This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy



Digital Business Lawyer

Report aims to encourage debate about Australian data policies

Australian charity Digital Rights Watch (‘DRW’) published a report on 14 May 2018 titled ‘The State of Digital Rights’ (‘Report’), seeking to promote public debate on digital rights by analysing a selection of the key digital rights issues facing Australians and issuing recommendations for policymakers. The recommendations put forward in the Report relate to the metadata retention regime, consumer rights, privacy, intelligence sharing, encryption, computer network operations, copyright reform, content moderation, and protecting children online.

Specifically, the DRW recommends in the Report, inter alia, that the Government introduce legislation that upholds rights to digital privacy and data protection, that it should not weaken encryption protocols, and that telecommunications service providers and internet platforms develop processes to increase transparency relating to content moderation. “Many of the recommendations are sensible and balanced,” said Peter Leonard, Principal at Data Synergies. “Even if you disagree with some of the more radical recommendations, the Report is a timely reminder to Australians that Australia’s human rights protections are quite thin and not legally guaranteed, so excessive security and surveillance laws could conceivably open up a path to quite unacceptable social surveillance. That path is not likely to be politically palatable in the immediate future, but there are no legal checks and balances - no legal ‘bright lines’ - to ensure that the Government is aware when the invisible line as to excessive social surveillance is about to be crossed.”

The first area of analysis and case study in the Report focuses on Australia’s mandatory metadata retention regime, which requires telecommunication services providers to retain customer metadata for two years. The Report recommends an immediate repeal of this regime, or an amendment to legislation to introduce ‘proper safeguards’ for privacy and freedom of expression. “This is a call that is not likely to be heard - the current legislation represents an attempt by the Government to ensure a balancing of protecting the security and safety of Australians against privacy protections,” comments Angela Flannery, Partner at Holding Redlich. “To protect privacy, the data that is collected is limited - it does not include the content of the communications but is limited to information such as account details and when communications were made, to which other account, where from and for how long. Also, the agencies that are able to access that data are limited, and the Telecommunications (Interception and Access) Act 1979 (Cth), which contains the scheme, requires telecoms companies to encrypt the retained information and protect it from unauthorised access and provides that the information will have the protections of the Australian Privacy Act.” However, concerns raised by privacy and human rights advocates about overreach and limited controls in the data retention regime were only partly addressed in its initial implementation and operation of the regime continues to be scrutinised by critics. Leonard suggests that repeal of data retention laws is unlikely to find political support, however “a more likely scenario is backfilling such laws with better transparency and oversight mechanisms, including restricting current self-certification by law enforcement agencies as to their requests,” adds Leonard.

The section of the Report entitled ‘Consumer rights and facial recognition’ recommends adding biometric information and biometric templates to the definition of sensitive information under the Privacy Act, introducing rights to pseudonymity, an opt-out register for those who do not want their sensitive data collected for commercial purposes, a compulsory register of entities that collect biometric data, and consent requirements for data repurposing. These recommendations are directly relevant to bills in the Australian Parliament as to a national identity-matching interoperability hub, which would enable sharing of biometric identifier information between Federal and State governments and potentially also with private sector organisations. The recommendations are also relevant in relation to data sharing that will follow implementation of the recommendations of the Productivity Commission’s Data Availability and Use Inquiry, which amongst other things recommends a ‘Consumer Data Right’ for Australians. “I don’t think these recommendations will impact the Government’s new proposals, as its open banking and open data initiatives appear to be unstoppable and generally accepted as a good idea,” said Alec Christie, Partner at EY Law. “Many of the Report’s recommendations in general are so extreme, impractical and often unsupported by its analysis, that they are unlikely to be taken seriously by the Government or the general public. Some of the recommendations are also based on faulty analysis and inaccuracies in the interpretation of the law.”

The Report also recommends that the Government investigate the creation of a similar body to that of the European data protection authorities to monitor and uphold privacy protections, including digital rights in the workplace. “Australian privacy law traces its genealogy back to EU privacy law, as do many countries in the Asia Pacific region,” adds Christie. “Of course, the Australian Privacy Principles are not as prescriptive as the GDPR and enforcement has not been robust to date, but most of the core principles are there. Thus, I would have expected the Report to focus on what we do have and how that might be best used to address a number of the issues raised, including if we need to better fund our privacy regulator and/or increase our fines for breaching privacy.”

“The Report largely ignores the good work of the Office of the Australian Information Commissioner (‘OAIC’),” concludes Flannery. “There appears to only be one direct reference to the OAIC in the Report, however the OAIC has been very proactive in responding not only to consumer complaints but also initiating its own investigations in areas of community concern and working with regulated entities and consumers to increase awareness of the law and the need for privacy protections. It would seem unlikely that the Report’s recommendations will be implemented, but nonetheless, to the extent that the Report serves to create discussion and keeps privacy issues as a current topic of political debate in Australia, it is definitely of value.”

Search Publication Archives



Our publication archives contain all of our articles, dating back to 1999.
Can’t find what you are looking for?
Try an Advanced Search

Log in to digital business lawyer
Subscribe to digital business lawyer
Register for a Free Trial to digital business lawyer
digital business lawyer Pricing

Social Media

Follow digital business lawyer on Twitterdigital business lawyer on LinkedIndigital business lawyer RSS Feed