the Irish for rights

Privacy, Oz-style

ALRC logo, via the Austlii website.If the unlamented Privacy Bill, 2006 were to make an unwelcome return from limbo, the Oireachtas could do worse than to revise it in the light of a recent Australian example.

First, the balanced and detailed Privacy Act, 1998 (Cth) (as amended and consolidated) is an excellent starting point for any legislative development of Irish privacy law. The range and detail of its coverage, and its focus on protecting against invasions of privacy across the board, and not merely by media, make it a far more compelling protection of privacy than the flawed Irish Bill.

Second, that Act created a strong and independent Office of the Privacy Commissioner for Australia, similar to the Office of the Privacy Commissioner of Canada (see also Michael Geists‘s privacyinfo.ca site); and an important lesson which these offices teach us is that it the proper protection of privacy in modern society requires just such an office. The Office of the Data Protection Commissioner is a good starting point, but its remit is far less extensive than its Australian and Canadian cousins.

And third, the Australian Law Reform Commission has just completed a two-year assessment of the operation of the Act. Its report For Your Information: Australian Privacy Law and Practice (ALRC 108), was launched last week by the Attorney General. The three-volume, 2700 page report is the culmination of a prodigious research and consultation exercise: an Issues Paper in late 2006 led to the formal commencement of the review in January 2007 and Discussion Paper later that year (noted here by TJ). Though there are gaps in its analysis, the final report recommends nearly 300 changes to privacy laws and practices, including:

  • a basic restructuring of the Act, focused on high-level principles of general application, to be supplemented by dedicated regulations governing specific fields, such as health privacy and credit reporting;
  • a uniform set of Privacy Principles, developed in the report, to be embodied in the Act, and to apply to all government agencies and the private sector;
  • a rationalisation of exemptions and exceptions from the Act, which only should be permitted where there is a compelling reason;
  • a duty on government agencies and business organisations to notify individuals – and the Privacy Commissioner – where there is a real risk of serious harm occurring as a result of a data breach (a matter much in the news nowadays, as this week’s story of the theft of a Department of Social Welfare laptop shows; update: on which see the Leader in today’s Irish Times, written by Karlin); and
  • a cause of action for a serious invasion of privacy, in circumstances where the person had a reasonable expectation of privacy and where the publication was grossly offensive. The ALRC’s recommended formulation sets a high bar for plaintiffs, having due regard to the importance of freedom of expression and other rights and interests.

It is unlikely that this report will be left to gather dust, as so many of its predecessors the world over have been, as the Australian Government has undertaken to review the ALRC’s recommendations in two phases over the next 12 to 18 months, and to legislate on each of these as necessary. The Irish Bill really only covers this last point (as difficult a line to draw, and as contentious, controversial, and overstated a proposal, in Australia as it is in Ireland), and then in a far less balanced fashion. If we are to have a Privacy Act in Ireland, then why can we not follow the Australian example? By all means, then, let there be an Irish Privacy Act; but let it be balanced, let it be the result of a proper consultation process, and let there be a Privacy Commissioner with teeth. Is this too much to ask?

One Response to “Privacy, Oz-style”

  1. […] links: I’ve already mentioned the most recent privacy recommendations of the Australian Law Reform Commission on this blog; at […]

Leave a Reply



Me in a hatHi there! Thanks for dropping by. I'm Eoin O'Dell, and this is my blog: Cearta.ie - the Irish for rights.

"Cearta" really is the Irish word for rights, so the title provides a good sense of the scope of this blog.

In general, I write here about private law, free speech, and cyber law; and, in particular, I write about Irish law and education policy.

Academic links


  • RSS Feed
  • RSS Feed
  • Subscribe via Email
  • Twitter
  • LinkedIn

Archives by month

Categories by topic

My recent tweets

Blogroll (or, really, a non-blogroll)

What I'd like for here is a simple widget that takes the list of feeds from my existing RSS reader and displays it here as a blogroll. Nothing fancy. I'd love a recommendation, if you have one.

I had built a blogroll here on my Google Reader RSS subscriptions. Google Reader produced a line of html for each RSS subscription category, each of which I pasted here. So I had a list of my subscriptions as my blogroll, organised by category, which updated whenever I edited Google Reader. Easy peasy. However, with the sad and unnecessary demise of that product, so also went this blogroll. Please take a moment to mourn Google Reader. If there's an RSS reader which provides a line of html for the list of subscriptions, or for each RSS subscription category as Google Reader did, I'd happily use that. So, as I've already begged, I'd love a recommendation, if you have one.

Meanwhile, please bear with me until I find a new RSS+Blogroll solution




Creative Commons License

This blog is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. I am happy for you to reuse and adapt my content, provided that you attribute it to me, and do not use it commercially. Thanks. Eoin

Credit where it’s due

The image in the banner above is a detail from a photograph of the front of Trinity College Dublin night taken by Melanie May.

Others whose technical advice and help have proven invaluable in keeping this show on the road include Dermot Frost, Karlin Lillington, Daithí Mac Síthigh, and Antoin Ó Lachtnáin.

Thanks to Blacknight for hosting.