Roger Clarke's Web-Site

 

© Xamax Consultancy Pty Ltd,  1995-2017


Roger Clarke's 'Emergent Privacy Principles'

Emergent Privacy Protection Principles

Roger Clarke **

Version of 28 April 2003

© Xamax Consultancy Pty Ltd, 2003

Available under an AEShareNet Free
for Education licence or a Creative Commons 'Some
Rights Reserved' licence.

This document is at http://www.anu.edu.au/people/Roger.Clarke/DV/EPPP.html


The advance of technologies such as digital signatures, biometrics and surveillance has resulted in increasing recognition across the world of the inadequacy of existing data protection laws as a basis for protecting citizens' privacy and human rights.

Among the alternative responses to this realisation are the extreme outcomes of acceptance of 'the death of privacy', and the emergence of much more substantial forms of human rights instruments. An intermediate possibility is the emergence of additional Privacy Principles to supplement those codified in the OECD Guidelines and implemented in most countries in Australia's reference group.

The following are examples of the kinds of Principles that are emerging.

1. Requirement to Support Anonymity

This appeared in the Australian Privacy Charter in 1994, and is expressed in the National Privacy Principles that apply to the Australian private sector as follows: "Wherever it is lawful and practicable, individuals must have the option of not identifying themselves when entering transactions with an organisation". It is also included in the Victorian and Northern Territory legislation regulating the public sector, and in the Australian Privacy Commissioner's Guidelines in relation to PKI.

2. Limitations on the Multiple Use of Identifiers

This has appeared in various forms, e.g. in relation to the Tax File Number, the Canadian Social Insurance Number, private sector use of identifiers assigned by Australian government agencies, and the Victorian and Northern Territory laws.

3. Purpose Justification

Longstanding formulations restrict the use of data to those purposes authorised by law, or consented to. There are increasing expectations that the purposes for the use of data, identifiers in particular, and indeed for technologies, have to be justified, and that the justification has to be published. The Canadian laws include the requirement and so does the N.S.W. Law Reform Commission's Report on Surveillance.

4. Requirement for Privacy Impact Assessments

More specifically, it is increasingly expected that each organisation that seeks to implement a significantly privacy-invasive technology or scheme will undertake a formal and consultative study of its negative impacts on privacy, whether they are justified, and how they can be ameliorated. This has been implemented in the law of Canada, in the practices of the governments of Ontario and Hong Kong, and in the Australian Privacy Commissioner's Guidelines in relation to PKI.

5. No Disadvantage

There is concern that the exercise of privacy rights by individuals can come at a cost, in such forms as the denial of services, restricted access to services, and lower priority access to services. Forms of a Principle precluding such disadvantages have appeared in the Australian Privacy Charter in 1994, and in the Korean law.

The Authentication Initiative involves powerful technologies. The emergence of these Principles is likely to have considerable implications for the development of the framework, the application of the framework in particular agencies, and especially its application in the multi-agency context of 'joined-up e-government'.


Author Affiliations

Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Cyberspace Law & Policy Centre at the University of N.S.W., a Visiting Professor in the E-Commerce Programme at the University of Hong Kong, and a Visiting Professor in the Department of Computer Science at the Australian National University.



xamaxsmall.gif missing
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.

From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.

Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916

Created: 28 April 2003 - Last Amended: 28 April 2003 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/DV/EPPP.html
Mail to Webmaster   -    © Xamax Consultancy Pty Ltd, 1995-2017   -    Privacy Policy