Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2019
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
Version of 16 January 2012
Roger Clarke **
© Xamax Consultancy Pty Ltd, 2011-12
Available under an AEShareNet licence or a Creative Commons licence.
This document is at http://www.rogerclarke.com/DV/PandM-PNeeds.html
This is a supporting document for http://www.rogerclarke.com/DV/PandM.html
As is shown in the primary paper, and in greater detail in a companion document, in 2011, the privacy protections available against inappropriate media behaviour fell vastly short of the public's need.
This document presents the requirements for the effective protection of privacy, balanced against the public interest. The purposes of the analysis are to state requirements, to provide outline arguments in support of them, and to lay the basis for a short-form statement or template code that can be used as a reference-point against which extant and proposed codes can be assessed.
The position adopted in this paper is largely consistent with that of the Australian Privacy Foundation, which has worked on the problem for several years. A long series of sources is listed in the Reference List below. The primary references are (APF 2009 and 2011c).
Privacy protection depends on 'infrastructure within an architecture', more commonly referred to as a framework. The necessary elements are:
The following sections deal with each of those elements in turn.
It has long been accepted that the quality of journalism is dependent on respect for a range of principles. For example, the Australian Journalist's Association's Code dates to 1943. Almost every media organisation has some kind of document of this nature. The Privacy Act amendments in 2000, which regulated (some of) the private sector, exempted media organisations provided that they subscribe to a Code. Such Codes deal with many topics, but they all include privacy as a Principle.
What has been less well accepted is that Principles are valueless as a means of protecting privacy unless they are articulated to a sufficient level of detail that they provide guidance to the practice of journalism, and establish criteria whereby the appropriateness of media behaviour can be assessed. In order to be relevant to the hectic operations of media organisations, Principles must be expressed more specifically, in the form of Standards.
However, Principles and Standards are insufficient to solve the problem. Journalists have always worked under time-pressure. Their plight has been exacerbated in recent years by the sharpening of competition, and cost-pressures resulting in fewer resources with which to sustain quality. In these circumstances, more than ever, the Principles and Standards must be expressed in ways and forms that are readily accessible to them.
The appropriate way to achieve this is to ensure that each media professional has a Code available to them that operationalises the Principles and Standards, and is structured and expressed in ways useful to media professionals and that enable them to quickly locate and drill down to what they need.
Two important aspects of a Code are that it be targeted at a specific context, and that it include examples designed to encapsulate accumulated experience in that context. Generally, examples need to be based on real-world situations, including those encountered by professionals working in the particular context and relevant cases that have been determined by complaints-handlers, but some may beed to be contrived in order to convey key aspects of the balancing among interests.
A Code Template that reflects the requirements expressed in this document is a companion document to this analysis.
The Principles and Standards must be primarily protective of privacy rather than of media organisations. They must encompass all relevant aspects of media behaviour, and in particular must cover both data gathering and publication activities. The protections must, however, be balanced against other important interests. Examples include certainty and cost. The most critical of the competing interests, however, is the public interest.
More specifically, the following are Foundation Principles:
The interpretation of 'the public interest' is absolutely central to privacy protection. It must not be infected with elements of 'what the public is interested in'. Keating (2010) put it this way: "The public interest means publication or non-publication guided by what is in the interest of the public as a whole, not what readers or an audience might find interesting or titillating".
A definition of 'the public interest' has been used by ACMA since at least 2000, and has recently been adopted by ACMA. It derives from a UK judgement in London Artists v Littler (1969) 2 QB 375 at 391. Lord Denning, then Master of the Rolls, said that "There is no definition in the books as to what is a matter of public interest. All we are given is a list of examples, coupled with the statement that it is for the Judge and not for the jury. I would not myself confine it within narrow limits. Whenever a matter is such as to affect people at large, so that they may be legitimately interested in, or concerned at, what is going on; or what may happen to them or to others; then it is a matter of public interest on which everyone is entitled to make fair comment" (emphases added).
The words "people at large ... may be legitimately interested in" appear to open the scope out to 'what the publuc is interested in' . However, those comments were made in a very specific context. In defamation law, the defence of fair comment is dependent on the comment being made "on a matter of public interest". The term 'a matter of public interest' is very different from the term 'the public interest'. Moreover, a number of statutes use the term 'the public interest', and that term's meaning has to be interpreted in each specific context within which it is used. Any suggestion that Denning's interpretation has any legal authority in the very different context of privacy is entirely spurious. The APC-ACMA definition is emphatically not an appropriate basis for privacy protection.
Another serious inadequacy that is frequently embodied in discussion about the public interest is the loose notion of a 'public figure' and the assumption that a public figure necessarily sacrifices their privacy. On the contrary, people about whom media activities are justified in the public interest need to be considered individually, and compromises of their privacy must be justified in the particular circumstances that apply.
