Prof David Weisbrot AM. President, Australian Law Reform Commission, Rydges Hotel, Rosehill, 22 March 2007
Thank you very much, Tracey, for that generous introduction.
I very much enjoyed participating in the Legal Studies Association’s program last March, and I feel especially honoured to have been asked to deliver the After Dinner Address at this year’s event.
This is a much more difficult assignment, as my only instructions from Tracey were to talk about ‘whatever I liked’.
Well, I like …
- long walks on the beach on a rainy day;
- very strong coffee (in fact, I only support the use of nuclear energy if some of that will go into my macchiatos); and
- travelling internationally, on other people’s money, at the pointy end of the plane.
As mentioned, I am the current President of the ALRC (and have been since June 1999), and my background is primarily as an academic lawyer—that is, as a career teacher of law, and as such I am very conscious of the effort it takes to distil all of the complexity of the law and to present it in an interesting and engaging way.
I should talk briefly about the ALRC—although many of you will be familiar with the concept of institutional law reform from the talk I gave last year.
Essentially, the ALRC is an independent, statutory, federally funded ‘think tank’ that provides high level legal and policy to Government(s)—and, increasingly in an era of deregulation and the diffusion of power and responsibility—to industry, the courts, the professions and others.
[I like to think we have a high public profile, although at our last office Xmas party at a leading hotel, they had marked our tables as belonging to the … ‘Australian Chloroform Commission’]
Under the ALRC’s establishing legislation, it has a mandate to:
- simplify and modernise the law;
- remove obsolete or unnecessary laws;
- eliminate defects and anachronisms in the law;
- systematically develop and reform the law;
- consider possibilities for harmonisation of federal, state and territory — and increasingly international — laws; and
- improve access to justice.
In carrying out our work, the ALRC is required to have regard to the ICCPR and other international and human rights obligations; as well as to consider the impact our recommendations will have on access to justice and the cost of administering and dispensing justice.
In 32 years of existence, the ALRC has worked across a very wide range of exciting areas.
These could be characterised into three broad categories:
- mainly technical or ‘black letter law’;
- some have been prompted by changing social attitudes and circumstances;
- while others have been initiated to deal with the legal and social effects of changing science and technology.
For example, during my time at the ALRC alone, we have handled projects on
- improving management, practice and procedure in the federal civil justice system;
- marine insurance;
- uniform evidence law;
- sentencing law and practice;
- the protection of human genetic information—including genetic privacy and discrimination;
- gene patenting and human health;
- the handling of classified and security sensitive information; and
- sedition laws.
And I should say, here, that the Australian Government is to be congratulated for giving so much exciting—and politically sensitive—work to an independent agency. (I am sure that Sir Humphrey Appleby would have advised the Attorney-General that many of these decisions were ‘very courageous’!)
No doubt one reason for that is the ALRC’s track record for producing excellent scholarship, and for making recommendations that are practical and capable of ready implementation.
However, a key feature of the ALRC’s operations from its inception — and one that distinguishes us from the way most public servants and private consultants work — has been our effort to actively engage the broader community in the law reform process. As the foundation Chairman of the ALRC, Justice Michael Kirby, once said: ‘law reform is much too important to be left to the experts’.
This commitment to community involvement is part of the ALRC’s DNA. We don’t do public consultation just to tick that box; we do it because we know it significantly improves the quality, the grass roots applicability, and (not surprisingly), the public acceptability of our recommendations.
I thought that tonight I would speak mainly about the ALRC’s currently major review of Australian privacy laws and practices.
The existing federal law in this area — the Privacy Act 1988 (Cth) — is largely a product of the recommendations in the ALRC’s 1983 report on Privacy (ALRC Report 22).
