Abstract

This submission responds to Part D of the Australian Law Reform Commission’s 'Discussion Paper 72 Review of Australian Privacy Law', September 2007 which deal with the information privacy principles lying at the heart of the Privacy Act 1988 and the definitions which are essential to their meaning. As part of its 'Review of Australian Privacy Law', the ALRC has proposed that the Privacy Act should be amended to consolidate the current Information Privacy Principles and National Privacy Principles into a single set of privacy principles - the Unified Privacy Principles (UPPs) - that would be generally applicable to agencies and organisations, subject to exceptions as required. The ALRC has also proposed that amendments be made to some key definitions. This submission supports a single set of principles, but makes numerous suggestions for improvements to the proposed UPPs to ensure they represent world best practice and address some of the weaknesses and ambiguities exposed by experience of the current principles Suggestions include more clearly defining ‘personal information’, ‘consent’ and ‘authorised by law’; express application of collection principles to collection by observation or surveillance; stronger notification requirements; a condition of ‘proportionality’ in collection and use; a separate retention principle, and a re-worked transborder data flow principle that does not leave so much discretion to data exporters as the current NPP 9.