A News Ltd lawyer was quoted in Keating (2010) as saying that "the main problem is 'public interest' is a nebulous concept that is difficult to define and even more difficult to weigh against the circumstances of a case. It's the practical application that will cause the problems". Keating argued that "Rather than abandoning the public interest, the media needs to put more time and effort into fostering a better practical understanding of the term". Yet, over a year earlier, the APF's Policy Statement had proposed a specific process, and specific interpretations of six public interest elements (APF 2009). The six elements are:
Other public interest elements may need to be recognised. However, in the handling of a complaint, any such justification must be argued, and the onus lies on the media organisation to demonstrate that the benefits of information gathering or publication outweigh the privacy interest.
By 'an over-riding public interest' is meant that the public interest must be of sufficient consequence that it outweighs the person's interest in privacy and any other conflicting interests such as public security and the effective functioning of judicial processes
When assessing whether the public interest is sufficient to over-ride the privacy interest, and when assessing proportionality, several additional factors may need to be considered. The following factors have the effect of reducing the zone of privacy protection and increasing the scope for publication and to some extent also for information gathering:
On the other hand, there are factors that increase the zone of privacy protection and reduce the scope for information-gathering and publication, especially:
Principles, Standards and Codes achieve nothing unless they are carried through into practice. To achieve this, the following process aspects are particularly important:
To ensure that new entrants to the profession are well-prepared, the educational processes for journalists must include emphasis on the ethical and legal obligations associated with news-gathering and publication. Within the workplace, induction and training must ensure that journalists have access to, and a clear understanding of, the Code. Periodic reminders and refreshers must be built into journalists' working life-cycles.
There must be unequivocal mechanisms whereby journalists are subject to the Code, in particular the reading of the Code into their terms of employment or terms of contract. Not only the media organisation, but also individuals, must have positive and legally-enforced obligations to apply the Code.
In order to ensure the Code's application, controls must be incorporated into media organisations' workflows, such that sub-editors and editors detect and address breaches by individual journalists and ensure that inappropriate information-gathering practices are clamped down on, and that inappropriate exposure of personal data does not survive through to actual publication.
There must be a positive obligation on media organisations to handle complaints about behaviour by media organisations and by individual employees of and contractors to media organisations. The reference-point for complaints-handlers needs to be the relevant Code, if one exists, or failing that then the Principles and Standards.
Complaints processes must be straightforward and accessible. There is a well-established international standard with which the processes need to comply (ISO 10002:2004). Because the Codes articulate and operationalise the Principles and Standards, most complaints should be able to be investigated quickly and resolved promptly.
The threshold tests for a complaint to succeed must not be set unduly high. In particular:
Serious sanctions must be available when the seriousness of the breach calls for them. But most complainants want an acknowledgement of error, and correction, retraction or clarification. The limited remedies available in print form, such as further publication and letters to the editor are complemented in networked media by such possibilities as changes to the archived copy.
There must be a clear channel whereby those people who are not satisfied with the media organisation's handling of the matter can seek review by an independent organisation, which must in turn have the obligation, the requisite powers, the resources and the commitment to resolve problems, and to impose sanctions where they are deserved.
Self-regulation is an excuse, not a solution. The abject failure of the various self-regulatory models is regularly demonstrated. A recent example is the Telecommunications Industry Ombudsman (ACCAN 2011). Self-regulation cannot be persisted with.
On the other hand, given the importance of the decisions, the fine judgement needed in making them, and the considerable risk of direct or indirect interference in the process by the government of the day or by public servants, a government regulatory agency for the media is not appropriate.
The appropriate governance model is a public regulatory body, with the following elements:
The notion of 'co-regulation' has been much-abused. A properly-implemented scheme, however, offers considerable advantages for all parties. The requirements described in this document reflect the criteria summarised in Clarke (1999).
The risks to privacy are common to all forms of media, and the process of convergence reinforces the need for the regulatory body's scope to encompass all media forms, including all print media, all broadcast media and all networked media, and both private and public sector organisations. The scope definition needs to be expressed broadly in order to ensure that the further new media that will doubtless emerge in the future are automatically within the regulatory body's ambit.
The regulatory body must have the power to determine and promulgate the Principles and Standards and the Codes that articulate them. However, in preparing and revising Principles, Standards, Codes and associated business processes, the regulatory body must have obligations:
There must be a positive obligation on the regulatory body to handle complaints about behaviour by media organisations and by individual employees of and contractors to media organisations. There needs to be a policy that complaints should be first handled by the media organisation whose behaviour is being complained about; but the regulatory body needs to have a discretion to handle complaints at first instance when the circumstances make that a more practicable procedure.
As with internal complaints-handling, the reference-point need to be the relevant Code, if one exists, or failing that then the Principles and Standards; and complaints processes must be straightforward, accessible and compliant with the international standard (ISO 10002:2004). Because a clear framework is in place, most complaints should be able to be investigated quickly and resolved promptly.
The regulatory body must have available to it a comprehensive, gradated range of measures available to it in the form a 'compliance pyramid', with a broad base of education and guidance, mediation and arbitration, together with sanctions and enforcement mechanisms available when necessary to deal with serious or repeated breaches. There must be effective means whereby non-compliance by media organisations with the Principles, the Standards, the Codes or the regulatory body's determinations is subject to further sanctions sufficient to deter other organisations from such behaviour.
The regulatory body must have an obligation to apply the review processes and remedies and to apply them appropriately, and the requisite resources to apply them.