Now if that sounds relatively recent (<25yrs ago for the report, <20 years for the legislation), it is worth noting that at the time the ALRC concluded it work:
- none of the Commissioners involved had computers on their desks [whereas today we just go home if the IT system breaks down];
- all of the relevant files were paper-based [now in the National Archives];
- none of them had (or had even heard of) email;
- none of them had mobile phones (size of house bricks);
- none of them had (or had even heard of) digital cameras;
- high speed computing and data-matching was possible only (perhaps) by government or the largest corporations [ACLU TV ad about ordering a pizza, 2007-style!;
- there was no internet, no Amazon, no MySpace, no YouTube, no spam, no phishing, no biometrics, no DNA testing—no www.ratemyteacher.com ! ; and
- there were no offshore data-processing centres in Asia or elsewhere, where Australian information is routinely sent and stored.
[APEC preparatory meeting in January: internet order à info sent to dozens of countries!]
The current ALRC inquiry into privacy is in the middle of its major public consultation phase:
- we have published 2 large IPs
- 600pp IP in October covering most issues [142 QQ];
- 200pp on Credit Reporting in December,
- as well as a 20pp more accessible summary document in December: Is Privacy Passé? [just one Q?]
We will publish a DP—in effect a draft report—in mid-2007; and final report and recommendations are due to be presented by 31 March 2008.
The ALRC already has received over 250 written submissions and conducted over 100 meetings, with experts, stakeholders and the general public—with many more to go. Earlier this year, the ALRC commenced a series of Public Forums on privacy, to be conducted in all capital cities and many of the major regional centres. [In fact, there was one on Monday night in Sydney, focussed on the business community.]
Certainly some of our early meetings suggested that there is a mismatch between the way the term ‘privacy’ is used in a technical legal sense, and the much broader concept utilised by the general public.
Experts and privacy professionals mainly concern themselves with information privacy/data protection — and it probably would have less misleading if the Australian law in this area had been called the Information Privacy Act, or the Data Protection Act.
Australians are generally aware that they a “right to privacy”, and that these protections have been extended to cover the activities the private sector.
However, members of the general public tend to assume (or perhaps they hope?) that the Privacy Act also covers such matters as:
- · unwanted calls at home by telemarketers (always at dinner time, always when the kids are screaming;
- · surveillance (at work, in public places);
- · intrusions by neighbours;
- · paparazzi photographs; and even
- · police procedures, especially intrusive searches and seizures.
Last year, the ALRC kicked off the inquiry with a two-day National Privacy Phone-In, which handled over 1300 responses. The results were very interesting:
- nearly 3/4 of respondents (73%) cited telemarketers as a major concern; followed by:
- the handling of personal information by the private sector (19%);
- the handling of personal information by government (9%);
- the protection of privacy on the internet (7%);
- national identity cards and ‘smart cards’ (7%);
- problems accessing and correcting personal information (7%); and
- surveillance in public places (4%).
Contrary to our expectations, we received very few calls about:
- workplace surveillance (2%) or
- neighbourhood spying (n=4, 0%).
About 6% of calls were from business organisations, which—not surprisingly—were concerned mainly with the overly complex and confusing web of privacy laws in Australia, citing too many overlapping State/Territory/federal laws; and the NPPs, IPPs and Health Privacy Principles. This makes it difficult, and expensive, for business to comply. (The ALRC sees simplification and harmonisation as one of its major goals for this inquiry.)
Interestingly, a fair few callers argued that there may be too much privacy protection—or at least that privacy is too often used as an excuse for inaction or non-cooperation. For example, this included complaints that:
- people are unable to access or correct their own personal information;
- people are unable to assist an elderly relative with, say, banking or dealing with a government agency—even where they held a valid power of attorney;
- doctors are unable to assist patients with, say, agencies that require medical certificates; and
- people are told they can no longer pray for a member of their church congregation who is ill or in hospital!
It also seems evident from our public consultation efforts thus far that there is a lag between people’s nostalgic views about privacy and the current, high tech reality.
For example, most people still conceive of the right to ‘privacy’ as a right to be left alone … or as it often used to be said, ‘An Englishman’s home is his castle’.
