36.72 The exemption of the agencies listed under sch 2 of the FOI Act from the Privacy Act is expressed in terms of their exemption from the FOI Act. Therefore, their exemption from the operation of the Privacy Act derives from their status under the FOI Act. The purposes of the Privacy Act are, however, different from those of the FOI Act. The Privacy Act is mainly concerned with the protection of the privacy of personal information about individuals, whereas the FOI Act aims to promote the ideals of an open and transparent government by granting a right of access to, and correction of, government records, except in relation to certain exempt documents. Given the differing purposes of the two Acts, it is inappropriate to exempt agencies from compliance with the Privacy Act simply because they are exempt from the operation of the FOI Act. There should be clear policy justifications for the exemption of these agencies from the Privacy Act.
36.73 The ALRC has not received submissions from a number of the exempt agencies about their exemption from the operation of the Privacy Act, despite specifically inviting submissions from them. In these circumstances, the ALRC is unable to make an informed policy decision about whether these agencies should remain exempt from the operation of the Privacy Act. The ALRC notes that some overseas jurisdictions, such as the United Kingdom and Hong Kong, exempt very few specified agencies from the operation of their privacy legislation. Exemptions in these overseas jurisdictions are based on the activities of particular types of data controllers, rather than for specified, named data controllers. It is difficult, therefore, to compare the agencies discussed in this chapter with overseas agencies that are exempt from their privacy legislation.
36.74 Certain agencies discussed in this chapter should be required to demonstrate to the minister responsible for administering the Privacy Act that they warrant exemption from compliance with the Privacy Act. In the event that these agencies fail to do so within 12 months, their exempt status should be revoked automatically. This approach would give the relevant agencies a final opportunity to consider their position and make their case if they believe an exemption is warranted. The ALRC notes that this option also was generally supported in submissions.
36.75 The ALRC also notes submissions by some stakeholders that interested parties, such as privacy advocates, should be able to make submissions on the issue of whether the agencies discussed in this chapter should be exempt from the operation of the Privacy Act. The ALRC agrees that as a matter of informed and transparent policy making, there should be public consultation on any claims for exemption, as well as consultations with the OPC and other interested stakeholders. In the case of Aboriginal Land Trusts and Land Councils, consultation, particularly with Indigenous representative groups, would be appropriate.
36.76 In DP 72, the ALRC proposed that the NHMRC be included in the list of agencies that are required to demonstrate that they warrant exemption from the operation of the Privacy Act. The NHMRC has since submitted that it was unaware of the reasons for its partial exemption from the operation of that Act and would not object to the exemption being removed. The ALRC therefore recommends that the partial exemption that applies to the NHMRC under the Privacy Act be removed.
36.77 The current partial exemption that applies to AUSTRAC should remain. The exemption is a limited one and does not apply to AUSTRAC’s administrative activities. The application of the UPPs to AUSTRAC’s existing exempt activities may cause difficulties for its operation, particularly the ‘Collection’, ‘Notification’ and ‘Anonymity and Pseudonymity’ principles. In addition, the handling of information by AUSTRAC is governed by PSM 2005 and ACSI 33, as well as a secrecy provision that prohibits AUSTRAC officials from disclosing information collected, compiled or analysed by AUSTRAC. Unlike the other agencies listed in sch 2 of the FOI Act, the functions of AUSTRAC are more akin to those of law enforcement agencies. For these reasons, AUSTRAC should remain partially exempt from the operation of the Privacy Act.
ABC and SBS
36.78 The ABC and the SBS should not be exempt from the Privacy Act by virtue of their exempt status under the FOI Act. There are insufficient policy justifications for treating national broadcasters differently to media organisations in the private sector for the purposes of the Privacy Act. Setting aside the question of access and correction to their records, which is generally dealt with under the FOI Act, there is no justification for a specific exemption for the ABC and the SBS in relation to their program materials and datacasting content.
36.79 Both the ABC and the SBS submitted that they should be exempt in relation to their programming materials because they are not in commercial competition with private sector media organisations. While it is arguable whether the ABC and the SBS are in commercial competition with other media organisations, as agencies, the national broadcasters should be required to comply with the Privacy Act unless there is a clear policy justification for their exemption. In the case of the ABC and the SBS, the relevant policy justification is the public interest in promoting freedom of expression in the context of their journalistic activities—the same public interest consideration that applies to other media organisations. Therefore, the ABC and the SBS should be treated consistently with other media organisations, which are exempt in relation to acts done, or practices engaged in, in the course of journalism. Applying the journalism exemption to the national broadcasters also would ensure that their independence and integrity in the context of their journalistic activities is preserved.
36.80 The ALRC notes the concern raised by the ABC that the removal of its partial exemption may result in it being excluded from the journalism exemption, on the basis that its programming activities are not ‘commercial activities’. To the extent that the ABC and the SBS’s programming activities are considered non-commercial activities, s 7A of the Privacy Act will not apply to deem the ABC or the SBS to be an ‘organisation’ and therefore not a ‘media organisation’ in relation to its programming activities. To address this concern, the ALRC recommends in Chapter 42 that the ABC and the SBS be prescribed by regulations as ‘media organisations’ for the purposes of the journalism exemption. In addition, the ALRC recommends that the removal of their partial exemption from the operation of the Privacy Act should be conditional upon their being prescribed by regulations as ‘media organisations’. This will ensure that the ABC and the SBS are not placed at a disadvantage upon the removal of their partial exemption.