The regulatory body must have the powers necessary to protect the interests of the intended beneficiaries, and to protect itself.
The regulatory body must have the resources necessary to enable it to perform its functions.
The regulatory framework must be underpinned by legislation that imposes obligations on media organisations, and both empowers the regulatory body and requires it to operate in a responsible manner.
A statutory cause of action is a necessary complementary privacy-protection measure. The privacy right of action is not specifically about the media; but it must apply to the media as well as every other individual and organisation. The media must be understood to be just one specific area of application, and one which to which a clear, strong and extensive definition of the public interest defence applies.
The reasons the cause of action is necessary are that:
Many offensive intrusions arise in society generally, including leaks of personal data, surveillance of behaviour, interference with a person's body, and abuse of powers by government agencies. In addition, there are many instances of offensive intrusions by the media. These are of great concern where they affect 'ordinary people', although the scope of the cause of action must also extend to 'celebrities'.
The most desirable form of the cause of action would reflect the following refinements to the ALRC's Recommendations:
The threshold for a successful court action should be higher than that for an administrative complaints process. The 'highly offensive' notion is too high, however, whereas 'offensive' alone is sufficient. There is an argument that the appropriate reference-point may be 'offensive to a person of ordinary sensibilities' rather than 'reasonably causes offence to the person concerned', but only if the assessment is context specific. For example, 'a person of ordinary sensibilities' who just experienced an accident or the loss of a loved one is very likely to be particularly vulnerable and sensitive.
APF (2007a) 'Submission to the Australian Law Reform Commission's Review of Privacy - Answers to questions in ALRC Issues Paper 31' Australian Privacy Foundation, January 2007, at pp. 14-15 of http://www.privacy.org.au/Papers/ALRC_IP31_070202.pdf
APF (2007b) 'Submission to 'Australia's Right To Know' Coalition's Independent Audit into the State of Media Freedom in Australia' Australian Privacy Foundation, August 2007, at http://www.privacy.org.au/Papers/ARKC-MediaFreedom-0708.pdf
APF (2007c) 'Supplementary Submission to 'Australia's Right To Know' Coalition's Independent Audit into the State of Media Freedom in Australia' Australian Privacy Foundation, October 2007, at http://www.privacy.org.au/Papers/ARKC-MediaFreedom-0710.pdf
APF (2007d) 'Submission to the Australian Law Reform Commission re the Review of Australian Privacy Law - Discussion Paper 72' Australian Privacy Foundation, December 2007, at p. 68 of http://www.privacy.org.au/Papers/ALRC-DP72-0712.pdf
APF (2009) 'APF Policy Statement re Privacy and the Media' Australian Privacy Foundation, March 2009, at http://www.privacy.org.au/Papers/Media-0903.html
APF (2010) 'Privacy Aspects of the ABC Code' Letter to the Managing Director of the ABC, Australian Privacy Foundation, 18 August 2009, at http://www.privacy.org.au/Papers/ABC-090818.pdf
APF (2011a) 'A Privacy Right of Action' Policy Statement, Australian Privacy Foundation, 21 Jul 2011, at http://www.privacy.org.au/Papers/PRoA.html
APF (2011b) 'A Statutory Cause of Action' Submission to PM&C / Attorney-General's Dept, Australian Privacy Foundation, 4 Nov 2011, at http://www.privacy.org.au/Papers/PMC-SCofAction-111104.pdf
APF (2011c) 'An Appropriate Public Regulatory Body for Media Privacy' Submission to the Independent Media Inquiry, Australian Privacy Foundation, 18 Nov 2011, at http://www.privacy.org.au/Papers/MediaInq-Sub-111118.pdf
APF (2011d) 'Privacy Guidelines for Broadcasters' Letter to ACMA, 16 Dec 2011, at http://www.privacy.org.au/Papers/ACMA-111216.pdf
APF (2012) 'ACMA's Revised Privacy Guidelines for Broadcasters' Supplementary Submission to the Independent Media Inquiry , Australian Privacy Foundation, 9 January 2012, at http://www.privacy.org.au/Papers/MediaInq-120109.pdf
Clarke R. (1999) 'Internet Privacy Concerns Confirm the Case for Intervention', Communications of the ACM, 42, 2 (February 1999) 60-67, at http://www.rogerclarke.com/DV/CACM99.html
Clarke R. (2009) It's Time for Guidelines on 'Privacy and the Media' Online Opinion, 18 May 2009, PrePrint at http://www.anu.edu.au/people/Roger.Clarke/DV/PM-0905.html
ISO (2004) 'Quality management--Customer satisfaction--Guidelines for complaints handling in organizations' International Standards Organisation, ISO 10002:2004
The author has been a Board member of the Australian Privacy Foundation since 1987 and its Chair 2006-12. This paper draws heavily no the APF's Policy Statements, and hence on the work of fellow Board members, particularly Nigel Waters.
Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Cyberspace Law & Policy Centre at the University of N.S.W., and a Visiting Professor in the Research School of Computer Science at the Australian National University.
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 60 million in early 2019.
Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916
Created: 14 October 2011 - Last Amended: 16 January 2012 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/DV/PandM-PNeeds.html