Privacy Amendment (Privacy Alerts) Bill 2014 Bills

I also rise to make some brief remarks about this private member’s bill put forward by Senator Singh. I would like to start by acknowledging that the whole issue of information, whether it be private information, information about companies, how we collect and how we store that information and, most importantly, how we secure that information, is quite important. It is of immense value to individuals, it is of immense value to companies and it is of immense value to countries. You only have to look at some of the things that have been occurring around the world recently, such as data retention and data security, to see why it is so valuable.

On the international stage, in May this year, we saw an indictment by a US grand jury that has caused new tensions between Beijing and Washington around accusations that there were PLA personnel who had stolen some billions of dollars worth of corporate secrets from America as well as some 700,000 pages of personal emails and other classified or private information from the US. Eric Holder, a US Attorney-General, made some quite pointed remarks about the nature of this kind of espionage, this kind of theft of information. What it points out and really highlights is that, regardless of whether the information is private, commercial or of national interest, the ability to collect and store, and the controlled release of that information, is really quite important.

The same discussion around that US case with the indictment looked at things in Australia where we have overseas companies seeking to acquire Australian resource companies. There is quite a deal of discussion about the impact of either the deliberate seeking-out of that data through hacking, or inadvertent leaks, or breaches of data privacy, as it affects the commercial transactions and as it affects people’s ability to influence commercial outcomes through knowing personal data.

We saw also in Australia, in May this year, that the Australian Privacy Commissioner is investigating the superannuation company, Cbus, for a second time, about the leak of workers’ personal details. In that case a senior employee of Cbus leaked personal information of around 300 employees of a company that was subject to a construction union industrial campaign. That employee happened also to be the honorary president of the Queensland branch of the CFMEU. What the Cbus files revealed was that the internal inquiry found that this person had inappropriately sent personal details of more than 300 workers to a third party without consent. The company has subsequently said that he has to undergo some remedial training. But the issue here is that the workers were employed by a company, Lis-Con, and the allegation is that they wanted that information to help and industrial campaign against the company. What we see is that this issue around data privacy is important.

Senator Bilyk:
So, you’re supporting it?

I am. I will take that interjection, because the government is saying that, in principle, we support the concept of better data protection. But it comes as a whole package of understanding why it is important at the national level, the commercial level and the private level. There is no point in trying to bring through legislation that is not well thought through for the simple reason that it touches so many areas of Australia’s national life, national interest and the interests of individuals.

In relation to the last case I was talking about I am sure that the current Royal Commission into union corruption will be investigating this whole area to look at how these kinds of data breaches, breaches of peoples’ private information, have been used to try to influence commercial outcomes or, in fact, industrial relations outcomes in Australia. In relation to that particular Cbus case, the two people, who still hold their jobs at the fund, admitted providing the detailed information to union officials and delegates upon request until amendments were made to privacy legislation. So, that does highlight the importance of having appropriate legislation because it does constrain the behaviours of individuals. But what we also see is that there are some people who will seek to extract it; there are some processes that are poor enough that it is leaked inadvertently; and you will always still find, unfortunately, those people who are prepared, for their own personal gain or the gain of an organisation that they are a member of, to breach the requirements of legislation—or, in fact, the rules of their own company—to leak information. So I think it is beyond doubt that it is important, and it is important that we have appropriate legislation.

Now that legislation is certainly not without dispute. We have seen a great deal of discussion on the international stage around this whole area of what data can be collected, how it should be protected, how long it should be retained and what should happen if it is released. Edward Snowden has been a lightning rod for this debate over the last 12 months, with people arguing that citizens of a country are just that: they are citizens and not suspects. This is balanced, however, with the legitimate need that security agencies have to understand what is happening. So we have seen in the EU, for example, the data retention initiative—where metadata could be held for up to two years, versus the original six months for the purpose of billing—struck down in April by the EU Court of Justice because people were trying to find this balance.

