Effectiveness of the Present Australian Privacy - Research Paper Example

Privacy Introduction Australia has established privacy laws that give right to all natural persons to safeguard them from any attack as well as manage the flow of their private information. It is worth noting that privacy is not a complete right as it varies in various contexts in comparison to other duties and rights. Besides, the Australian common law, territorial and state laws, range of commonwealth, as well as administrative arrangements influences privacy laws in Australia. This paper attempts to answer questions regarding the effectiveness of the present Australian privacy laws and any necessary changes. It also seeks to determine whether privacy is existent in digital era, as well as to critically compare online privacy laws with respect to various countries. a. Do Australia’s current privacy laws provide sufficient protection against invasions of privacy on the internet? Privacy Given the mandate to review the sense of privacy in 2006, the Australian Law Reform Commission (ALRC) divided privacy into various though related concepts, namely: bodily privacy, information privacy, territorial privacy, and privacy of communication. Further, it pointed out the uncertainty concerning the existence of the tort of intrusion in the Australian law. In 2007, it summarized its stand as that in the country; there is no jurisdiction that enshrines in legislation a reason for legal action for infringement of privacy laws.1 Nevertheless, the High Court, in the case Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd (Lenah Game Meats)2 provided a chance to develop such an action. Since then, the two Australian lower courts have maintained that this action should be incorporated in the country’s common law. The Privacy Act This is an Act that regulates information privacy in Australia. It was established in 1988 and it covers various sectors and activities. The paper intends to discuss some of the key sections of the Act, as well as their requirements and to whom they are applicable. First, the Act contains information privacy principles (IPPs), which are the privacy standards that should be adhered to by government agencies regarding private information in their records. According to section 14, Privacy Act 1988 (Cth),3 there are eleven IPPs as discussed below: Information Privacy Principles The first principle concerns the way and purpose of gathering private information. The principle states that private information should not be collected to be used publicly unless the purpose is lawful, and that it shall not be done in unfair or unlawful.4 Secondly, the Act contains a principle concerning the solicitation of private information from person involved. The third principle contains information regarding the asking for private information generally, while the fourth entails guidelines on the personal information’s security and storage. Fifthly, the Act has an IPP that is about the information concerning any records maintained by a record keeper, and the sixth principle regards the accessibility of records that contain private information.5 Moreover, the Act contains information about changes of records that contain personal details, as provided by the seventh IPP. The eighth principle requires the record keeper to always observation accuracy of private information, while the ninth principle limits the use of private information to only relevant purpose. Similarly, under the tenth principle, the Privacy Act provides certain limitations to the use of private information. Lastly, through the eleventh principle, the Act limits the disclosure of private information. National Privacy Principles Apart from the IPPs, the Privacy Act promotes protection of privacy through the National Privacy Principles (NPPs). These NPPs are generally applicable to all private organization, except when the organizations in question are subject to certain approved codes of privacy. The Act’s 6C defines an organization as a body corporate, individual, partnership, a trust, or any other unincorporated alliance. The definition is based on various qualifications, nevertheless, excluding but not limited to persons operating in their personal capacities, political parties, small business persons, territory or state authorities, prescribed instrumentalities, and government agencies. 6 These principles are the standards that certain private sector firms should meet with respect to private information they have. It is note-worthy that all healthcare providers strive to meet these principles.7 Further, these NPPs govern certain aspects concerning how personal information should be handled and managed. Some of these issues include the usage and disclosure, collection, data security, data quality, and transparency of the information management policies. Others include people’s rights to access and correct their private information; people’s right to anonymity, utilization of identifiers, across border information flows, and the sensitivity of treating information.8 In addition, the NPPs intend to set up a single inclusive national scheme that provides, through private organization codes and NPPs, for the proper gathering, holding, utilization, correction, exposure, and movement of individual information by those organizations. It also ensures that that is done in a manner that complies with the global concerns and Australia’s worldwide responsibilities concerning to privacy; acknowledges person’s interests in the protection of their privacy; and acknowledges vital social interests and human rights that battle with privacy including the need for free information flow via the media or other means, and the business right to realize its goals efficiently. 