Are Australia's privacy and information laws in need of reform?

The Australian state of Queensland has put inconsistent, fragmented and multi-layered privacy and information laws up for review
Written by Tim Lohman, Contributor

Australia's patchwork of privacy and information laws is the target of a new Queensland Government review aimed at eliminating 'unjustified' compliance burdens and barriers to data sharing between government agencies.

The review is also assessing the state's right to information laws, examining whether government owned corporations and private and community contracted service providers should be included on the list of which organisations the public can make information claims from.

According to the Review of the Information Privacy Act 2009 paper, a major stumbling block in current privacy and information protections is that Australia's privacy principles, and who they apply to, varies between federal, state and territory jurisdictions.

"This leads to significant confusion and complexity about how privacy law operates for governments and the private and community sector," the paper reads.

"In addition, it may create an unjustified compliance burden, particularly where organisations operate in more than one jurisdiction, and are required to comply with multiple layers of privacy regulation.

"Consumers who have complaints about privacy are often confused or unsure about who the appropriate privacy regulator is."

The paper also notes the Australian Law Reform Commission's investigation into privacy law, arguing that inconsistent, fragmented and multi-layered privacy laws had "prevented or impeded information sharing, acting as a barrier to information sharing between federal, state and territory government agencies."

Another major issue the review is canvassing is whether freedom information laws should be expanded to help address the loss of accountability in government occurring through government agencies contracting private sector bodies to provide services to the public.

"Where problems arise with the provision of a service by a non-government body, members of the public are unlikely to be able to find out why and how the problem occurred or seek redress as they are not a party to the contract," the Review of the Right to Information Act 2009 and Chapter 3 of the Information Privacy Act 2009 paper reads.

Currently, Queensland law only allows freedom of information requests for documents held by government agencies and government ministers. However, the cost for these organisations of complying with an information access regime would likely be passed onto the public, the paper notes.

While not addressing wider public concerns about data sharing between Australia and the US as part of the NSA's PRISM program, the review does acknowledge shortcomings in the powers that the Queensland Government has in protecting the state’s residents.

"Once personal information is transferred from the control of these agencies, the protections provided by the IP [Information Privacy] Act are lost," the Review of the Information Privacy Act 2009 reads.

"If there is no privacy protection in the jurisdiction which receives the information, the personal information of Queenslanders will no longer be protected. It is therefore important that the personal information of Queenslanders is only transferred outside of Australia in appropriate circumstances."

The review is also canvassing the potential privacy and information issues associated with government agencies’ increasing use of technologies such as BlackBerrys, cloud computing and Twitter.

"The use of such technology may result in the transfer of personal information outside Australia… for example, if messages are relayed to overseas locations," the Review of the Information Privacy Act 2009 notes.

The review argues that private clouds, where cloud computing services are hosted on government-owned infrastructure and delivered over government-owned networks, are not problematic. However, public clouds, hosting services external to government and located overseas, could pose a privacy risk when transferring information outside Australia.

Editorial standards