Address by Senator John Faulkner
Cabinet Secretary
Special Minister of State
2 October 2008
I would like to acknowledge the Eora people and their ancestors as the traditional owners of the land on which we are meeting today.
The theme of this conference is to consider how well the ALRC’s recommendations meet a number of current privacy challenges.
There are 295 recommendations for reform in the ALRC’s three volume, 74 Chapter, 4.8 kg report.
Ladies and gentlemen, not only is this a very large and comprehensive report, it is one that covers policy areas that are far reaching and extremely complex.
Privacy is about our control over our own information, it is about our right to control the exposure of ourselves, our views and our behaviours to others – and how that right is balanced with other social needs and the rights of others.
The Government sees privacy as part of a holistic approach to information:
This morning I would like to tell you about the Government’s plans for the next steps in addressing the ALRC’s Recommendations for reform, and then to talk to you more specifically about some of the questions raised in relation to one of the areas the Government has identified as a priority in this process, the particularly complex area of new technology.
As I previously announced on 11 August of this year, the Government will respond to the 295 recommendations contained within the ALRC report in two stages.
The first stage will involve looking at the building blocks of the revamped Privacy Act, namely the Unified Privacy Principles (or UPPs), credit reporting, health and new technologies.
The starting point for our consideration is the recommendations of the ALRC. Inevitably, there will be differing views within and without Government about these recommendations, and we will be listening carefully to those views as we map out a way forward.
As I also announced on 11 August, I expect that the Government will be able to legislate (as necessary) on this first reform stage within 12 to 18 months.
In order to meet that ambitious time frame the Department of Prime Minister & Cabinet has commenced discussions with some key players on a number of these first stage issues and is proposing to target stakeholders, in both the public and private sectors over the coming months.
PM&C has already made plans to meet with Government agencies to work through the ALRC’s recommendations. Where necessary, PM&C will work closely with specific agencies to consider matters for which those agencies have portfolio responsibility.
Further, I have written to all state and territory Attorneys-General to advise them of the Government’s timetable for first stage reforms, and to seek their initial comments on the recommendations. I anticipate being in a position to address the Standing Committee of Attorneys-General on the Government’s views of the ALRC recommendations early in 2009.
The Government will also shortly announce some half-day targeted meetings, or seminars, which will give those private sector organisations and privacy advocates that are interested in participating in this process the opportunity to discuss their views on the ALRC’s recommendations with the Government.
The aim of these discussions will be to ensure that everyone has the opportunity to put forward their views, to make the Government aware of any perceived gaps or limitations with the ALRC’s recommendations, and to ensure the government is fully informed prior to making decisions about those recommendations.
At this stage, I anticipate that the meetings will take place in Canberra later this year, with one meeting focused on the UPPs and another on the credit reporting provisions. In addition, a meeting to deal with health privacy issues will be arranged early in 2009. Following those meetings, interested parties will be given the opportunity to put in short final submissions for the Government’s consideration.
The Government is also considering the ALRC’s recommendations on new technologies in the first stage. Many of these recommendations refer to the development of guidance on specific issues. As technology changes, it is the responsibility of Government to make sure our values and priorities are not sidelined in the process. We will need to do more than print guidelines or give lectures – I believe that Government has a responsibility to consider those values important to our community in making a range of decisions, from legislation or regulation to administering policy, providing services, and determining procurement. We must provide guidance and leadership not only to the end-users of technology but to those individuals and organisations developing and implementing technological innovations.
The Government will use these meetings, and the final submissions, to assist it with fashioning the proposed amendments.
In moving forward with its reforms, the Government needs to be mindful of COAG’s timetable for reform in the areas of consumer credit and e-health. The extent to which the Government will be able to introduce amending legislation will necessarily be connected with progress through COAG.
The second stage of the response will consider the remaining recommendations, including those relating to the removal of exemptions and data breach notices. Given the complexity and sensitivity of these issues, it makes more sense to consider them after the first stage, the building blocks, have been dealt with. We will be giving more details of that part of the process as we move closer to the completion of the first stage dealing with the priority areas of UPPs, health, credit reporting and new technology.
Ladies and gentlemen, one of the most challenging areas for privacy policy is in the field of new technology.
Technology, the methods and tools that a society has developed in order to facilitate the solution of its practical problems, permeates our lives. Every society tends to view established technologies as inevitable aspects of the world – just the way things are. We often only stop to think about the implications technology has on our values and behaviours when innovations in technology bring significant change.
Over the past two decades, there has been rapid technological change, especially in the area of the capture, transfer and storage of digital information. And by that I mean, of course, not only digital information in the form of personal data, but audio and visual files, our internet footprints and ‘cookie trails’.
Technology affects privacy policy in two significant ways. One is in the changes to the physical limitations and constraints that surround our behaviour:
As a result, the trail of digital crumbs we leave behind us has produced the potential for vast data collections, data collections whose existence may be unknown to us, because they depend not on information volunteered but on information scavenged from the detritus of every-day life. And the increasing power and affordability of computers means that data can be sorted, cross-matched and utilised with virtually no limit.
The other is in the way that we behave – publishing details of our own (and other people’s) lives on the world wide web or accepting Amazon or iTunes collecting exhaustive records of our buying habits in exchange for personalised recommendation lists – just to pick a couple of superficial examples.
Technology changes the way we live.
And, ladies and gentlemen, it changes the way we think.