9 Credit reporting Part IIIA The Privacy Act’s part IIIA provides protection for persons regarding consumer credit reporting. Specifically, this part of the Act regulates the way credit providers and credit reporting agencies handle credit reports of consumers as well as credit worthiness data of persons. Additionally, the Act guarantees that the utilization of the information is limited to evaluating applications for credit submitted to credit providers and other legal activities concerned with provision of credit. Some of the major requirements of Part IIIA strict guidelines on the kind of information that may be held on an individual’s credit information record by a credit reporting authority. This also limits the duration of holding information on file. There are also boundaries on those allowed access personal credit information by a credit reporting organization. Usually, credit providers alone can get access to such information, and only for specific reasons. The Act bars other groups including debt collectors, employers, real estate agents, and general insurers from accessing the information.10 Another major Part IIIA requirement entails the ban on the disclosure of credit worthiness data regarding a person by credit providers. This information includes a credit report obtained from a relevant agency, except in given situations. Additionally, it entails a requirement concerning the limits on the reasons for the credit provider’s usage of credit report acquired from a credit agency.11 These may include the need to evaluate an application commercial or consumer credit; to evaluate whether to allow an individual as a guarantor for a loan application by another person; and to collect unsettled payments. Lastly, this part contains rights of accessibility and correction for persons relating to their private information held in credit reports that credit providers and reporting agencies hold.12 Credit Reporting Code of Conduct The Privacy Act 1988 also contains a detailed guideline on the appropriate conduct of credit reporting. The Australian government, in 2009, issued its initial stage response to the ALRC’s Report 108. This response includes recommended alterations to Part IIIA of the Act and some for a corrected, obligatory credit code. The revised code is to be established by industry upon consulting regulators and consumer groups, and is subject to eventual endorsement by the Information Commissioner.13 Credit provider determinations In compliance with the Act, the Privacy Commissioner has provided certain determinations of credit providers. These determinations permit some government agencies and organizations to access credit reporting systems for specific reasons.14 Credit Information Audits Here, the Privacy Commissioner has the authority to conduct an audit on credit reports and files that the credit providers and reporting agencies hold. This is in accordance with the Privacy Act’s section 28A (1) (g). 15 Public Interest Determinations The Privacy Act’s Part IV provides the Privacy Commissioner the authority to establish that a practice or an act of ACT or Australian government agency, or private organization that could include an infringement of an IPP, a NPP, or an endorsed privacy code, will be termed as not violating the endorsed code or principle because of the Privacy Act. This authority of the Commissioner to release Public Interest Determinations (PIDs) regarding the applications by the ACT and Australian government authorities has been on force for several years. The power to give the determinations to the private firms was enforce with the changes made to the Act in 2001.16 Tax File Numbers (TFNs) These are unique numbers that the Australian Taxation Office issues in order to help in the identification of companies, individuals and others who submit income tax proceeds with the office. Whereas it is unnecessary for individuals to give their TFN, failure to quote their TFN to their financial institutions and employers will cause tax deductions from their income or high interest rate payments. This is also a requirement of receipt of many assistance payments of the Australian government. Besides, there are certain TFN guidelines contained in the Privacy Act 1988’s section 17, which govern the collection, utilization, security, disclosure and discarding of persons’ TFN information. However, these guidelines are applicable to TFN information of persons and not that of other legal individuals including partnerships, corporations, trusts, and superannuation funds.17 Privacy codes and opt-ins The Privacy Act 1988 permits industries and organizations to possess and implement own privacy codes, which persistently upholds the individuals’ privacy rights whereas providing some application flexibility for firms. Pursuant to section 18BB of the Act, the Commissioner can endorse a privacy code, in compliance with a certain criteria. 