NSWCCL made a submission to the Review of the Privacy Act 1988 advocating for urgent reform to modernise the Act and ensure it is fit for purpose in the digital economy. Privacy is a fundamental human right that is central to the maintenance of democratic societies and achieving respect for human dignity. In this regard, the NSWCCL submits that the right to privacy should be the paramount object of the Act and considers the two primary areas of concern in debates relating to privacy are:
- (a) the intrusive observation of one’s actions (whether by surveillance, listening, data analysis or other mode); and
- (b) the discussion and the misuse of personal information.
NSWCCL supports in-principle many of the proposals outlined in the Discussion Paper and commends the Attorney General’s Department for reflecting the legitimate privacy concerns of a broad spectrum of society. Many Australians are concerned about gaps and ambiguities in the existing privacy regime that undermine the right to privacy. This is especially important in the context of unprecedented integration of digital technology in our everyday lives.
The NSWCCL provided this submission with a view to further refining many of the proposals outlined in the Discussion Paper to ensure that reforms to Australia’s privacy framework are sufficiently protective of privacy and reflect the needs of individuals rather than the interests of business. Before delving into our specific feedback regarding the various proposals to modernise the Act, the NSWCCL would like to make the following overarching submission to be considered as this Privacy Act Review moves forward:
Failure to properly protect privacy results in a reduction in human autonomy and freedom,1 which can harm democratic processes. Enshrining the protection of an individual’s right to privacy as the paramount object of the Act is an important initial step, but the NSWCCL considers that the introduction of a carefully considered definition of ‘privacy’ is of equal importance.
The NSWCCL strongly agrees with the introduction of further organisational accountability requirements into the Act. In light of information and power asymmetries in the processing of personal information, individuals should not be expected to bear the burden of managing privacy risks themselves. Placing the burden of privacy protection onto the individual is unfair and impractical. It is the organisations that hold personal information – governments and businesses – that must bear responsibility for respecting the right to privacy.
The expansion of the OAIC’s funding is critical given that several proposals contained within the Discussion Paper involve the broadening of the OAIC’s current remit. Chronic underfunding will erode the effectiveness of any privacy protections the OAIC seeks to implement and support. To properly conduct both its existing and proposed activities, the OAIC must be adequately funded and consulted in respect of the resources it requires. The OAIC received limited funding to support its privacy initiatives in the 2021- 2022 Federal Budget, despite a significant expansion in its activities with the onset of its Digital Economy Strategy.
There are some practices so privacy invasive or socially damaging that even putative ‘consent’ should not be allowed to authorise them. The OAIC has proposed introducing a “general fairness requirement for the use and disclosure of personal information” as a way of addressing “the overarching issue of power imbalances between entities and consumers” and “protecting the privacy of vulnerable Australians including children”.
More information: Read our full submission