Manner of exercise of powers

Section 29 of the Privacy Act

46.36 In exercising his or her powers under the Privacy Act, the Commissioner is bound to have regard to the matters set out in s 29. The matters in s 29 can be divided into two principal concerns. First, the Privacy Act requires the Commissioner to take the following into account when performing functions and exercising a power:

  • protection of important human rights and social interests that compete with privacy, including the general desirability of a free flow of information (through the media and otherwise) and the recognition of the right of government and business to achieve their objectives in an efficient way;[46] and

  • international obligations accepted by Australia, including those concerning the international technology of communications, and developing general international guidelines relevant to the better protection of individual privacy.[47]

46.37 Secondly, the Privacy Act requires the Commissioner to ensure that his or her recommendations, directions and guidelines are capable of being accepted, adapted and extended throughout Australia,[48] and are consistent with whichever is relevant out of the Information Privacy Principles (IPPs), the National Privacy Principles (NPPs), the Credit Reporting Code of Conduct and Part IIIA of the Act.[49]

46.38 The Explanatory Memorandum to the Privacy Bill 1988 (Cth) explained that s 29 requires the Commissioner ‘to balance the need to ensure proper protection from interferences of privacy against the requirements of government and private sector bodies to achieve their objectives in an efficient manner’.[50] The OPC has previously explained that ‘the legislation acknowledges that privacy is not an absolute right and that an individual’s right to protect his or her privacy must be balanced against a range of other community and business interests’.[51] Stakeholders to this Inquiry generally supported s 29 and the requirement that privacy be balanced against other community interests.[52]

46.39 The New Zealand Privacy Act requires its Privacy Commissioner to have regard to largely the same matters as set out in s 29.[53] In other jurisdictions, an alternative approach is taken. Instead of explicitly requiring privacy regulators to have regard to certain matters in the exercise of their powers, the privacy legislation acknowledges matters such as the competing interests of human rights and organisational efficiency in the preamble or objects section.[54] For example, the Information Privacy Act 2000 (Vic) has an objects clause covering such matters as balancing the public interest in the free flow of information with the public interest in protecting the privacy of personal information in the public sector.[55] The Act then requires the Privacy Commissioner to have regard to the objects of the Act in the performance of his or her functions and the exercise of his or her powers under the Act.[56]

Submissions and consultations

46.40 In DP 72, the ALRC identified support in submissions and consultations for the requirement that the Privacy Commissioner have regard to the matters set out in s 29 of the Privacy Act. These include, most importantly, the balance between protecting individual privacy, the desirability of a free flow of information and minimising compliance costs for government and business.[57]

46.41 The ALRC supports the requirement that the Commissioner continue to have regard to such matters when exercising his or her functions. However, given the ALRC’s proposal to introduce an objects clause that draws on similar themes to those set out in s 29—particularly the requirement to balance the public interest in protecting the privacy of individuals with other public interests[58]—the ALRC proposed in DP 72 that, rather than a separate section, the Commissioner should have regard to the matters set out in the proposed objects clause.[59]

46.42 A number of stakeholders, including the OPC, supported this proposal.[60] PIAC suggested that the requirement for the Commissioner to have regard to the objects clause will ‘lend weight to the objects clause and facilitate statutory interpretation’. Picking up on the Australian Privacy Foundation’s submission to IP 31 that successive Privacy Commissioners appear to have interpreted s 29(a) as limiting their ability to perform the role of public advocate and champion of privacy, PIAC suggested that requiring the Commissioner to have regard to the objects of the Act, which includes promoting the protection of individual privacy, ‘should lead to greater focus on these roles’.[61]

46.43 In contrast, the Australian Direct Marketing Association did not support the introduction of an objects clause, and thus submitted that this proposal was unnecessary.[62]

ALRC’s view

46.44 The ALRC recommends in Chapter 5 that the Privacy Act should be amended to include an objects clause.[63] In that recommendation, the ALRC suggests objects that draw on similar themes to those in s 29, including to implement Australia’s obligations at international law relating to privacy and to provide a framework within which to balance the public interest in protecting the privacy of individuals with other public interests. The objects clause also lists, as one of the purposes of the Act, to promote the protection of individual privacy.

46.45 Section 29 should be amended to require the Commissioner to have regard to the recommended objects of the Act in performing his or her functions and exercising his or her powers. This is consistent with a purposive approach to statutory interpretation, which requires that, in interpreting a provision of an Act, a construction that promotes the purpose or object underlying the Act should be preferred to a construction that would not promote that purpose or object.[64]

46.46 Aligning the matters to which the Privacy Commissioner must have regard with the objects of the Privacy Act ensures that everyone interpreting, applying and attempting to understand the Act—whether they are agencies, organisations, consumers, lawyers, academics or the OPC itself—has regard to the same set of objects. By moving the factors set out in s 29 to the objects clause, the Act effectively indicates that, not only are the enumerated factors critical in influencing the Privacy Commissioner’s administration of the Act, they are also critical in directing the general public’s understanding and interpretation of the Act.

Recommendation 46-3 The Privacy Act should be amended to provide that the Privacy Commissioner must have regard to the objects of the Act, as set out in Recommendation 5–4, in the performance of his or her functions and the exercise of his or her powers.

[46]Privacy Act 1988 (Cth) s 29(a).

[47] Ibid s 29(b).

[48] Ibid s 29(c).

[49] Ibid s 29(d).

[50] Explanatory Memorandum, Privacy Bill 1988 (Cth), 37.

[51] Office of the Privacy Commissioner, Getting in on the Act: The Review of the Private Sector Provisions of the Privacy Act 1988 (2005), 28.

[52] Office of the Privacy Commissioner, Submission PR 215, 28 February 2007; Queensland Council for Civil Liberties, Submission PR 150, 29 January 2007; Investment and Financial Services Association, Submission PR 122, 15 January 2007.

[53]Privacy Act 1993 (NZ) s 14. See also Information Privacy Act 2000 (Vic) s 60.

[54] This is the approach taken in a number of jurisdictions, including: Personal Information Protection and Electronic Documents Act 2000 SC 2000, c 5 (Canada) s 3; European Parliament, Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data, Directive 95/46/EC (1995), recitals 2, 3, art 1. See also the Organisation for Economic Co-operation and Development, Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980).

[55]Information Privacy Act 2000 (Vic) s 5.

[56] Ibid s 60.

[57] Office of the Privacy Commissioner, Submission PR 215, 28 February 2007; Queensland Council for Civil Liberties, Submission PR 150, 29 January 2007; Investment and Financial Services Association, Submission PR 122, 15 January 2007.

[58]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Proposal 3–4.

[59] Ibid, Proposal 43–3.

[60] Australian Bankers’ Association Inc, Submission PR 567, 11 February 2008; Australian Privacy Foundation, Submission PR 553, 2 January 2008; Public Interest Advocacy Centre, Submission PR 548, 26 December 2007; GE Money Australia, Submission PR 537, 21 December 2007; Office of the Privacy Commissioner, Submission PR 499, 20 December 2007; Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007; Law Society of New South Wales, Submission PR 443, 10 December 2007.

[61] Public Interest Advocacy Centre, Submission PR 548, 26 December 2007. See also Australian Privacy Foundation, Submission PR 167, 2 February 2007.

[62] Australian Direct Marketing Association, Submission PR 543, 21 December 2007.

[63] Rec 5–4.

[64]Acts Interpretation Act 1901 (Cth) s 15AA.