[Previous] [Next] [Up] [Title]

2. Australia's international privacy obligations

Before examining these more recent developments, there are two existing international sources of general privacy obligations that affect Australia and some other countries of the Asia-Pacific: the OECD Guidelines and the ICCPR. The main other international agreement is the Council of Europe privacy Convention.

2.1. The OECD privacy Guidelines

The Organisation for Economic Cooperation and Development's Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (OECD, Paris, 1981) are a Recommendation by the Council of the OECD[2], adopted in 1980. Recommendations of the Council are not legally binding on member States, whereas Decisions are.

The Guidelines attempt to balance the protection of privacy and individual liberties and the advancement of free flows of personal data through eight privacy principles which, if observed, are supposed to guarantee a free flow of personal information from other OECD countries.

The core of the Guidelines are the eight `Basic Principles of National Application' in Part Two (Principles 7 to 14). These are principles concerning Collection Limitation, Data Quality, Purpose Specification, Use Limitation, Security Safeguards, Openness, Individual Participation and Accountability. They are supplemented by definitions in Guideline 1, and by Guideline 19 concerning the means of enforcement of the Guidelines to be adopted in national legislation.

All 25 member countries of the OECD have adopted the Guidelines[3] but, outside Europe, only New Zealand and Québec (Canada) have implemented them in full by legislation covering both the public and private sectors.

Australia announced its intention to adhere to the OECD Guidelines in 1984. The 11 Information Privacy Principles in the Privacy Act 1988 (Cth) are intended to implement the OECD's 8 Principles insofar as personal information held by Commonwealth public sector agencies are concerned. The various methods of enforcement of the Principles provided in the Act implement Guideline 19. State and Territory Freedom of Information Acts implement the Individual Participation Guideline in relation to State and Territory public sectors, but not the other Guidelines. Insofar as the private sector is concerned, it would be difficult to argue that the Guidelines have been implemented in any sector except that relating to credit reporting (Privacy Act 1988, Pt IIIA (Cth)).

2.2. The Council of Europe privacy Convention

The Council of Europe's Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data (Convention No 108) has been in force since 1985, and by 1994 had been signed by 19 European countries and ratified by 14. Unlike the OECD Guidelines, the Convention is a binding instrument in international law. Breaches of the Convention are dealt with at the diplomatic level by the Council of Ministers. The Convention contains eight Articles which constitute `Basic Principles for Data Protection', and are in many respects similar to those of the OECD Guidelines.

Article 23 of the Convention allows the Committee of Ministers of the Council of Europe to allow States which are not members of the Council of Europe to accede to the Convention, provided that all of the Contracting States entitled to sit on the Committee agree. It is therefore possible in theory for Asia-Pacific countries to become a party to the Convention, but as yet no non-member of the Council of Europe has done so.

2.3. The ICCPR, A17

Various Asia-Pacific countries[4] are parties to the International Covenant on Civil and Political Rights (ICCPR), Article 17 of which provides: `1. No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour or reputation.; 2. Everyone has the right to protection of the law against such interference or attacks'.

Some ratifications are qualified in respect of A17, such as by Australia's declaration that A17 was accepted without prejudice to `the right to enact and administer laws which, insofar as they authorise action which infringes on a person's privacy, family, home or correspondence, are necessary in a democratic society in the interests of national security, public safety, the economic well-being of the country, the protection of public health or morals, or the protection of the rights and freedoms of others'.

Article 8 of the European Convention on Human Rights (1950) is in very similar terms, and considerable case law by the European Court of Human Rights has elaborated its meaning. The ICCPR is therefore very different from the OECD Guidelines or the European Convention, as it contains only a very general statement of privacy as a right.

A few Asia-Pacific countries[5] have also acceded to the First Optional Protocol to the ICCPR, thereby agreeing to individuals taking complaints (`communications') that they have breached a provision of the ICCPR to the United Nations Human Rights Committee. The Human Rights Committee is made up of 18 experts from different countries, elected for four year terms by countries that are ICCPR parties. For example, in Toonen v Australia[6] the Committee held that Australia was in breach of A17 because of legislation in an Australian State (Tasmania) which criminalised homosexual conduct in private. The Australian Commonwealth government then legislated to nullify the effect of the Tasmanian legislation (Human Rights (Sexual Conduct) Act 1994 7).

2.4. Sectoral and specific agreements

In addition to these general agreements, there are a number of important more specific international agreements, including OECD Guidelines on Security of Information Systems[8], and a proposed EU Directive on telecommunications privacy[9]. The Council of Europe has also issued numerous influential sectoral recommendations.

[2] An inter-governmental organisation, the members of which comprise the European Union countries, Switzerland, Turkey, the former Yugoslav states, Canada, the United States, New Zealand, Australia and Japan

[3] Tucker, G `Present situation and trends in privacy protection in the OECD area', Committee for Information, Computer and Communications Policy, OECD, Paris, 1988

[4] Including Australia, Canada, Chile, Democratic People's Republic of Korea, Fiji, Japan, New Zealand, Philippines, Republic of Korea, USA, Vietnam: Status of International Instruments, Chart of Ratifications as at 31 July 1992, United Nations, New York 1992

[5] Including Australia, Canada, Chile, New Zealand, Philippines, Republic of Korea: ibid

[6] UN Human Rights Committee, Views on Communication No. 488/1992, adopted 31 March 1994 - see 1 Privacy Law & Policy Reporter 50

7 Greenleaf, G 'Human Rights (Sexual Conduct) Bill 1994', (1994) 1 PLPR 121

[8] see Kirby, M `The OECD Guidelines for the Security of Information Systems' [1993] Computer Law and Security Report, 190-193

[9] Tucker, G 'Proposed European telecommunications Directive' (1994) 1 PLPR 123

[Previous] [Next] [Up] [Title]