Principal, Xamax Consultancy Pty Ltd, Canberra
Visiting Professor, Baker & McKenzie Cyberspace Law & Policy Centre, University of N.S.W.
Visiting Professor, E-Commerce Programme, University of Hong Kong
Visiting Fellow, Department of Computer Science, Australian National University
Version of 28 April 2003
© Xamax Consultancy Pty Ltd, 2003
This document is at http://www.anu.edu.au/people/Roger.Clarke/DV/EPPP.html
The advance of technologies such as digital signatures, biometrics and surveillance has resulted in increasing recognition across the world of the inadequacy of existing data protection laws as a basis for protecting citizens' privacy and human rights.
Among the alternative responses to this realisation are the extreme outcomes of acceptance of 'the death of privacy', and the emergence of much more substantial forms of human rights instruments. An intermediate possibility is the emergence of additional Privacy Principles to supplement those codified in the OECD Guidelines and implemented in most countries in Australia's reference group.
The following are examples of the kinds of Principles that are emerging.
This appeared in the Australian Privacy Charter in 1994, and is expressed in the National Privacy Principles that apply to the Australian private sector as follows: "Wherever it is lawful and practicable, individuals must have the option of not identifying themselves when entering transactions with an organisation". It is also included in the Victorian and Northern Territory legislation regulating the public sector, and in the Australian Privacy Commissioner's Guidelines in relation to PKI.
This has appeared in various forms, e.g. in relation to the Tax File Number, the Canadian Social Insurance Number, private sector use of identifiers assigned by Australian government agencies, and the Victorian and Northern Territory laws.
Longstanding formulations restrict the use of data to those purposes authorised by law, or consented to. There are increasing expectations that the purposes for the use of data, identifiers in particular, and indeed for technologies, have to be justified, and that the justification has to be published. The Canadian laws include the requirement and so does the N.S.W. Law Reform Commission's Report on Surveillance.
More specifically, it is increasingly expected that each organisation that seeks to implement a significantly privacy-invasive technology or scheme will undertake a formal and consultative study of its negative impacts on privacy, whether they are justified, and how they can be ameliorated. This has been implemented in the law of Canada, in the practices of the governments of Ontario and Hong Kong, and in the Australian Privacy Commissioner's Guidelines in relation to PKI.
There is concern that the exercise of privacy rights by individuals can come at a cost, in such forms as the denial of services, restricted access to services, and lower priority access to services. Forms of a Principle precluding such disadvantages have appeared in the Australian Privacy Charter in 1994, and in the Korean law.
The Authentication Initiative involves powerful technologies. The emergence of these Principles is likely to have considerable implications for the development of the framework, the application of the framework in particular agencies, and especially its application in the multi-agency context of 'joined-up e-government'.
Go to Roger's Home Page.
Go to the contents-page for this segment.
Created: 28 April 2003
Last Amended: 28 April 2003
| These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content). | |
| The Australian National University Visiting Fellow, Faculty of Engineering and Information Technology, Information Sciences Building Room 211 | Xamax Consultancy
Pty Ltd, ACN: 002 360 456 78 Sidaway St Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, 6288 6916 |