Privacy laws – where to draw the line?
The definition of privacy and perceptions about when privacy has been invaded can vary enormously.
A recent media report involving Paul Keating’s daughter has brought privacy laws back into the spotlight. Katherine Keating allegedly threatened and kicked a media reporter who took her photo at a Halloween party. Though she denies the claims, the report prompted her father to call for Australian privacy laws to be rewritten, stating: “Matters for which there is no public right to know ought to be the preserve of the citizenry in its privacy.”
Most of us non-celebrity types tend to go on our merry way undisturbed by the flash of media or paparazzi cameras. But the issue of privacy increasingly affects us all.
One of the key areas in our current privacy laws relates to personal information. Personal information means anything that can generally identify you in some way, from medical records to opinions, written or otherwise.
The Federal Privacy Act regulates the handling of personal information, including how it is collected, used, disclosed, and protected. So your details can’t just be handed to another organisation. If your information is mishandled you can complain to the government’s Privacy Commissioner.
But current law is fairly confusing. In addition to the federal act, each state and territory has its own separate laws concerning personal information.
These laws haven’t been revised for 20 years, so they don’t take into account new technologies. Many organisations now process customer data overseas, so personal information is often being sent overseas without our knowledge or consent.
The advent of camera phones and smaller digital cameras has made it easier for ordinary people to have their privacy invaded, such as photographs taken in change rooms being posted on internet sites.
The Australian Law Reform Commission released a report on Australian privacy law in 2008, offering ten recommendations. The government is currently considering these, and has already agreed to implement many.
Recommendations included a simplified act with one clear set of principles to be adopted by individual states and territories. Organisations sending personal data overseas would be responsible for protecting that information. Stronger penalties would be given for breaching privacy principles, and it would be mandatory to notify people if their personal information had been compromised.
The biggest change would be the creation of a “statutory cause of action for a serious invasion of privacy”. So in situations involving “highly offensive” conduct, like interference with someone’s home life, or unauthorised surveillance, damages could be sought in court. But only if the person’s privacy outweighed other public interest matters, such as freedom of expression.
Where to draw the line on privacy laws will no doubt be a continued topic of debate.