The UNSW Cyberspace Law and Policy Centre has called on the Federal Government to expand the Office of the Information Commissioner’s (OAIC) powers to better protect personal information and privacy online.
Speaking at a Joint Select Committee on Cybersafety, the centre’s executive director, David Vaille, said the Cybercrime Legislation Amendment Bill 2011 should not continue without fixing the deficits within the jurisdiction of the OAIC.
“Providing safe guards for Australian internet users, particularly about the enforceability of decisions and the power to impose fines on ISPs and others where there are unwarranted and unauthorised breaches of an internet users’ privacy, without that and a number of other protections, even a revised version of the bill would not be suitable,” Vaille said.
According to Vaille, research from “a number of people in the field” pointed to a range of deficiencies in Australian privacy laws that could not be fixed by only a minor extension of the OAIC’s jurisdiction.
“This bill should not go ahead without the introduction of some sort of robust, statutory protection for privacy.”
The centre’s research associate, Chris Connolly, said the Australian Law Reform Commission had previously reviewed privacy laws within Australia and had also made recommendations to strengthen the powers of the OAIC.
He said within the last 10 years, from the time privacy provisions were extended to the private sector, only one termination has been made by the Privacy Commissioner and was the result of a class action by consumers.
“No organisation has been named as in breach of the Privacy Act as a result of a complaint and this compares unfavourably with sectors such as the regulation of telecommunications, financial services, activities of regulators like ACMA [the Australian Communications and Media Authority] where organisations are named fairly regularly as in breach of legislation,” Connolly said.
“We believe there’s a strong body of evidence and a good 10 year history showing that the conciliation approach, which would be that the privacy commissioner remains unusual in the regulatory sphere, really doesn’t provide any motivation to comply with privacy laws.”
Dual criminality
Connolly expressed a major concern at the Bill’s failure to address the issue of dual criminality – by which any criminal offence that is the subject of mutual assistance should be considered an offence both in Australia and the target country.
“That’s the core part of our test of whether or not the bill is acceptable, whether or not there is a clear unambiguous requirement for dual criminality,” he said.
“We’re unclear whether it’s the intention of drafters or a drafting error but normally what you would expect to see in a Bill of this type implementing a convention, is a specific decision by the legislator to act on the recommendation in the convention that countries can choose to impose a dual criminality requirement for all of the subsequent cooperation arrangements such as data preservation notices, mutual assistance and so on. There is no dual criminality requirement in the bill there’s nothing set out at all.”
Follow Chloe Herrick on Twitter: @chloe_CW
Follow Computerworld Australia on Twitter: @ComputerworldAU