September 2007

Further to my previous posts, the Telecommunications (Interception and Access) Amendment Bill 2007 was passed by the Senate on 20 September 2007. It went through without a definition of ‘telecommunications data’. The Democrats and the Greens expressed their concerns about the bill generally and its impact on privacy and the vagueness of the term ‘telecommunications data’ but their suggested amendments were negatived. See Natasha Stott-Despoja’s speech and Kerry Nettle’s speech for details.

The Communications Legislation Amendment (Crime or Terrorism Related Internet Content) Bill 2007 was introduced into the Senate at the beginning of this week. Senator Eric Abetz had this to say in his Second Reading Speech:

“The Government’s recent review of the E-Security National Agenda found that the e-security landscape has changed significantly with the emergence of sophisticated, targeted and malicious online attacks. Many of these attacks are associated with websites used by criminals to perpetrate fraud or circulate malicious software.

This Bill proposes to amend the Broadcasting Services Act 1992 to expand the black list of Internet addresses (URLs) that is currently maintained by the Australian Communications and Media Authority (ACMA) to include crime and terrorism related websites hosted domestically and overseas. Black listing cyber crime and terrorism websites is part of the Government’s comprehensive NetAlert – Protecting Australian Families Online initiative.”

The Australian Law Reform Commission (ALRC) has published Discussion Paper 72, asking for feedback on “301 proposals for overhauling Australia’s complex and costly privacy laws and practices”.

As stated in the ALRC’s media release, key proposals arising from the public consultation process undertaken to date include the following:

–simplifying the current regulatory scheme for privacy law;
–providing for the protection of personal information stored or processed overseas;
–introducing a new system of data breach notification to individuals;
–introducing a new statutory cause of action where an individual’s reasonable expectation of privacy has been breached;
–abolishing the fee for unlisted telephone numbers;
–expanding the enforcement powers of the Privacy Commissioner;
–imposing civil penalties for serious breaches of the Privacy Act; and
–introducing a more comprehensive system of credit reporting.

Submissions in response to the discussion paper are due by 7 December 2007. The ALRC plans to release a final report and recommendations in March 2008.

I have not been able to review the ALRC’s proposals in depth, but they appear to be responding to the considerably complex nature of Australian privacy laws (which are addressed at the federal and state levels, sometimes with separate treatment for medical records), as well as attempting to bring current privacy principles in line with current information technology and its implications.