18 Health and medical research It is worth noting that the Privacy Act allows handling of health information for the purposes of Health and medical research under given circumstances, where researchers cannot seek a person’s consent. This recognizes the vital role of medical and health research in progressing public health, as well as the desire to safeguard health information from unforeseen utilization beyond a person’s healthcare.19 Health and genetic information The Privacy Act never bars healthcare providers form disclosing or using patients’ genetic information provided they have issued informed consent. In a case where a healthcare practitioner cannot get the patient’s consent, the Act permits the disclosure or utilization of genetic information only where he believes that there is a critical life threat, safety, or health of patient’s genetic relative; the disclosure and use to genetic relative is fundamental in lessening or preventing that threat; and when the he has acted pursuant to the guidelines provided under Privacy Act’s section 95AA. Regarding the collecting or use of patient’s genetic information, consent of the patient’s genetic relative will be necessary. 20 Privacy Regulations These are regulations relating to different private sector stipulations of the Act. They apply to operators of small businesses termed as organizations; state authorities regarded as organizations; privacy codes; exceptions to NPP 7.1 and 7.2; and agencies recognized as organizations. 21 What changes would you make to Australia’s privacy laws? To start with, there is a need for a single privacy principle set; that is, the Australian Privacy Principles (APPs).The APPs should replace the present private sector NPPs as well as public sector IPPs. The APPs will incorporate certain changes that include a clear condition to show that steps, such as, training, procedures, and implementation of pertinent policies. It will also entail the expansion of responsibilities to offer persons information, for instance, concerning the nations to which their private information may be moved and regarding their access rights and to have a grievance taken into account.22 In addition, there will be a change relating to the restrictions on direct marketing with no opt-out or consent provisions, and extra conditions including honoring calls for information concerning where a person’s private information is attained. Under certain circumstances, entities are responsible for mismanaging of private information by overseas firms to that the body reveals such information.23 Regarding the changes to the credit system of reporting, five new information categories may be collected by credit reporting agencies. These include the date of opening the credit account, as well as the kind of account. There should also be a category of information regarding the date the account was closed, and the present limit of every operation credit account. Lastly, there will be a category of reimbursement performance history concerning an individual for the past two years and the number of settlement cycles that the individual was in debts. The act will enhance privacy safeguarding by simplifying the persons’ accessibility and correction of their credit information, and processing of complaints. 24 There is also a need for fresh credit reporting code and APP codes of practice. Here, the Privacy Commissioner and the APP entities will create and register these codes in order to illuminate or expand the APP requirements. The commissioner should also have the authority of developing and registering the binding codes on particular entities. The privacy commissioner should also be strengthened in order to settle complaints, recognize, and encourage the utilization of external dispute settlement services, carry out investigations, an encourage conformity to privacy commitments.25 Furthermore, it is necessary to revise the civil punishment for serious issues. The Privacy Act should consider substantial civil penalties, such as AUD $220,000 for a person, and AUD $1.1 million for an APP body concerned with repeated or serious interference with the individuals’ privacy.26 b. Is there such a thing as privacy in the digital age? Copyright Act 1968 (Cth) and Copyright Amendment (Digital Agenda) Act 2000 (Cth) In addition to the Privacy Act, Australia has a Copyright Act that enhances the protection of the persons’ intellectual property. Copyright was developed to protect creators and authors from illegal adaptation or reproduction of original creations, which include computer programs, books, paintings, scripts, photographs, music, sculptures, drawings, film, broadcasts, video, and performance choreography. It allows copyright owners the exceptional right to publish, copy, perform, sell, adapt, broadcast, license, or import such creations. Copyright is safeguarded in Australia by the Copyright Act 1968 (Cth).27 In the case of the internet situation, distinctive website content usually contain various copyright works in form of dramatic, films, musical, original literature, broadcasts, sound recordings, artistic works, compilations, and cable programs. Copyright Act entitles the