The old paradigm was that people can safeguard their own information by not providing it to others, except as required by law or upon consent; and where information has passed in this way, it would be subject to strict controls on collection, use and disclosure, within the jurisdiction.
However, to a very great and growing extent, individuals no longer control the provision and collection of information about themselves—modern computing power and surveillance technology mean that the collection of vast amounts of information is now routine.
The practical debate really must shift to focus on:
- how we can effectively regulate and manage the handling, matching and mining of such information;
- what notice, access and correction rights individuals should have; and
- the circumstances in which some information should quarantined or destroyed in the public interest.
If we continue to be pre-occupied with issues of collection and consent—as important as those things are—then we risk missing out on the main game.
To provide an example from another recent ALRC inquiry, it is very easy to collect a DNA sample from another person, and to do deceptively or surreptitiously (a small tissue sample, hair, saliva, buccal swab, etc).
We have a great deal of legislation regulating the circumstances in which police may take a DNA sample from a suspect.
However, there is almost no regulation around the world about what can be done with a DNA sample that is obtained by a private investigator, a journalist, an insurance adjuster, or a suspicious husband.
The ALRC recommended—and the Australian Government accepted—that it should be a criminal offence to submit another person’s DNA for testing, without that person’s consent, or other lawful authority (eg a court order, or statutory authority, or ethics approval for research). The UK recently enacted such a provision as part of its new Human Tissue Act.
Similarly, we can no longer develop effective public policy if we operate under a paradigm that assumes that information can be contained with local or national borders.
The concept of transborder data flows is not something new. In Australia, NPP 9 of the Privacy Act deals with this phenomenon, and it is itself largely modelled on Arts 25-26 of EU Directive.
However, leading thinkers in this field have pointed out that it is somewhat anachronistic to talk about data ‘flowing’—as if it there are a series of distinct, point to point transfers, when in fact this information distributed across a number of data centres in a number of countries, and is accessible globally by electronic means.
In both the Genetic Privacy inquiry and the current Privacy inquiry, the ALRC consistently has heard from the general public serious concerns about their personal information being held overseas.
This is not a specific critique of the adequacy or otherwise of privacy regimes overseas—people simply don’t know. Rather, it is an existential anxiety—a general feeling that they are losing control over something deeply personal, and there is little ability to do anything about it. And I repeat, it is a serious and often repeated concern.
The Australian Government is currently working hard to develop and have accepted an ‘APEC Privacy Framework’, with the intention of providing high standards and consistency across the Pacific Rim, at least.
One area in which the ALRC is devoting considerable emphasis and resources should be of particular interest to this audience:
Is there an emerging generation gap in basic attitudes to privacy? That is, do young people have such a fundamentally different approach to privacy that this should be recognised by law? As mentioned, GenY and below generally seem quite comfortable in sharing personal information, photos and other material on websites.
- Does this represent a basic shift? Or is simply the recklessness of youth, played out in a new medium using new technology?
- (That is, will they be horrified in a few years when prospective employers—and prospective in-laws—Google that intimate information??)
The ALRC has commenced a series of specially designed* workshops for children and young people to explore this issue further—already held in Perth, Brisbane, and Sydney (Dubbo students), Hobart very soon, and there is the possibility of another one in Sydney.
[* by consultants who are experts in the field of youth consultation]
The ALRC also recently set up a ‘Talking Privacy Website – Young People and Privacy’ — uses Flash multimedia technology, music etc — which provides information about privacy law and our inquiry and contains an online form to ‘Have Your Say!’. There already has been strong interest, with lots of hits recorded.
AND, next Monday: the ALRC will launch online resources for teachers for privacy and law reform, including how to integrate those materials into the high school legal studies curriculum.
As I mentioned, I have enormous admiration for what you do, and appreciate how difficult it is to do it well. This evening has reinforced for me your enthusiasm and dedication to the task.
I hope this meeting in Sydney has been productive, and I wish you all the best. Thank you very much for your kind attention.
Prof David Weisbrot AM
President, Australian Law Reform Commission