Yet, as we look at the news headlines today where we see people holding Australian nationality being involved with ISIS in both Syria and Iraq, we recognise the importance of having appropriate data collected and held by national agencies in the national interest. The last thing we wish to see is people like that free to go and be indoctrinated in that kind of training in those kinds of activities and then be able to come back to Australia and bring that kind of mindset and that kind of world view that sees that kind of violence as being acceptable into our society without our security agencies being aware of them.

For that reason, one of the things that I do support in the bill that Senator Singh has brought forward is the fact that there will be exemptions. Chapter 33 in the Privacy Act talks about some of the exemptions that already exist. There are a number of ways that entities can be exempt, either completely or partially, from the Privacy Act. Under the existing law they can be completely exempt from the information privacy principles. Broadly speaking, while those apply to all agencies, chapters 34 to 38 go more particularly to discuss the agencies that are partially or completely exempt from the Privacy Act: namely Defence, the intelligence agencies, federal courts and tribunals and specified agencies that are exempt under the Freedom of Information Act and certain agencies with law enforcement functions and others.

This is a really important area that we understand because the private member’s bill that has come forward here talks about the exemptions, but some of the definitions in the bill have been queried by people who put in submissions to last year’s inquiry. As we look at the debate that has been kicked off in the US and the EU and other parts of the world, the definitions become important in Australia around: what data it is appropriate to hold; whom is it appropriate to collect that data on; under what conditions it should be retained; and for how long should it be retained. Definitions in those kinds of arguments are really important.

While we go to definitions, I have just a brief comment on the headlines today. As we define these people who are fighting with ISIS in Syria and in Egypt, I actually deplore the use of the title ‘Aussie jihadists’. ‘Aussie’ is a term of ownership and of pride that we use for our sportsmen, for our diggers: for people of whom we say, ‘These are Australians we are proud of.’ We give them that name. If these people happen to have Australian citizenship, that is fine, you can call them an Australian citizen. But I would encourage people in the media not to use the title ‘Aussie’ for someone who is betraying in such a blatant way the values and standards that this nation stands for—the values and standards that our soldiers have served and fought to protect; the values and standards that our civil society works so hard to preserve and to encourage and to nurture into our young people. Those are the people we call Aussies, not those who betray them. By all means, technically, acknowledge the fact that they may hold Australian citizenship, but do not give them that term of ownership and support.

I come to the report that was done last year when the then Labor government tried to put this bill through. The coalition minority report highlighted that, while in principle we support the notion of having better disclosure where there has been a breach of data because, as I have just outlined, it is important and it affects a whole range of areas, definitions are important and it is not something that we should just be rushing through. The Cyberspace Law and Policy Centre of the University of New South Wales highlighted in their submission that they had only had around 10 working hours in which to collaborate on, draft and finalise a submission. Now, unfortunately, that was not an uncommon occurrence for the previous government. There were a number of pieces of legislation which were rushed through without time to get adequate input, and people question why unintended consequences occur from legislation. It is because things are dreamt up and pushed through without time for the community, for stakeholders and for the Senate—particularly the committee system—to do an adequate review so as to understand where those unintended consequences can be. That is where we see bad outcomes.

One that is very applicable to South Australia, my home state, is the bill around better access to the Woomera range area for mining, something that both sides of politics support. But the concern that the coalition raised last year when we were in opposition was the fact that, although Dr Hawke did a thorough job of doing the review and it covered a range of areas, it was a couple of years before it ended up in legislation. The stakeholders around that are involved with the world’s premier test range, one of the world’s premier mining resources which is hugely significant for South Australia’s economy, our national defence and, in fact, even on a global scale for our allies with the allied defence capability for weapons testing and evaluation, and the stakeholders were given less than a week—only five working days to consider that information and to provide feedback to the then government.

