AustLII [Home] [Help] [Databases] [World Law] [Feedback] PLPR Home Page

Privacy Law and Policy Reporter

[Global Search] [PLPR Search] [PLPR Homepage] [Contents] [Help]

Private parts

Compiled by Graham Greenleaf

Senate Committee reports

The Australian Senate Legal and Constitutional Legislation Committee has delivered its report on exemptions to the Privacy Amendment (Private Sector) Bill 2000, tabled on 10 October 2000. The Committee, by a majority of Government members, recommended one change to the Bill: a sunset clause in relation to the exemption for employee records. A dissenting report by the two Labor senators on the Committee stated that the Bill ‘ought to be withdrawn and a better Bill introduced’, but their specific recommendations were limited to a list of relatively minor changes to the existing exemptions. The Democrat member of the Committee, Senator Stott Despoja, was alone in opposing the ‘blanket’ nature of many of the exemptions (see 7(1) PLPR 1).

Circumventing censorship

There are now two new exemptions to the anti-circumvention provisions of the US Digital Millennium Copyright Act (DMCA). The Librarian of Congress has exercised the rule-making power under the Act to exempt from the prohibition on circumvention of technological measures that control access to copyrighted works two classes of works (see <>). Works comprising lists of websites blocked by filtering software applications can be ‘cracked’ so as to allow criticism of what is being censored. Access control mechanisms that fail to permit access to works such as programs and databases because they are broken can also be circumvented. The DMCA also contains explicit provisions limiting the operation of the anti-circumvention and RMI protection provisions where they would infringe privacy.

Australia’s new Copyright Amendment (Digital Agenda) Act 2000, which will come into force in early 2001, does not deal with such issues explicitly, and there may be some interesting conflicts ahead between this law and the new privacy legislation.

New cookie recipes

The Internet Engineering Task Force (IETF) has posted at <http://www.> two new Requests For Comments (RFCs) addressing privacy issues surrounding the use of cookies.

EPIC Alert (Issue 2.19) summarises the RFCs:

RFC 2965 (‘HTTP State Management Mechanism’) is a proposed standard replacing RFC 2109, one of the first cookie documentations. The updated RFC pays particular attention to the privacy standards for cookie use. The document states that ‘Informed consent should guide the design of systems that use cookies’. In the protocol, both the server setting the cookie and the web browser should incorporate an informed consent standard.

RFC 2964 (‘Use of HTTP State Management’) discusses Best Current Practices for the use of cookies. While pointing out the positive purposes for cookies, the document also recommends that cookies should be used only with the user’s awareness, the user’s ability to delete cookies, and assurances that information collected through tracking is not passed onto third parties without explicit consent.

EPIC is somewhat critical of the RFCs for overemphasising informed consent (valuable though this is) and for not requiring compliance with all aspects of standard sets of Information Privacy Principles (such as use and disclosure limits). This highlights an important issue: when will standards and other instruments of internet governance start to embody privacy principles in full? Cookies made to these new recipes may still be bad for you.

[Global Search] [PLPR Search] [PLPR Homepage] [Contents] [Help]