owners to reproduce, or permit others to copy their work from or on to a website. It is worth noting that any copyright material transmitted or available online just involves communications in electronic area; it does not give a special communication right in tangible print domain. More so, copyright existence in a URL is most unlikely. For copyright to exist there is no registration needed as it has automatic protection.28 According to the Copyright Act 1968’s section 33, the protection runs for an author’s life, and 70 years since the first publication, or since the author’s death. Section 96 states that any published edition of a book enjoys a protection of 25 years since its first publication. Upon expiry of a copyright, protected materials enter public field, and others may freely use them.29 Copyright exceptions One of the exceptions in copyright protection concerns fair dealing, whereby a individuals are allowed to use a protected material in case of review or criticism, study or research, news reporting, or professional advices provided by patent attorney or legal practitioner. These dealings d not amount to a violation of copyright.30 Secondly, education libraries and institutions may also enjoy the copyright exception of digitizing printed material, as well as reproducing and communicating sensible part of digital material for a similar reason as allowed in the printed domain.31 The third exception to copyright protection regards temporary copies and technical processes. This provides that temporary copying of work which appears as a technical process of receiving or making an electronic transmission cannot amount to copyright violation. As long as the transmission is not an infringement, the exception extends to various forms of caching and browsing. Nevertheless, it is unclear if the exception extends to framing, hypertext linking, or proxy server caching.32 Copyright violation Internet allows unauthorized access, storage, transmission, duplication, and hiding of copyright work. Protected material or work can be uploaded online through a network, through mail, scanned to a file server online, or printed. Therefore, copyright violations take place when original work or significant part of it is copied illegally, pursuant to the Act’s section 36. On the other hand, violation does not happen if illegal use of protected work fits in the exceptions above, or upon implication of a copyright owner’s license.33 Penalties The Copyright Act entitles the copyright owners civil remedies for violation that include damages, an injunction, and account of profits. Criminal sanctions are also applicable to alterations of rights of management information (RMI); handling material with altered RMI; manufacturing and handling of circumvention devices; and possession or manufacture in order to sell or distribute infringing materials.34 Cybercrime Act 2001 (Cth) Privacy in the digital era is also facilitated by the Cybercrime Act 2001 (Cth),35 which constitutes new computer crimes developed to handle types of cybercrime that damage the integrity, security, and consistency of electronic communications, and computer data. The Act provides three grave computer offences: first, illegal access, impairment, or modification with an intention of committing a serious crime. For instance, someone hacks into another’s bank computer and accesses credit card information in order to use it in obtaining money. Secondly, there is illegal data alteration where an individual is irresponsible as to whether the alteration will result in data impairment. Normally, maximum punishment for such an offence is ten years imprisonment.36 For instance, it applies where an individual hacks a computer system to get access and damage data. Thirdly, the Act has created an offence relating to unlawful destruction of electronic transmissions whose maximum punishment is ten years imprisonment. It is meant to prevent tactics including denial of service attacks where a network is flooded with large volumes of unnecessary information; hence crashing the server.37 Additionally, the Act creates four offences including illegal access to, or changes of restricted data, whose maximum punishment is two years imprisonment, as well as illegal damage of data in computer disks with the same penalty. Moreover, it creates an offence about control or possession of data in order to commit a computer crime, with a maximum punishment of three years imprisonment, as well as supplying, producing or acquiring data in order to conduct a computer crime, with a similar punishment degree.38 Spam Act 2003 (Cth) This Act also enhance privacy of individuals in the digital age by prohibiting the transmission of business messages through Short Message Service, email, instant messages, multimedia message service without the receiver’s consent. The Act creates an opt-in regime that differs from the provisions that govern the utilization of information for purposes of direct marketing in the case of Privacy Act. According to Spam Act 2003 (Cth), consent may be drawn from noticeable publication of specific electronic addresses including directors, officers, or employees of firms. Withdrawal of consent may occur if account users or holders show that they do not wish to receive more business online messages.39 Nevertheless, the Act does not bar transmission of selected online messages; messages consisting of no more than accurate information, or those approved by valid political party, charitable institutions, religious organizations, governmental agencies, or potential suppliers of services or goods; or those sent by educational institutions where account holders are enrolled. 