The federal online privacy bill will do almost nothing to prevent spamming and the spreading of sensitive personal data without consent, various industry groups have complained.
Released this week by the Federal Attorney-General, Darryl Williams, the Privacy Amendment Bill allows personal information to be used for direct marketing purposes, on the proviso that "the individual is given the opportunity to opt out of receiving any further marketing".
The executive director of IT industry group Electronic Frontiers Australia, Peter Upton, criticised this condition as an "opt-out" approach, because spammers and bulk emailers were effectively entitled by law to electronically harass individuals until asked to stop. Upton complained that an "opt-in" approach, whereby individuals actively directed how their personal information was to be used in advance, had been overlooked.
Upton agreed with the Bill's concession that it is difficult for companies to obtain permission from each individual before using their data for direct marketing purposes, but did not accept this as an adequate excuse to send unsolicited email. "It's a weak bill," he concluded.
Similarly, the chairman of the Australian Privacy Foundation, Tim Dixon, decried the bill as "riddled with holes". He complained that the small business exemption contained in the bill pertained to almost three-quarters of Australian businesses. Under the legislation, any company with a website could send unsolicited email to individuals because they would qualify as media organisations, which were exempt from the legislation, he said.
The bill did not comply with the OECD (Organisation for Economic Cooperation and Development) privacy principle of 1980, which Dixon said states that all individuals have the "right to know when information's being collected on them".
The OECD is a France-headquartered international social and economic policy review committee; Australia is one of 29 represented countries.
Dixon said that New Zealand, Hong Kong, Canada and most European countries complied with the OECD's privacy principle, but Australia did not.
According to the bill, large corporations with numerous operational divisions were allowed to freely distribute an individual's personal information between company divisions without that individual's consent. Dixon expects the bill will do little to "bolster consumer confidence" and will consequently "harm online businesses".
Charles Britton, the Australian Consumers' Association policy officer for IT and communications, said it was unclear in the bill how organisations were allowed to use individuals' personal information. He suggested that organisations could, in compliance with the bill, discriminate against and choose to not contact individuals by using their personal data.
Meanwhile, the Internet Industry Association issued a statement that "welcomed" the flexibility of bill.
The Attorney-General's office was unavailable for comment.