99] Australian Broadcasting Corporation, Submission PR 571, 18 February 2008; Special Broadcasting Service, Submission PR 530, 21 December 2007.

[100]Special Broadcasting Service, Submission PR 530, 21 December 2007; Australian Broadcasting Corporation, Submission PR 94, 15 January 2007.

[101] Special Broadcasting Service, Submission PR 530, 21 December 2007.

[102] Ibid.

[103] Ibid.

[104] Australian Broadcasting Corporation, Submission PR 571, 18 February 2008.

[105] Ibid.