Principal, Xamax Consultancy Pty Ltd, Canberra
Visiting Fellow, Department of Computer Science, Australian National University
Version of 31 January 1998
© Xamax Consultancy Pty Ltd, 1997
Comments subsequent to 'The New Privacy Laws Conference' of 19 February 1997
This paper is at http://www.anu.edu.au/people/Roger.Clarke/DV/Except.html
In discussions concerning privacy law, lawyers often make reference to 'exclusions', 'exemptions' and 'exceptions'. A valuable analysis of exemptions from privacy principles was provided by Blair Stewart, of the New Zealand Privacy Commissioner's office, in 'Exemptions and Exceptions to Privacy Principles', at the Conference on 'The New Privacy Laws', Sydney, 19 February 1997.
Blair's paper has caused me to re-express and hopefully clarify my longstanding opposition to the very notion of 'exclusions', exemptions' and 'exceptions'.
A principle is an abstract statement (according to the Macquarie Dictionary: a fundamental or primary truth, doctrine or tenet, relating to the requirements and obligations of right conduct). The manner in which it is articulated, and applied in practice, depends on the context, and particularly on cultural values and the institutional setting.
A 'general' principle admits of exceptions. It is a default, which can be varied. Those variations may be explicit or implicit; and they may be controlled or uncontrolled. Even controlled explicit exceptions represent substantial weakenings of what the reasonable person would expect the statement to mean.
By way of reductio ad absurdum, try the following: "All humans have equal rights before the law; unless, of course they're lazy bloody abo's; unreliable, aggressive kaffirs; cheating jew-boys; persons found guilty of / reasonably suspected of / accused of being paedophiles; homosexuals; gypsies; <insert contemporary bigotry here>". But then Eric Blair said it all a half-century ago, with "All animals are equal; but some animals are more equal than others".
A 'universal' principle, on the other hand, does not admit of exceptions. This makes it immensely more powerful; but of course it requires immensely greater care in formulation.
The OECD's Data Protection Principles are expressed simply and directly. My personal interpretation of them is that they are intended as universal principles, whose implementation details need to be developed within each particular national context.
The Information Privacy Principles (IPPs) embodied in the Australian Privacy Act 1988 are expressed tortuously, in order to make abundantly clear to the reader (who is assumed to be a lawyer) that they admit of manifold exceptions. They were carefully contrived to be general, rather than universal.
The difference between the two ideas is exemplified by the phrasing of the Use and Disclosure Principles:
For two distinct reasons, the general rather than universal nature of the IPPs represents a serious weakness in the fabric of Australian privacy protection:
A universal statement conveys that the principle is paramount, and that implementation in particular circumstances involves careful balancing between privacy and other interests, in such a manner that the principle is not infringed. This further implies protections in the form of appropriate processes, such as a powerful watchdog with an effective right of veto on the public's behalf, or a public forum in which the various arguments are surfaced, and any compromise of the principle is evident.
A general statement is devised in such a manner that powerful interests will be protected through large numbers of vague and extensible exceptions. People are seldom 'powerful interests'. The use of general rather than universal principles results in the law being perceived by the public to be tokenist rather than a serious endeavour to redress wrongs;
When a general statement of principle is used, and a class of organisation or activity is exempted from it, the protections are entirely lost: there remains no segment of the Principle to which the organisation or activity is subject.
The application of a universal statement to a particular organisation or activity, on the other hand, has a very different effect. A mode of operation has to be negotiated that satisfies various other interests, but still keeps the organisation or activity subject to the principle.
These kinds of agencies are typically exempt from privacy laws. This is a travesty: unjustified and unreasonable behaviour by such organisations can have serious impacts on people's careers, and (despite the cloak of secrecy with which they attempt to surround themselves) there are well-documented instances of unjustified and unreasonable behaviour.
It can be argued, on the other hand, that there is an important public interest in such agencies not having to reveal information to a Privacy Commissioner who, more than likely, will not have security clearance at a particularly high level.
The security interest can be accommodated by vesting the responsibilities of the Privacy Commissioner in an appropriate person who does have such a clearance. In Australia, this person would be the Inspector-General of Security. The privacy interest might be imperfectly represented; but there would be a legal obligation on such agencies to comply with the law, and to find ways in which to balance the other interests against privacy.
This term is sometimes (though misleadingly) applied to data collections that are readily accessible, such as electoral rolls, registries of births, deaths and marriages, and land titles registries. The argument is sometimes advanced that such data collections should be exempt from privacy laws.
These data collections may indeed need to be widely available, but only for specific purposes. Additional purposes should be permitted only subject to the established principles, primarily the express authority of law.
'Public registers' should therefore be subject to the universal principles. Particular mechanisms are bound to be needed for such frequently-accessed data collections; but those mechanisms should balance the various interests, and should not breach the universal principles.
This matter is examined in depth in Clarke (1997).
There are practical risks involved in providing patients with direct access to, for example, their psychiatric records, and even mainstream medical records. Similar problems can arise with prison records, school records, social security records of interview, etc.
Attempts are made to use these practical risks to justify exceptions and exemptions from the subject access principle.
The universal principle is that access be provided (in the OECD phrasing: "An individual should have the right ... to have communicated to him, data relating to him"). Nothing in the Principle says that it has to be direct access by the person concerned.
One implementation technique that can protect other interests while satisfying the privacy principle is the use of intermediary access (e.g. making the records available to the person in the presence of a medical practitioner of the data subject's choice, who can assist the person to interpret and explain the contents).
Records of criminal investigations are an example of data where an interest (law enforcement) may be unable to be protected if the person has direct or even intermediated access. In such circumstances, proxy access may be appropriate, such that the Privacy Commissioner has the power to listen to the data subject's concerns, examine the records, and act on the person's behalf, without disclosing the contents, or at least those parts of the contents whose disclosure would be potentially harmful.
Privacy interest groups need to remove words such as 'exemption', 'exclusion', and 'exception' from their lexicon. Instead, they should take every opportunity to draw to the attention of regulators the difference between exemption from general principles and balanced implementation of universal principles.
Go to Roger's Home Page.
Go to the contents-page for this segment.
Send an email to Roger
Created: 25 February 1997
Last Amended: 31 January 1998
|These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).|
| The Australian National University|
Visiting Fellow, Faculty of
Engineering and Information Technology,
Information Sciences Building Room 211
Pty Ltd, ACN: 002 360 456|
78 Sidaway St
Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, 6288 6916