Introduction

5.1 This chapter provides an overview of the Privacy Act 1988 (Cth) in its current form and recommends some changes to the name, structure and objects of the Act. It is recommended that the Act be redrafted to achieve greater logical consistency, simplicity and clarity, that an objects clause be included, and that the name of the Act be changed to reflect more accurately the scope of the legislation.

5.2 The Privacy Bill 1988 was introduced into the Australian Parliament in November 1988[1] by the then Attorney-General, the Hon Lionel Bowen MP. The Bill was in part a response to a number of developments in the 1970s and 1980s including continuing advances in the technology available for processing information.

5.3 The Preamble to the Bill makes clear that the legislation was intended to implement Australia’s obligations relating to privacy under the United Nations International Covenant on Civil and Political Rights[2](ICCPR) as well as the Organisation for Economic Co-operation and Development Guidelines on the Protection of Privacy and Transborder Flows of Personal Data[3](OECD Guidelines). The Second Reading Speech to the Privacy Bill also referred to the Council of Europe Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data[4](Council of Europe Convention).

5.4 The Hon Justice Michael Kirby chaired the group of government experts that developed the OECD Guidelines. As Chairman of the Australian Law Reform Commission (ALRC), Justice Kirby also oversaw the production of the three volume Report, Privacy (ALRC 22), published in 1983.[5] The Report included draft legislation, which drew on the OECD Guidelines, and was considered by the Australian Government in developing the Privacy Bill.

5.5 The Privacy Act, in its original form, set out the Information Privacy Principles (IPPs), which regulate the handling of personal information by Australian Government departments and agencies. It established the position of the Privacy Commissioner, within the Human Rights and Equal Opportunity Commission. The Act provided guidelines for the handling of individual tax file number (TFN) information in both the public and private sectors following enhancements in the use of this identifier in 1988.[6]

5.6 The Privacy Act also applies to ACT public sector agencies. In 1994, as part of the transition to self-government, the ACT public service was established as a separate entity from the Australian Government public service. Amendments were made at that time to ensure that ACT public sector agencies continued to be covered by the Act.[7]

5.7 The Act has been substantially amended on a number of occasions. In 1990, the Act was amended to provide safeguards for individuals in relation to consumer credit reporting.[8] These amendments governed the handling of credit reports and other credit worthiness information about individuals by credit reporting agencies and credit providers.

5.8 In 2000, the Act was amended to extend coverage to private sector organisations more generally.[9] This amendment introduced the National Privacy Principles (NPPs) into the legislation. The NPPs were developed following consultation with business, consumers and other stakeholders.[10] Further amendments in 2000 established the Office of the Privacy Commissioner (OPC) as a statutory authority independent of the Human Rights and Equal Opportunity Commission.[11]

[1] A predecessor Privacy Bill was introduced into Parliament in 1986, in association with the Australia Card Bill 1986, but both Bills lapsed with the double dissolution of Parliament in 1987. The Australia Card proposal is discussed further in Ch 30.

[2]International Covenant on Civil and Political Rights, 16 December 1966, [1980] ATS 23, (entered into force generally on 23 March 1976), art 17.

[3] Organisation for Economic Co-operation and Development, Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980).

[4]Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, 28 January 1981, Council of Europe, CETS No 108, (entered into force generally on 1 October 1985).

[5] Australian Law Reform Commission, Privacy, ALRC 22 (1983).

[6]Taxation Laws Amendment (Tax File Numbers) Act 1988 (Cth). TFNs are discussed further in Ch 30.

[7]Australian Capital Territory Government Service (Consequential Provisions) Act 1994 (Cth).

[8]Privacy Amendment Act 1990 (Cth). Credit reporting is discussed in detail in Part G.

[9]Privacy Amendment (Private Sector) Act 2000 (Cth).

[10] Commonwealth, Parliamentary Debates, House of Representatives, 12 April 2000, 15749 (D Williams—Attorney-General).

[11]Privacy Amendment (Office of the Privacy Commissioner) Act 2000 (Cth).