Often, our discussion of the danger to privacy of new technology concentrates on the dangers of people putting things on the internet that they might later regret. And indeed, especially for technology immigrants rather than technology natives, the fact that the internet is the world wide web and is also essentially a permanent record, can be a trap for the unwary. A Facebook posting or a YouTube video, like an ill-considered tattoo, can linger forever!
But while a reckless embrace of the internet’s potential for performativity may lead to lingering embarrassment, poor judgment and over-enthusiastic exhibitionism is not the biggest challenge new technology poses to privacy policy.
Privacy is not about what we voluntarily – however unwisely, as others might see it – disclose of ourselves. Privacy is our right to make that decision for ourselves. And new developments in technology – whether that be the internet, the camera-phone, Radio Frequency ID tags, widespread use of CCTV in public space, or others – has made it easy – incredibly easy, to people of my generation – for others to make that decision for us.
New technology provides for the democratisation of information collection, capture, collation, transfer and publication. But the prevalence and convenience of the data capture and publication in today’s world has reduced many of the protections of disutility that operated as de facto, rather than de jure, privacy protections.
However, we must also be constantly aware that technological development is perhaps the only part of the human environment that is entirely within human control.
That does not, of course, mean government control. Trying to legislate to control technological development or the ways people use technology is not perhaps ordering the tide to not come in, but it is certainly like trying to empty a bathtub with a teaspoon.
While legislation provides one set of constraints to human behaviour, inconvenience and cost provide others. And a significant impact of the changes in technology is to reduce or remove the constraints of cost or inconvenience for both individuals and corporations. The widespread availability of small, cheap and versatile devices that can record and transfer sound, images and data amounts to a comprehensive democratisation of the technology of surveillance, just as the increasing power and affordability of PCs has democratised the technology of data analysis.
Technology reflects and serves the values that drive its development and implementation. Today, the values most powerfully expressed – often contradictorily – are the digital libertarianism of the net natives, expressed in the catch-phrase ‘Information wants to be free’; the profit motive created by the commercial imperatives of corporate investors in technology development; and the potential for technological development to make our societies safer and our citizens more secure.
Few technological developments start from the expressed desire to ‘enhance privacy’. That being the case, we can hardly be surprised that technological developments often seem to trade privacy for convenience, for profit, for uncensored, unregulated speech, or for efficiency in law enforcement. Too often, privacy is considered at the end of the process, when debate starts about how technology will be used.
Thirty or forty years ago, computer programmers talked about ‘programming on the bare metal’ - programming right onto the components of those early computers, etching desired behaviour indelibly onto the machine. Putting something into the ground level of technology shapes everything built on top of it. In the case of those early computers, writing on the metal dictated how the machine treated the paper punch cards or the tapes used for ‘software’ – and indeed, what kind of ‘software’ could be used at all.
When it comes to new technology and privacy – or indeed, new technology and any of our societies values – we need to make sure that those values are considered at the beginning, not the end, of the development process. We need to write our values, not onto paper, but onto the metal.
Technology can invade privacy – but it can also protect it.
The development of CCTV, and its increasing ubiquity and sophistication, means that in many public spaces visual surveillance will be universal. In some, it already is. Similar developments in electronic monitoring means that in many environments, covert audio and data surveillance may also become universal.
At the same time, technological developments have made it possible to imagine a time when all these mechanisms of surveillance will be monitored, not by human eyes, but by computer programs. Rather than viewed or recorded, data could be instantly overwritten if it did not match the right criteria – and those criteria would be determined by policy decisions, by social values rather than by technological default. These decisions must be made deliberately.
Convenience, profit, public safety, efficiency in the delivery of public and private services, have all at one time or another been the drivers in the development and use of digital technology. If we want other values – such as privacy – to be ‘programmed on the bare metal’ of technological development, we will need new and innovative ways of doing so, ways other than legislative fiat or paternalistic scolding.
A starting point must be to build a consensus on what is at stake. Digital natives do have a concept of privacy, and a firm opinion of their right to it, and it will be important for digital natives to make their views on privacy and technology clear in the process. Corporate actors see a commercial advantage in the relentless accumulation and promiscuous use of customer data – but the dangers to the success of their business if customers decide that they are being expected to surrender too much privacy in exchange for convenience are perhaps less clearly seen. And government departments and agencies find efficiencies in data matching but may not observe the inefficiencies in provoking resistance to data collection and the use of government services.
Government must engage with issues of privacy and technology. Otherwise, privacy will be a low priority for organisations and agencies developing technology for commercial, law-enforcement and other reasons. And once technology is rolled out, efforts to impose privacy protection can too often only take the form of attempting to control or prohibit certain uses of technology – uses that through their ease and effectiveness provide tempting incentives to ignore laws that may themselves be difficult to enforce.
Ultimately, it will be those values strongly held and widely shared which will be built into the ground level of technological development – hardwired into the hardware. And this is not only a matter for Government, but for the community, and for experts such as yourselves.
As the Government considers the ALRC recommendations, the challenges of new technology are just one of the subjects we will need to grapple with. I am sure that the rest of this conference will bring to light new perspectives on all of the aspects of privacy law reform, complex and varied as they are. We look forward to hearing from you, both at this conference and through the consultation process on the ALRC recommendations ahead, as we work to bring Australia’s privacy law into the 21st century and make it part of a consistent approach to the integrity of information management and handling across the public and private sectors.
This will take some time, but we are determined to get it right, because when it's written on the metal, it will determine the parameters of privacy well into the 21st century.
| Media Contact: | Website: |
|---|---|
| Media Adviser - Colin Campbell - 0407 787 181 | www.cabinetsecretary.gov.au www.smos.gov.au |