We have since reintroduced a bill and we are working through that now so that we give access, but it has allowed a larger range of stakeholders to provide more detailed input so that we can get the arrangements right so that not only will Defence still be able to maintain and use that range as a premier test range in the national interests of the country but industry can have the certainty they need to make the significant investments that they have to make to do both the exploration and development of mining leases, knowing what the terms mean. Again, it came back in part to some of the definitional items in that Woomera bill. It said that Defence could basically override the agreement if there was a national defence requirement. But there was no definition as to what that meant. Did that mean there was an operational difficulty in a place like Afghanistan? Did it mean that there were hordes swarming over Australia’s beaches? What did it mean? There was not that definition in the legislation to give people the assurance.

Likewise here, our concern is replicated by people like the Australian Privacy Foundation, who said:

… the seriously negative impact on the democratic process that is inherent in the provision by the Parliament of only 1-1/2 working days, during which civil society organisations are expected to discuss, draft and finalise a Submission to your Committee.

I come back to the importance of giving adequate time for consultation and the importance of civil society around the parliament to have input into discussions such as these go to the important issues of data, privacy, who can hold it, how long they can hold it, what happens if it is released, how people are affected, how reparation should be made and how people should be given an opportunity to correct that. Those are important issues. In fact, last night at a dinner, in discussing the relationship between the US and Australia and speaking with the Libyan ambassador, one of the things he highlighted was around the fact that they are trying to regrow a national government. During the years of Gaddafi, the civil society—who are the people who are able to hold government to account in terms of providing an alternative voice and considered opinions on policy areas—had been essentially shut down and excluded. One of the challenges they have in that country now is re-establishing a strong voice for civil society to work alongside government, quite apart from the security issues they are having, so that they get that balanced view. And yet here we are in Australia, where we have a strong civil society and the process that was put into this bill meant that we only gave those people a day or perhaps a day and a half to get the information, read it, talk about it and give a response back to the Senate.

If Australia wants to maintain its premier place in the world as a leading nation of stable government and well-considered legislation that does not unduly disadvantage people, then we do need to make sure that stakeholders—whether they be government agencies, interest groups or civil society groups—have adequate opportunity to receive the information, consider, debate and formulate a balanced view in order to reflect back to the work of this Senate through its committee system so that we can make sure that legislation that goes forward does not have unintended consequences.

The coalition senators in the minority report noted the concern that was coming forward from a number of submitters saying that there was not enough definition around terms, such as ‘serious breach’ or ‘serious harm’. It goes directly to the point that if you do not have the definitions correct you start getting interpretations or consequences that were never intended by the drafters of the bill. That is why the coalition supports, in principle, the need for better privacy arrangements around data; but they have to be thought through. They have to be looked at with a balance of national interest, intelligence and security agencies, who is exempted, why they are exempted and under what conditions. There is the whole argument that the Snowden case has brought up around citizen or suspect and the commercial imperatives. We see issues with companies like Cbus releasing information for industrial campaigns. To look at all of these things—the implications, who is guilty when, what is an extenuating circumstance, how does the law apply—a day and a half is not adequate for that.

While I commend Senator Singh for her desire to bring this forward and keep it on the agenda, the way to do it is not to bring it in like this without consulting, advising the government, asking why we actually can take an opportunity to reinstitute consultation with civil society—

Senator Singh:
There was consultation over five years!

Senator Singh is interrupting yet again, but I come back to the point that if it has taken that long—and I will take that interjection—over five years, why was only a day and a half given to the stakeholders, to civil society, to have their input?

Senator Singh:
They’ve been consulted for years and years!

Senator Singh—through you, Mr Acting Deputy President—the problem is, with things that are worked up through initial consultation, and we saw this again with the Hawke review and Woomera, the work that is done only comes to a head when it takes form in legislation. And it is the wording in the legislation which is the culmination of all the stakeholder inputs that needs the opportunity for review. The bare facts are discussed, but it is the form of the legislation, and particularly regulations that flow from it, that need the review. That is the objection of the coalition to this bill. We support it in principle but there needs to be more considered input from the stakeholders, particularly civil society, before we would support moving forward with it.