Privacy Laws - Commonwealth of Australia

This document is a partner to pages on Privacy Laws of the Australian States and Territories, on Privacy Laws of the World and on International Instruments

Introduction

This document provides access to Australian laws relevant to privacy, and to many resources that point to yet more laws. Please advise us of improvements that should be made. The links in this page are reviewed periodically. Please advise any broken links to the APF Web-Team.

The remainder of this document presents Commonwealth laws, which are relevant throughout the country. If you are looking for the laws of a State or Territory, those details are in another document. See: N.S.W., Victoria, Queensland, Western Australia, South Australia, Tasmania, A.C.T., Northern Territory.

Commonwealth Laws

The Office of the Federal Privacy Commissioner provides a Guide to Privacy Laws in Australia, which may help orient you to what follows.

Here are some other useful pages on the Privacy Commissioner's site:

• re government, in various formats
• re business
• re health

For general background, see also Clarke (1998a-) and Clarke (1998b-).

The Privacy Act 1988, as amended (esp. in 1990 and 2000)

The primary statute is the Privacy Act 1988. The original version applied to the Commonwealth public sector. It was amended in 1990 to apply also to the credit reporting industry. It was then further amended in 2000 to apply to much of the private sector. The original statute was adequate, the 1990 credit reporting amendment reasonably strong, and the 2000 private sector amendment so bad that some people think it is merely the world's worst privacy legislation whereas other people regard it as anti-privacy legislation.

The heavily amended Act now comprises 253 pages of the most tortuous legalese imaginable. Even the so-called 'principles' occupy over 3,000 words and 12 pages. They have all manner of exceptions and exemptions scattered through them, and the undefined term 'reasonable' appears 24 times. Corporations and expensive lawyers and consultants are having to spend a lot of time trying to grasp the meaning of all that verbiage.

The statute, and documents relating to, and issued under it, can be found in the following places:

• the consolidated Privacy Act 1988, as amended (official version)
• the consolidated Privacy Act 1988, as amended (provided by AustLII)
• the Information Privacy Principles (affecting the Commonwealth public sector)
• the National Privacy Principles (affecting the private sector)
• Privacy Amendment (Private Sector) Act 2000 (which extended the scope to the private sector with effect from 21 December 2001 for large and medium-sized businesses, and from 21 December 2002 for some small businesses)
• Privacy Amendment Act 1990 (which inserted the provisions relating to the credit reporting industry)
• the original Privacy Act of 1988

The Attorney-General's Department's ScalePlus database can also be used, by searching on 'Privacy Act', and then sifting through the hundreds of hits to find the particular document and version that you want

The Privacy Act granted the National Health and Medical Research Council the extraordinary power to issue its own guidelines. For these, see:

• the s.95 Guidelines (March 2000)
• the s.95A Guidelines (December 2001)

The Spam Act 2003

The Spam Act 2003 came into effect on 10 April 2004. Under the new law it is illegal to send, or cause to be sent, 'unsolicited commercial electronic messages' that have an Australian link. The Australian Communications Authority enforces the Spam Act, and provides information about spam laws and spam security, and means for reporting spam.

Surveillance

There is a vast array of legislation that authorises surveillance by Commonwealth agencies, much of it enacted since September 2001, most of it grossly excessive, and most of it lacking any controls. An extremist Government that sets out to chill the speech of 'dissidents' will not be constrained by the law. A summary of terrorism laws is provided by the Commonwealth Parliamentary Library, with a mirror here of the version current in October 2007.

A statute of particular relevance is:

• Surveillance Devices Act," an Act to set out the powers of Commonwealth law enforcement agencies with respect to surveillance devices ...", which is defined in readily extensible fashion to mean any combination of a 'data surveillance device', a 'listening device', an 'optical surveillance device' or a 'tracking device'

Health

The Privacy Commissioner's site states that the Health Insurance Commission and the federal Department of Health and Family Services are bound by the Medicare and Pharmaceutical Benefits Programs privacy guidelines.

The Privacy Act granted the National Health and Medical Research Council the extraordinary power to issue its own guidelines. For these, see:

• the s.95 Guidelines (March 2000)
• the s.95A Guidelines (December 2001)

Key Government Agencies

• Income Tax Assessment Act 1936 - Part VA Tax File Numbers
• Taxation Administration Act 1953, especially:
  • Subdivision BA - Offences relating to tax file numbers
• Data-matching Program (Assistance and Tax) Act 1990
• National Health Act 1953, s135AA and AB - Privacy guidelines

Telecommunications

• Telecommunications Act 1997
• Telecommunications (Interception and Access) Act 1979
  (until 2006 amendments, called the Telecommunications (Interception) Act 1979)
• Spam Act 2003

Crimes Generally

• Crimes Act 1914, especially:
  • Postal Services offences in Part VIIA, ss.85E-85ZA
  • Spent Convictions offences in Part VIIC, ss.85ZL-85ZZK
• Criminal Code Act 1995, Schedule 1, especially:
  • Computer Crime offences at ss. 476-478
  • Telecommunications offences at ss. 473-475

FoI

• Freedom of Information Act 1982, especially:
  • Part V--Amendment and annotation of personal records

Human Rights

• Human Rights (Sexual Conduct) Act 1994
• Human Rights and Equal Opportunity Commission Act 1986

The Possibility of a Tort of Invasion of Privacy

In Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd (2002) 208 CLR 199, a majority of the High Court held that Australian courts were not prevented from finding that there is a tort (or legal cause of action) of unjustified invasion of privacy (but they did not find that it existed on the facts of the case before them).

Other Resources

The Office of the Federal Privacy Commissioner's Guide to Privacy Laws in Australia

The Office of the Federal Privacy Commissioner's Guide to State Privacy Laws

Caslon Analytics:

• Commonwealth agencies
• other aspects of Commonwealth law
• private sector law
• private sector codes of practice
• chronology of Australian privacy development

The Oz NetLaw Privacy Fact Sheet

Andrew Nemeth's site on NSW Photo Rights, incl. privacy

Two papers on history and issues, Clarke (1998a-) and Clarke (1998b-)

AustLII's Australian Subject-Index for Privacy

Greenleaf G.W. & Waters N. (Eds.) (1994-) 'Privacy Law & Policy Reporter', monthly, available from http://www.austlii.edu.au/au/journals/PLPR/

Gunning P. (2001) 'Central features of Australia's private sector privacy law' Privacy Law & Policy Reporter 7, 10 (May 2001) 189-199

Hughes G. (1991) 'Data Protection Law in Australia', Law Book Company, 1991

AMCRAN (2004) 'Terrorism Laws: ASIO, the Police and You', 2004, Australian Muslim Civil Rights Advocacy Network, July 2004, at http://www.amcran.org/booklet/TerrorLawsV1.html

APF thanks its site-sponsor:

Created: 31 May 2000 - Last Amended: 8 October 2007 by Roger Clarke - Site Last Verified: 11 January 2005
© Australian Privacy Foundation Inc., 1998-2008  -   Mail to Webmaster
Site Map   -   This document is at http://www.privacy.org.au/Resources/PLawsClth.html  -   Privacy Policy