Co-regulation between the OPC and industry

10.112 The Privacy Act currently provides, through the OPC’s power to approve privacy codes, a form of co-regulation for organisations that develop and deploy particular technologies.[148] Once a privacy code has been developed by an industry and approved by the OPC, the requirements set out in the code are binding on organisations that have agreed to be bound.[149]

10.113 At several points throughout this chapter, the ALRC has noted where the code-making mechanism could provide additional privacy protection of personal information handled by an agency or organisation using a particular technology. Two technology-specific codes are the Biometrics Institute Privacy Code and the Internet Industry Association Draft Code. A detailed discussion of these two codes can be found in DP 72[150] and on the websites of the organisations.[151]

[148]Privacy Act 1988 (Cth) pt IIIAA.

[149] Further discussion of the operation of the current code-making power and the co-regulatory nature of privacy codes is contained in Ch 48.

[150] Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), [7.127]–[7.132].

[151] Biometrics Institute, Biometrics Institute Ltd <> at 5 May 2008; Internet Industry Association, Internet Industry Privacy Code of Practice: Consultation Draft 1.0 (2001).