University of New South Wales
- Faculty of Law - LAWS
Data Surveillance & Information Privacy Law
Research Essay Topics - 2001
Graham Greenleaf , Nigel Waters and Chris Connolly, revised10April
See the Objectives and Assessment Statement for the formal
requirements for the mid-session Research Essay.
The due date is Thursday 7 June at 4pm (Wk 14). You may,
however, submit the essay at any time from Thursday 3 May, and we will
attempt to mark and return it within 2 weeks (so that you can finish some
assessment early if you wish).
If you wish to write on one of the suggested essay topics, you do
not need to have the topic approved by the class teachers (except for Topic
1, where your proposed case study needs prior approval). See the list of
suggested topics below. If you have written an essay on a similar topic
for another subject, you do need prior approval.
If you wish to write on any other essay topic of your own choice,
you must obtain approval in advance. Please email <firstname.lastname@example.org>
with a suggested topic, and we will approve it (or not) or suggest amendments.
Length: The maximum word length for the research essay is 3500
words, excluding citations and bibliography, but including any discursive
Citation of Internet resources: Where resources on the world-wide-web
have been relied on, it is sufficient to cite them in the following form
(assuming the page referred to is dated): 'Smith, J 'A list of privacy-protective
technologies', 30 June 2000 <http://privacyhelper.com.au/smith/technologies.html>
(visited 1 May 2001)'. However, if the site on which the document is contained
has a name, it is good practice to give the name of the site, and perhaps
a sub-part of the site: 'Smith, J 'A list of privacy-protective technologies',
'Smith's Technology Column', 30 June 2000 on PrivacyHelper Web
(visited 1 May 2001)'.
Form of submission: Essays must be handed in, in print form, at
the Level 10 desk, so that a receipt may be obtained as is normally the
case with essays. Essays may not be submitted as e-mail attachments, and
if so submitted will be ignored. If a student will be overseas at the time
of submission, then an exemption from this requirement may be requested
If a student wishes to provide a copy of the essay in hypertext form on
the world-wide-web, so as to assist the teachers to link to URLs in footnotes
and bibliography if the teachers wish to check any of them, then the URL
where the essay is located may be indicated on the front page of the essay.
The print copy is the copy which will be assessed, and the hypertext version
(if any) may or may not be referred to. (This is not a course on course
on creating web resources, so no extra credit can be or is given for attractive
or inventive web presentations. Do not waste time doing this.)
Suggested essay topics ...
Topic 1 - You need approval for your proposed case study if you choose
1 Case study of surveillance practices and impact
of privacy law
The organisational scope of your case study may be: (i) a specific business;
(ii) a specific government agency; or (iii) a class of businesses or agencies
(an 'industry sector'). The organisation(s) concerned must be principally
organisations located in Australia.
Your case study must include the following elements:
(i) A brief (1,000 word maximum) description of the main practices
of the organisation(s) concerning personal information, including an analysis
of the types of surveillance techniques that these practices comprise.
(ii) A brief description (500 words maximum) of any laws that
require, authorise or facilitate these practices ('data surveillance laws').
(iii) An analysis of the impact of Australian privacy laws (whether
or not they are yet in force) on the organisation(s) concerned, which should
mention (but is not limited to) the following:
(iv) A brief (500 word maximum) assessment of how effective these privacy
laws are (or are likely to be) in finding an appropriate balance between
the interests of the individuals concerned, the organisation(s), and the
Changes to existing practices which will be required, and their significance.
Legislative provisions important to the organisation(s) where the correct
interpretation is contentious, and your arguments in relation to the correct
Any exemptions from compliance that are relevant.
How collection practices will be justified.
How any external disclosures practices and secondary use practices will
If the organisation you propose might come within an exemption
from a privacy law (eg the 'small business operator' exemption), you must
not only analyse whether it will come within the exemption, but also the
implications of whether it will or it will not.
Procedure: Send an email giving a brief description of the organisational
scope of your proposed case study to <email@example.com>, and
we will approve it or discuss it with you.
Do not write a case study
without obtaining prior approval.
Topics 2-4 - These topics may be chosen with no further approval
2 Direct marketing
Analyse the extent to which the Privacy Act 1988 regulates direct
marketing practices in the private sector, including marketing by mail,
telephone and Internet. Include in your answer an assessment of whether
the legislation is sufficient and effective to protect the interests of
the individuals concerned, and of the businesses concerned, and make recommendations
as to how the law should be changed (if at all) in light of your analysis.
You should take into account that the Australian Direct Marketing Association
(ADMA) is likely to seek approval of an industry code of conduct under
the Privacy Act, and should refer where applicable to the existing
voluntary ADMA Code Include in your essay consideration of the small business
exemption as it relates to direct marketing.
3 Data matching
Write a critical analysis of the extent to which legislation an d guidelines
applying to public sector agencies in the Commonwealth and in New South
Wales controls the practice of 'data matching'. Include in your answer
an assessment of whether this regulation is sufficient and effective to
protect the interests of the individuals concerned, and the public interest,
and make recommendations as to how the law should be changed (if at all)
in light of your analysis.
4 Internet privacy
How will the Privacy (Private Sector) Amendment Act 2000, when it is fully
in force, affect the operation of web sites on the Internet? You should
cover both (i) The operators of commercial web sites based in Australia,
in relation to both their Australian customers and their overseas customers;
and (ii) The operators of overseas web sites who have customers in Australia.
In your answer you should consider the position of web sites that
make use of such information concerning visitors to their sites as IP addresses,
email addresses, information obtained using cookies, and information obtained
from third parties. Include a brief assessment (less than 1000 words) of
any changes that are needed to the Australian legislation in order to ensure
appropriate privacy protection to Australian users of the Internet
If you want to suggest your own essay topic ...
Here is a short list of other subject areas from which topics could be
developed for approval . These are not approved topics, merely starting
points for you to develop your own topic and obtain approval. The class
teachers are willing to help develop an essay topic in one of these areas
if a student is particularly interested in writing on the topic. The approved
essay topic would then be advertised on the class list, and would also
be available to other students.
These are only intended to be a few examples of what may be suitable essay
topics if further work is done to make them somewhat more precise.
The relationship between technological protection of privacy and legal
protection. Review the development of so called privacy enhancing technologies
(PETs) and the institutional mechanisms that have been devised to make
them available and usable. Discuss how well these tools meet the requirements
of privacy laws, and in what ways they may offer better protection than
The pros and cons of codes of conduct under Australian privacy legislation.
What are the different characteristics of the various types of codes of
conduct or practice? Do they complement privacy laws; strengthen or weaken
`default' statutory requirements; or potentially offer additional protection?
What are the advantages and disadvantages of codes (a) to data users (organizations),
and (b) to data subjects (individuals)?
The operation of data export provisions in Australian law.
A comparative analysis of law enforcement exemptions in Australian privacy
laws. What pattern (if any) do these exemptions reveal about the acceptance
of intrusion into privacy when justified for law enforcement? Analyse the
safeguards that apply to these exemptions, referring to published statistics
on law enforcement activity, and discuss how effective these safeguards
A comparison of Australian laws on workplace surveillance.
Controls on the use of criminal record information.
An analysis and categorisation of Australian 'data surveillance laws' -
laws that require, authorise or facilitate particular techniques of data
The notion of 'panopticism' and its relevance to understanding data surveillance
and data protection.
An analysis of Australian privacy laws from the perspective of Rule's 'efficiency
'Missing privacy principles' - An analysis of where privacy principles
in Australian legislation fall short of the principles contained in international
privacy agreements and other national legislation.