36.81 The ALRC also notes the submission by the ABC that empowering the Privacy Commissioner to deal with privacy complaints in relation to the ABC’s programming activities would reduce the ABC Board’s oversight of such activities and interfere with the role of ACMA in dealing with privacy-related complaints against the ABC. This concern is addressed adequately by recommendations made by the ALRC elsewhere in this Report. As mentioned above, the ALRC is recommending that the ABC and the SBS be prescribed by regulations as ‘media organisations’ for the purposes of the journalism exemption. Accordingly, the ABC and the SBS’s programming activities generally would be covered by the journalism exemption and therefore fall outside the jurisdiction of the Privacy Commissioner.
36.82 For programming activities of the ABC and the SBS that do not fall within the scope of the journalism exemption, the ALRC accepts that both ACMA and the Privacy Commissioner would have jurisdiction to hear privacy-related complaints concerning such activities. In Chapter 73, the ALRC recommends that the OPC, ACMA and the Telecommunications Industry Ombudsman should develop memorandums of understanding addressing several issues, including: the roles and functions of each of the bodies under the Privacy Act and other legislation; the exchange of relevant information and expertise between the bodies; and when a matter should be referred to, or received from, the bodies. Such memorandums of understanding would ensure that there is greater cooperation between the OPC and ACMA when dealing with privacy-related complaints against media organisations.
36.83 In addition, the ALRC notes that the Privacy Commissioner currently has power not to investigate, or not to investigate further, complaints in defined circumstances, including where the complaint has been, or is being dealt with, adequately under another law. The ALRC also recommends in Chapter 49 that the Privacy Commissioner should be given more discretion not to investigate individual complaints in certain circumstances, including where an investigation, or a further investigation, is not warranted having regard to all the circumstances. These powers would allow the OPC to decide not to investigate a complaint that is being considered by ACMA. The ALRC is therefore satisfied that regulatory oversight of the ABC and the SBS by the Privacy Commissioner would not interfere with ACMA’s role in dealing with privacy-related complaints against them.
36.84 Currently, the ABC, the SBS and the other agencies discussed above are either partially or completely exempt from the operation of the FOI Act. In Chapter 29, the ALRC recommends that the right of access to personal information held by an agency should be subject to the applicable provisions of any Commonwealth law. Therefore, the right of access to personal information held by agencies that are exempt from the operation of the FOI Act will continue to be subject to the FOI Act. The appropriateness of the exemption of these agencies from the FOI Act currently is the subject of a separate inquiry on the FOI Act being conducted by the ALRC. The ALRC therefore makes no recommendations on this issue.
Recommendation 36-2 The following agencies listed in Schedule 2, Part I, Division 1 and Part II, Division 1 of the Freedom of Information Act 1982 (Cth) should be required to demonstrate to the minister responsible for administering the Privacy Act that they warrant exemption from the operation of the Privacy Act:
(a) Aboriginal Land Councils and Land Trusts;
(c) National Workplace Relations Consultative Council;
(d) Department of the Treasury;
(e) Reserve Bank of Australia;
(f) Export and Finance Insurance Corporation;
(g) Australian Communications and Media Authority;
(h) Classification Board;
(i) Classification Review Board; and
(j) Australian Trade Commission.
The Australian Government should remove the exemption from the operation of the Privacy Act for any of these agencies that, within 12 months from the tabling of this Report, do not make an adequate case for retaining their exempt status.
Recommendation 36-3 The Privacy Act should be amended to remove the partial exemption that applies to the National Health and Medical Research Council.
Recommendation 36-4 Subject to the implementation of Recommendation 42–2 (regulations specifying agencies, including the Australian Broadcasting Corporation and the Special Broadcasting Service, as ‘media organisations’ under the Privacy Act), the Privacy Act should be amended to remove the partial exemption that applies to the Australian Broadcasting Corporation and the Special Broadcasting Service.
 In October 2006, the ALRC wrote to the following agencies inviting submissions: Anindilyakwa Land Council, Tiwi Land Council, Northern Land Council, Central Land Council, Auditor-General of Australia, National Workplace Relations Consultative Council, Reserve Bank of Australia, Export and Finance Insurance Corporation, Classification Review Board, Office of Film and Literature Classification, and Austrade. The ALRC has not received any submissions from these agencies.
 There are only four exemptions in the Data Protection Act 1998 (UK) and three in Personal Data (Privacy) Ordinance (Hong Kong): see Data Protection Act 1998 (UK) ss 30(2), 30(3), 31, 36; Personal Data (Privacy) Ordinance (Hong Kong) ss 52, 57, 61; and Ch 33.
 See Ch 42.
 See Rec 42–2.
 See Rec 73–8.
 Privacy Act 1988 (Cth) s 41.
 Rec 49–1.
Freedom of Information Act 1982 (Cth) s 7.
 See Rec 29–2.