Public Statement

16 May 2014

By all means, say goodbye to the OAIC, but not to privacy!

Among the plans declared in the 2014 Commonwealth Budget is the disestablishment of the Office of the Australian Information Commissioner (OAIC).

This comes at a time when we should be strengthening, not weakening privacy protection.

The Australian Privacy Foundation (APF) – the nation’s premier civil society organisation concerned with privacy and data protection – calls on all governments to build stronger, more effective privacy protection schemes.

The Privacy Commissioner plays a role in serving the needs of Australian business in a global trading environment, assisting government agencies, and administering the Privacy Act. The Privacy Commissioner's Office was folded inside the OAIC when that body was formed in November 2010. OAIC was badly under-resourced, and the merger caused a great deal of resource-reduction and dislocation to the Privacy Commissioner's work. This further change, a mere 4 years later, will again create substantial interruptions to the agency's work.

Abolition of the OAIC, the introduction of new costs for people whose privacy has been disregarded, and the scattering of responsibilities across several agencies, place Australia further behind our key trading partners. The Budget disregards legitimate concerns about intrusive behaviour by business, the media and government agencies.

The OAIC was underresourced, lacked vision and failed to heed the concerns of civil society groups. In saying goodbye to that agency, however, Australia cannot afford to say goodbye to privacy.

The APF calls on the national government to quickly adopt law reform proposals that address new privacy challenges such as drones, biometrics, GoogleGlass and Big Data.

The Foundation calls on the government to provide the Privacy Commissioner with greater resources than were available under the OAIC, and to conduct the development of privacy laws much more ope.

The state and territory governments have a significant role to play in providing a coherent and effective privacy system. The Foundation calls on those governments to be proactive, fully resourcing their privacy agencies and updating their legislation.

BACKGROUND

The Australian Privacy Foundation is the nation’s premier civil society organisation concerned with privacy. It has operated for over a decade on a staunchly apolitical basis. Its membership includes senior lawyers, academics, technology specialists and other people who recognise that privacy is fundamentally important in everyone’s daily life.

Does abolition of the OAIC matter?

This week’s national Budget announced the abolition of the Office of the Australian Information Commissioner (OAIC), a Commonwealth agency with responsibility for administration of the Privacy Act 1988 (Cth).

That Act covers the Commonwealth public service and many businesses. It co-exists with a wide range of Commonwealth, state and territory laws dealing with such matters as health records, workplace drug testing, tax records, the census, and peeping toms.

The OAIC has disappointed many people in business, government and elsewhere because of its slow response to privacy abuses, lack of vision and refusal to actively engage with many stakeholders.

That underperformance was in part attributable to under-resourcing.

An effective watchdog needs to be fed, and needs to be encouraged to use its authority in dealing with abuses or indifference by government and big business.

What is happening to the OAIC?

The OAIC is to cease at the end of 2014. The savings through abolition are small: less than keeping one refugee in detention in Manus for 100 days.

The OAIC’s responsibility is to be spread among the Attorney-General’s Department, the Australian Human Rights Commission (which is already under-resourced) and the Administrative Appeals Tribunal.

It essential that Australia strengthen rather than weaken privacy law and practice.

Why do the changes matter?

Independent authoritative studies have demonstrated that ordinary Australians care about privacy.

So do key trading partners such as the European Union, Canada, New Zealand and the United States – all of which are strengthening their privacy law. Better privacy law is good business.

Australia has privacy commitments under international law. We need to meet those commitments.

The Australian Privacy Foundation applauds movement by governments at the national and state/territory level to strengthen privacy in the workplace, in government data collection/use, in credit referencing and so forth.

That strengthening must be sustained: Saying goodbye to the OAIC must not mean that Australia continues to fall behind Europe and fails to quickly accommodate new developments such as GoogleGlass, health Big Data and drones.

What needs to be done?

The Foundation highlights importance of a coherent, practical and forward-looking regime that for example addresses emerging issues such as drones, global exploitation of genetic databases, this week’s major EU decision about the ‘right to be forgotten’ by search engines, and prevention of large-scale data breaches.

The Foundation calls on the national Government to strongly resource the Privacy Commissioner within the Australian Human Rights Commission in order to meet the needs of consumers, business and government.

Failure to provide resources and encourage action means that the position will be a Potemkin Village – pasteboard & tinsel.

The Privacy Commissioner must be prepared to use moral authority – timely and vigorous shaming of businesses and agencies that act as if they are above the law. A model for that action is provided by data protection watchdogs in Europe, which have strong popular support and have stood up to businesses such as Google and Facebook

The Foundation looks forward to strong engagement by the Attorney-General and his Department with civil society organisations and the broader community.

In particular it urges a timely and positive response to the forthcoming Australian Law Reform Commission report on serious invasions of privacy.

The Foundation notes the importance of ensuring that information on the current OAIC site reminds readily identifiable and accessible. (Much past information has disappeared through site changes). Community awareness of privacy law is good for business, official and citizens: it isn’t a luxury.