March 10, 1998


by Andy Oram
American Reporter Correspondent

CAMBRIDGE, MASS.—Why has Australia made so much more progress than the United States toward protecting computerized personal data? The two countries have similar legal and cultural traditions, including a distrust of government. Like the US, Australia has considered and rejected the idea of a universal ID card.

Both idealize individualism—a trait that could cut both ways, since people take their privacy very seriously but don’t like to regulate private-sector activities (and regulating privacy would require some serious oversight of business practices).

But Australia already has a law covering the government’s collection and use of personal information; civil liberties activists are fairly confident that they can soon get laws passed to cover private corporations too. In contrast, the United States Congress lacks a single bill addressing general issues in privacy, although a few existing and proposed laws cover isolated types of data.

Perhaps the difference is that privacy advocates are better organized in Australia. Chris Connolly, coordinator of the recently-formed Campaign for Fair Privacy Laws, says “There has been a loosely organized privacy lobby in Australia for over twenty years—now more organized and focused through this campaign for legislation.” The threat of a national ID card in 1987 generated “the biggest public protests since the Vietnam War.”

The activists’ attitude toward voluntary privacy codes gives a sense of their determination. In both Australia and North America, businesses have held off government regulation of privacy by touting “codes of conduct” or “self-regulation.” They promise to institute their own policies, publish them so that customers can opt out of sharing data, and honor the principles with every transaction.

“Giving businesses a chance” sounds reasonable to most Americans. It has been countered by hard statistics and hard lobbying by the Electronic Privacy Information Center, but few other organizations have matched its militancy.

The Federal Trade Commission, while finding worrisome violations of privacy in data collected on corporate Web sites during an investigation last summer, came out ultimately for self-regulation. The Canadian government, like the Australian government, has passed laws restricting government activities but left the private sector to develop its own policies until now. A Canadian government-sponsored report recently proposed laws for businesses, but still treats industry codes of conduct as an important part of the solution.

Business and government have taken the same tack in Australia, but privacy advocates are hewing to an unusually hard line. In an invitation to join the Campaign for Fair Privacy Laws, several groups call for a boycott of an effort by Prime Minister John Howard’s office to develop voluntary privacy codes. The groups state that such an effort distracts people from the need for legislation, which is the only true way to guarantee privacy.

They also point out that such efforts are a drain on the time and resources of public interest groups, that the results would not be enforceable, that “consumer and privacy organizations would have no bargaining power in the development of the content of a voluntary code,” and that “a voluntary code would give consumers a false expectation of privacy protection.”

This is a bold move showing considerable optimism among the organizers of the campaign, which include Electronic Frontiers Australia, The Policy Network, and the Australian Privacy Foundation. Roger Clarke, a leading Australian privacy expert who has examined and proposed data protection laws for the past 20 years, states the public increasingly feels that “purely self-regulatory schemes have been given their opportunity, and have failed to deliver.” Connolly says, “Just as Canada changed from supporting a voluntary code to supporting legislation, so will Australia.”

Yet, as in the U.S., substantial resistance remains. The conservative, pro-business Liberal-National Party coalition that is currently in power has played with privacy laws but pulled back from introducing them. In March 1997 Howard announced that laws would not be passed, stating that costs to business would be too high. An article by Clarke states, however, that if laws are planned and implemented properly, “no clear demonstration has ever been provided that privacy regulation results in major costs to large or small business.”

Nigel Waters, a privacy advocate and former Deputy Federal Privacy Commissioner, offers other plausible reasons for squelching legislation. First, the government could not fulfill its election promise to reduce other types of “red tape” affecting businesses. Second, banks are finding it increasingly useful to buy and sell customer data. Finally, many businesses keep secret evaluations of customers (such as “ignore this chronic complainer”) that they would be embarrassed to reveal.

While the Prime Minister asked the individual states not to pass their own laws regarding privacy, Connolly reports that the two largest states—Victoria and New South Wales—are in the process of doing so. Clarke believes that national legislation is inevitable. He says that the ruling parties simply think “they can hold off the inevitable beyond their personal horizons (i.e. the next election)” and that “[Howard’s] successor will not be bound in any way by his predecessor’s policy on privacy; so we could see a turnaround part-way through the next Parliament, circa mid-1999.”

Even in North America, the thinning ice on winter lakes has been matched by thinning promises of self-regulation. Few businesses have actually published privacy policies; several that have published them are also found to violate them.

Christine Varney, the former commissioner of the FTC who promoted self-regulation in that post last summer, recently announced publicly that it doesn’t seem to be working. Similar ambivalence is evident at the Electronic Frontier Foundation, the leading civil liberties organization in the computer field and a long-time advocate of self-regulation (to the point where they set up a non-regulatory system called TRUSTe).

Meanwhile, a deadline looms over the whole process: the directive of the European Commission requiring its member countries to cut off the exchange of data with any countries around the world that are found to have inadequate privacy protection. Australia would not be seriously affected economically by an EC cut-off, but Connolly says it would be hurt by related laws in Hong Kong and Taiwan, as well as laws that are being considered by Japan and South Korea.

Unlike the blase attitude found in the U.S. last summer, this coming summer promises to be a time of heavy corporate lobbying and legal wrangling in both the U.S. and Australia. If the public takes a firm stand in favor of protecting their privacy, we have a chance to affect the history of data processing.

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Editor, O’Reilly Media
Author’s home page
Other articles in chronological order
Index to other articles