40 Broadcasting Services Amendment (Online Services) Act 1999 (Cth) This was enforced in 2000, and was intended to govern the kind of material online. It is managed through various regulatory agencies that include NetAlert, Office of Film and Literature Classification (OFLC), and Australian Broadcasting Authority (ABA), forthcoming territory or state legislation, as well as commonwealth legislation. It also resulted in the establishment of the Internet Industry Code of Practice (IICP) whose violation leads to violation of the Act and calls for a penalty. Additionally, it aims at preventing the broadcasting of prohibited or X-rated content online.41 Trade Marks Act 1995 (Cth) The Act explains trademarks that include collective and certification marks, constituents of trademark violation; and exceptions and defences thereto.42 It also establishes registration procedures as well as other proceedings to the trade marks registrar. The Act’s section 17 maintains that a trade mark is a sign used in distinguishing services or goods provided or handled during trade among the involved parties. A trade mark may be a phrase, logo, name, word, signature, colour, numeric value, symbol, shape, packaging aspect, picture, sound, or scent. A trade mark owner can bar other people from using a similar symbol; hence enhancing protection of property.43 Patents Act 1990 (Cth) According to this Act, a patent provides an inventor with the right of stopping other people from using his invention to a short time. Nevertheless, a patent does not give a complete right of exploitation of an invention in any manner the inventor may opt.44 A patent holder can meet all the regulatory conditions so as to use the patent process or product, such as, patented pharmaceutical product needs consent according to the Therapeutic Goods Act 1989 (Cth) prior to lawful marketing and sale as remedy to a certain condition. Additionally, patent holders are not indebted to use the patented invention; however, failure may seriously affect his rights.45 Patents are types of intellectual property, but do not grant ownership physical explained in claims for a patented process or product. Therefore, a patent of a genetic order does not constitute the ownership of the order itself.46 Online activities that compromise privacy While consumers increasingly go online in their day-to-day activities, their privacy is greatly compromised by some of these activities. Many online activities disclose personal information, as discussed below: Sign up for online service This compromises individuals’ privacy as they are required to provide private information to the providers in almost every step taken. Normally, this information is linked to information they provide to other people or other companies. Unfortunately, most of the internet service providers fail to reveal their policies on data retention; hence making it hard for the individuals to enjoy privacy online. However, individuals can enhance their privacy by blocking their IP address through services like Tor, or the Virtual Private Network (VPN) that effectively obstruct the information.47 Browsing This is another online activity that has serious impact on individuals’ privacy. Even though individuals seem to be providing limited information, they relay private information to other websites. A browser gives IP address so that as individuals move from site to site, various companies can track down their information using sophisticated methods. To enhance privacy, individuals can modify settings in order to limit cookies. In fact, many browsers currently provide Private Browsing technique to help users enhance their privacy.48 Search engines Most of the internet users navigate the sites using various search engines. These engines possess and utilize the ability to each of their searches. They may record the users’ IP addresses, time of search, search terms among other vital information.49 Therefore, users should critically review their search engines’ privacy policies before using them. Additionally, they should avoid utilizing a similar site for both search engine and their web-based email. They should avoid making downloads of search engine toolbars, as they can allow the gathering of information regarding their browsing habits.50 Cookies When individuals visit various sites, most of these websites deposit information about their visit known as cookies on their hard drive. Cookies entail pieces of data transmitted by web servers to the users’ browsers. They include, such as, user preferences, registration identification, login, shopping cart among other information.51 The browser retains the information and relays it back to the servers every time the browser is on the website. Web servers may utilize the cookies in customizing the display they send to the users, or track various pages in the website accessed by the users. Although some