Ministers

41.70 The Privacy Act applies to Australian Government ministers only to the extent that their acts and practices relate to the affairs of agencies, ‘eligible case managers’[92] or ‘eligible hearing service providers’;[93] or where the acts and practices are in relation to a record concerning these affairs that is in the ministers’ possession in their official capacity.[94] Other acts and practices of ministers are exempt from the operation of the Act.[95]

41.71 There is no exemption for government ministers from privacy legislation in the United Kingdom, Italy, New Zealand or Hong Kong. In Victoria and Tasmania, privacy legislation expressly applies to government ministers.[96]

41.72 The OPC observed that the formulation of the exemption applying to Australian Government ministers is complex:

In the Privacy Act under s 6(1), a Minister is defined as an ‘agency’ and is therefore covered by the Act, however, his or her acts are excluded from coverage of the Privacy Act under s 7(1)(a)(iii). However, a Minister acting in his or her official capacity in relation to agencies within his or her portfolio are covered under ss 7(1)(d), (e), (ea), (eb), (ec), and (ed). … to help reduce this complexity, the definition of ‘agency’ which currently includes a Minister, should add words that describe the specific acts and practices of the Minister that are covered.[97]

41.73 In addition, it was said that the exemption is difficult to apply. As discussed above, ministers acting in their official capacity are bound by the Privacy Act, while MPs engaging in political acts and practices are not. The OVPC submitted that:

It is sometimes difficult to determine in what capacity a Minister acts—in their Ministerial capacity or in their capacity as an elected Member of Parliament—when personal information is collected and disclosed, at times under the umbrella of Parliamentary immunity. It is also unclear whether Ministerial advisors are subject to privacy obligations, given the nature of their employment and principles of ministerial accountability.[98]

41.74 One individual submitted that the exemption applying to ministers results in ‘a danger that the information they hold will be used for political purposes and not for the benefit of the individual or the safety of the nation’.[99]

41.75 In DP 72, the ALRC proposed that the partial exemption that applies to Australian Government ministers should be removed from the Privacy Act.[100] This proposal was supported by a broad range of stakeholders.[101]

ALRC’s view

41.76 Currently, Australian Government ministers acting in their official capacity are subject to the Privacy Act. For the reasons underlying the recommended removal from the Privacy Act of the political exemption, there is no sound policy basis for exempting ministers when they are not acting in their official capacity, unless they fall within another exemption from the Act.[102] Accordingly, the partial exemption that applies to Australian Government ministers should be removed.

Recommendation 41-1 The Privacy Act should be amended to remove the exemption for registered political parties and the exemption for political acts and practices by:

(a) deleting the reference to a ‘registered political party’ from the definition of ‘organisation’ in s 6C(1) of the Act;

(b) repealing s 7C of the Act; and

(c) removing the partial exemption that is currently applicable to Australian Government ministers in s 7(1) of the Act.

Recommendation 41-2 The Privacy Act should be amended to provide that the Act does not apply to the extent, if any, that it would infringe any constitutional doctrine of implied freedom of political communication or parliamentary privilege.

[92] The Information Privacy Principles (IPPs) apply to the acts and practices of ‘eligible case managers’ in connection with the provision of case management services or the performance of their functions under the Employment Services Act 1994 (Cth): Privacy Act 1988 (Cth) ss 6(1), 7(1)(cb). An ‘eligible case manager’ is an entity that is or has been a contracted case manager within the meaning of the Employment Services Act: Privacy Act 1988 (Cth) s 6(1). Although the Employment Services Act was repealed in April 2006, the Privacy Act 1988 (Cth) continues to provide privacy protection in relation to acts and practices of entities that have been eligible case managers.

[93] The IPPs apply to the acts and practices of ‘eligible hearing service providers’ in connection with the provision of hearing services under an agreement made under pt 3 of the Hearing Services Administration Act 1997 (Cth): Privacy Act 1988 (Cth) ss 6(1), 7(1)(cc). An ‘eligible hearing service provider’ means an entity that is, or has been, engaged under pt 3 of the Hearing Services Administration Act to provide hearing services: Privacy Act 1988 (Cth) s 6(1).

[94]Privacy Act 1988 (Cth) s 7(1)(d)–(ed).

[95]Ibid s 7(1)(a)(iii).

[96]Information Privacy Act 2000 (Vic) s 9(1)(a); Personal Information Protection Act 2004 (Tas) s 3 (definition of ‘public sector body’).

[97]Office of the Privacy Commissioner, Submission PR 215, 28 February 2007.

[98] Office of the Victorian Privacy Commissioner, Submission PR 217, 28 February 2007.

[99] K Handscombe, Submission PR 89, 15 January 2007.

[100]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Proposal 37–1(c).

[101]Australian Privacy Foundation, Submission PR 553, 2 January 2008; Public Interest Advocacy Centre, Submission PR 548, 26 December 2007; Australian Direct Marketing Association, Submission PR 543, 21 December 2007; Liberty Victoria—Victorian Council for Civil Liberties, Submission PR 540, 21 December 2007; Confidential, Submission PR 535, 21 December 2007; Office of the Victorian Privacy Commissioner, Submission PR 493, 19 December 2007; Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007; Privacy NSW, Submission PR 468, 14 December 2007; Australasian Compliance Institute, Submission PR 419, 7 December 2007; S Hawkins, Submission PR 382, 6 December 2007.

[102] For example, when they are handling personal information as individuals in the context of their personal, business or household affairs.