Chapter 1
Introduction
1.1
On 24 June 2010, the Senate referred the matter of the adequacy of
protections for the privacy of Australians online to the Senate Environment and
Communications References Committee for inquiry and report by 20 October 2010.
The reporting date was subsequently extended by the Senate until 22 March,
24 March, and 7 April 2011.
1.2
The terms of reference required that the committee have regard to:
(a)
privacy protections and data collection on social networking sites;
(b)
data collection activities of private companies;
(c)
data collection activities of government agencies; and
(d)
other related issues.
Reasons for this inquiry
1.3
The Senate's referral of this inquiry, on the motion of Senator Ludlam,
was timely given the significant advances in online technology and computing
power over the past decade, many of which have important implications for
personal privacy.
1.4
For example, the rapid uptake of social networking technologies since
2002 has substantially expanded the amount and type of personal information
that people are sharing online,[1]
while improvements in cloud computing technology have made it possible to shift
vast quantities of personal data around the world to take advantage of cheap
data storage.[2]
Technology has also made it possible for companies to monitor the way in which
individuals behave online for marketing purposes. A combination of these
developments, and other online technological advancements has exacerbated
existing concerns with privacy protection in Australia, and in some instances
created new concerns.
1.5
Conversely, online technology has also enhanced the ability of
individuals and organisations to hide their personal information, including
their identity, in certain circumstances. For example, it was reported in The
Age that 'an industry has now sprung up to protect the identity of those
who own dubious websites'.[3]
Furthermore, newer communications technologies, such as email, often allow
users to remain anonymous, or do not record the same data about individual
communications that was recorded with conventional technologies, such as
telephones. This has created new challenges for law enforcement agencies, as
the committee heard in evidence from the Australian Federal Police and
Attorney-General's Department.[4]
1.6
The timeliness of the committee's examination of this matter is
reflected by the fact that it coincides with a number of reviews of privacy
regulation both in Australia and overseas. In June 2010, the Australian
Government released an exposure draft of major amendments to the Privacy Act
1988, which reflect the first stage of its response to the Australian Law
Reform Commission's (ALRC) report on Australian privacy law and practice.[5]
The exposure draft was referred to the Senate Finance and Public Administration
Legislation Committee for inquiry and report by 1 July 2011.[6]
1.7
The committee understands that the government is also reviewing cyber
security and cyber crime in response to the recent House of Representatives
committee report Hackers, Fraudsters and Botnets: Tackling the Problem of
Cyber Crime.[7]
The review will look at the practicality of implementing the recommendations of
the Standing Committee's report and will focus on avenues to protect
individuals, the community and the private security in the online world.
Although the government's review is broader in scope than the committee's
inquiry, there may be some common ground, as a secure online environment with
adequate privacy will help protect people from identity theft or other online
crime involving misuse of personal information.
1.8
The committee's inquiry also coincides with the European Commission's
review of the general European Union legal framework on the protection of
personal data,[8]
as well as consideration by the Attorney-General's Department of a mandatory
data retention scheme based on that adopted by the EU in 2006.[9]
1.9
Furthermore, in the United States, the Federal Trade Commission released
a preliminary report in December 2010 on 'Protecting Consumer Privacy in an Era
of Rapid Change' and recommended a framework for businesses and policymakers in
dealing with consumer privacy issues.[10]
Conduct of the inquiry
1.10
In accordance with its usual practice, the committee advertised details
of the inquiry in The Australian on 30 June 2010. The committee also
contacted a range of organisations, inviting them to make submissions. The
committee received 27 submissions, listed at Appendix 1.
1.11
The committee held two public hearings: in Canberra on 29 October 2010
and in Melbourne on 1 December 2010 (see Appendix 2).
1.12
The committee notes that despite several requests, Facebook failed to
provide the committee with any information about its privacy policies and
settings in the Australian online environment.
Report structure
1.13
This inquiry raised a diverse range of complex issues related to online
technology and privacy. The issues raised were so varied and numerous that it
would be impossible to adequately cover them all within the confines of a
Senate Committee report. Instead, the committee has identified key themes and
recurring issues and synthesised them into a discussion of the major issues
confronting privacy regulators with the development of online technologies.
1.14
Broadly, the issues raised fall into two categories: those related to
the adequacy of the existing privacy framework for protecting the privacy of
Australians online; and challenges for law enforcement arising from
technological advances.
1.15
Chapter 2 of this report outlines the existing privacy framework in Australia,
including proposed legislative amendments.
1.16
Chapter 3 discusses the first category of online privacy issues raised
during this inquiry—which relate to the adequacy of current and proposed
protections for Australians in the online environment. These issues include:
the role of consent in Australian privacy law; the small business exemption in
the Privacy Act 1988; behavioural advertising; the
transnational nature of the internet; and whether Australia should enact a
statutory cause of action for invasion of privacy.
1.17
Chapter 4 of this report considers the law enforcement challenges arising
from technological advances, and specifically the Attorney-General's
Department's proposed mandatory data retention scheme.
1.18
Recommendations are addressed either to the Office of the Privacy
Commissioner (OPC) or to the government. The committee notes that within
government, several different departments will be involved in responding,
including the Department of the Prime Minister and Cabinet; the
Attorney-General's Department; and the Department of Broadband, Communications
and the Digital Economy.
1.19
The OPC was integrated into the Office of the Australian Information
Commissioner (OAIC) on 1 November 2010. The Office's submission to this inquiry
and the Privacy Commissioner's appearance before this committee both occurred before
1 November 2010, at a time when the Office of the Privacy Commissioner was a
stand-alone office. For consistency the report will refer to the Office of the
Privacy Commissioner.
Acknowledgments
1.20
The committee would like to thank all of the organisations, individuals
and government departments and agencies that contributed to this inquiry. In
particular the committee expresses its appreciation to the Attorney-General's
Department and the Australian Federal Police for willingly providing the
committee with confidential information regarding the proposed data retention
proposal.
Navigation: Previous Page | Contents | Next Page