website use these cookies positively, others known as third party cookies transmit users information to advertising clearinghouse that subsequently share the information with other internet marketers. To avoid this, use Apple’s Safari browser, and certain software products that help users to suspect and delete any third-party cookies.52 Flash cookies These entail persistent cookies that cannot be deleted unless one uses a strong adware removal or anti-spyware program. Firefox browsers also contain a BetterPrivacy add-on that facilitates the deletion of flash cookies.53 Fingerprinting This is a device with summarized hardware or software settings gathered from a computer. Every device contains distinct fonts, clock setting, software and other features that make it exclusive. When individuals go online, the device communicates these details that can be gathered and combined to create a unique fingerprint for the specific device. The fingerprint may be given an identifying figure, and utilized for the same intentions as cookies. Thus, it is critical to assess browsers to determine their uniqueness on the basis of the data it can share with other websites visited.54 Mobile applications Using these applications increases the chances of using them instead of browsers for numerous online activities. These applications can gather all kinds of information and convey it to application makers or third party marketers. Installation of these applications allows it access to specific data on the users’ phones. Some of this information includes calendar data, internet data, call logs, unique IDs, email and phone contacts, and the location of the device. Since most of these applications ask certain questions before downloading them, users should be careful on the type of data they provide, or even avoid downloading such applications requiring sensitive information. 55 E-mail and Instant Messaging Responses made through e-mail do not only convey information to the recipient, but also to other people, such as e-mail provider, government, and employer. Some of the webmail providers are linked to advertising agencies that end up using individuals’ information. Though they seem casual, IM conversations can be stored just as emails. Therefore, users need to be cautious when using the service.56 Social networking These are sites that enable users to create relationships and connections to other online users. It may be utilized in communicating with friends, making new contacts, o finding people with same ideas and interests. However, the secondary use of data from these sites is a challenge. Subscriptions to these always require personal information that is shared to others. Therefore, to enhance privacy, it is vital to adjust privacy settings in order to restrict the level of information allowed for secondary usage. Personal website and blogging Unless one pays a fee to keep it private, personal sites are usually made public. This is because of the information provided during domain registrations. On the other hand, blogs are always made public and that the bloggers private information may also be disclosed to the public. Therefore, it is imperative to be careful on the service agreement in order to determine the necessary information that should be revealed.57 Electronic banking services Despite the convenience of checking balances, transferring money, paying bills, and tracking checks online, numerous privacy risks are involved. This is because it needs one to give sensitive information online but can be accessed by hackers.58 To increase privacy and security of this information, it is important to use various passwords for the service other than those used in other sites.59 Others Other activities that enable other people to access individuals’ sensitive information include direct marketing, web bugs, marketing, targeting or behavioral marketing, government surveillance, employee monitoring, location tracking, court records, shopping online, scams and unlawful activities, malicious links and online auctions. These activities have serious impact on personal information of users, hence inhibiting the efforts of enhancing online privacy in the digital era.60 Bibliography Books Hossein Bidgoli, Handbook of Information Security, Information Warfare, Social, Legal, and International Issues and Security Foundations (John Wiley & Sons, 2006) 341. B. G. Kutais, Spam and Internet Privacy (Nova Publishers, 2007) 66. Andrew Frackman, Rebecca C. Martin, and Claudia Ray, Internet and Online Privacy: A Legal and Business Guide (ALM Publishing, 2002) 25. Eugene Clark, Cyber Law in Australia (Kluwer Law International, 2010) 95. Joseph D. Straubhaar, Robert LaRose, and Lucinda Davenport, Media Now: Understanding Media, Culture, and Technology (Cengage Learning, 2010) 453 William Van Caenegem, Intellectual Property Law in Australia (Kluwer Law International, 2010) 27. Cases Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd (Lenah Game Meats) [2001] 208 CLR 199. Statutes Copyright Amendment (Digital Agenda) Act 2000 (Cth). Copyright Act 1968 (Cth). Patents Act 1990 (Cth). Trade Marks Act 1995 (Cth). Broadcasting Services Amendment (Online Services) Act 1999 (Cth). Cybercrime Act 2001 (Cth). Privacy Act 1988 (Cth). Spam Act 2003 (Cth). Read More