Privacy On the Internet: Policy
Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Fellow, Department of Computer Science, Australian National University

E A R L Y D R A F T of 19 October 1997

© Xamax Consultancy Pty Ltd, 1997

Invited Address to the IBC 1997 Australian Privacy Forum, Gazebo Hotel, Sydney, 21-22 October 1997

Substantially revised version of a paper for a Seminar on 'Consumer Protection on the Internet', run by The Policy Network, Mitchell Library, Sydney, 1 May 1997

This paper is at


This early draft paper is one of a set of documents that consider privacy in the context of the Internet. It identifies policy to address the various threats.



The Legislative Framework for Privacy Protections

Jurisdiction in Cyberspace

Privacy Protections and the Internet




This paper assumes that the reader is familiar with privacy generally. An introduction is available.

This paper is designed to be read as a subsidiary document to its parent-paper, 'Privacy on the Internet: Threats, Measures and Policy'. It is designed to be read after the other subsidiary papers on 'Privacy on the Internet: Threats', and 'Privacy on the Internet: Measures'.

The following sections examine policy aspects of privacy on the Internet. This is an early draft of the argument, in need of significant further work.

The Legislative Framework for Privacy Protections

The preceding papers have sought to demonstrate that self-protective measures by individuals are possible, and are essential. By themselves, however, they are insufficient.

Organisations have many objectives, and privacy-protective behaviour generally does not rank highly among them. The appropriate means of ensuring that it attracts the attention from them that the public needs warrant is through the legislation of requirements on them.

Statutory regulatory regimes tend to be clumsy and unadaptive. Achieving an appropriate balance between privacy and a range of competing interests needs to be performed in many different settings. The balance changes from time to time, under the forces of social pressures and technological change.

To reflect these realities, the most effective means of establishing a privacy protection regime is to legislate only the framework, and to set processes in motion whereby detailed policies and procedures are developed and implemented. A regulatory agency needs the power to constructively encourage organisations and their representative associations to develop codes of conduct that apply abstract privacy-protection principles in the relevant contexts. Such codes need to impose responsibilities on both organisations and their associations. The regulatory agency needs supervisory powers, and the performance of organisations in accordance with the relevant code needs to be subject to enforcement by the courts. This was referred to in the current Australian Government's platform as a 'co-regulatory' approach.

Chief among the current objectives of Australian privacy advocacy groups are:

It was argued in Clarke (1996) that privacy needs to be recognised as a factor of strategic importance to corporations. An increasing number of corporations appear to be doing so, and privacy advocates are working to extend the significant alignment already evident between privacy advocates, on the one hand, and corporations and industry associations, on the other.

This alignment has been evident during late 1997, in the context of discussions concerning the Privacy Commissioner's Discussion Paper canvassing a self-regulatory scheme. The privacy lobby has boycotted the proceedings. Corporations and industry associations are in agreement that a regime that lacks the requisite statutory sanctions will fail to control the mavericks, and will fail to satisfy the public's desire for effective protections.

Jurisdiction in Cyberspace

There appears to be a paradox in the call for enhanced privacy regulation, at a time when the powers of nation-states are being threatened by regionalisation of governments, and globalisation of corporations.

Many people, including this author, have argued that recent developments in information technology (including chip-cards, cryptography, and many services available over the Internet, such as net-based payment schemes) are a potent additional factor in reducing the power of the nation-state.

For example, Clarke (1997a) assesses the impact of the Internet on the regulation of financial services, and Clarke (1997b) considers the impact of net-based payment mechanisms, and identifies challenges arising because of the ease with which relevant activities can escape the purview of governments, by being undertaken trans-jurisdictionally, extra-jurisdictionally and supra-jurisdictionally.

The Internet embodies considerable challenges to the power of nation-states. The conclusion reached, however, at least by this author, is that their capacity to govern will be reduced rather than demolished. Place matters. Through reciprocal arrangements, and harmonisation of law between partner communities, nation-states (or smaller, more cohesive geographical units) will find it possible to cross-promote particular balances between orderliness and dynamism, in order to attract the support of people and corporations.

Part of the web of values, policies and practices that defines a community is the extent to which, and manner in which, it balances privacy against other interests. It is therefore vital that privacy continue to receive the close attention it has been getting in recent years, and that privacy-protective legislation be sustained and improved.

Privacy Protections and the Internet

With a comprehensive privacy protective regime in place, many of the challenges that arise in the context of the Internet will be better able to be addressed.

The following are important policy issues that arise in the content of the Internet:


This paper has built upon predecessor papers, 'Privacy on the Internet: Threats', and 'Privacy on the Internet: Threats', and has discussed policy measures available to address those threats.


A comprehensive set of resources is provided in the main paper.


Go to Roger's Home Page.

Go to the contents-page for this segment.

Send an email to Roger

Created: 29 April 1997

Last Amended: 19 October 1997

These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).
The Australian National University
Visiting Fellow, Faculty of
Engineering and Information Technology,
Information Sciences Building Room 211
Xamax Consultancy Pty Ltd, ACN: 002 360 456
78 Sidaway St
Chapman ACT 2611 AUSTRALIA
Tel: +61 6 288 6916 Fax: +61 6 288 1472