Principal, Xamax Consultancy Pty Ltd, Canberra
Visiting Fellow, Department of Computer Science, Australian National University
Version of 7 July 1998
© Xamax Consultancy Pty Ltd, 1998
This document is at http://www.anu.edu.au/people/Roger.Clarke/DV/SLCCPte.html
A Supplementary Submission dated 4 August is at http://www.anu.edu.au/people/Roger.Clarke/DV/SLCCPteSupp.html
Self-regulation without a layer of law behind it has been demonstrated to be worthless. Statutory privacy protections in the private sector are long overdue, and are essential to successful development of the information economy and information society.
National legislation is much more desirable than a State-by-State approach, provided that a satisfactory level of protection is achieved.
The Privacy Commissioner's 'National Principles' contain a number of serious deficiencies that need to be fixed. Subject to that qualification, they provide a basis for a conventional, limited set of protections.
The protections provided by conventional laws are, however, insufficient for the 21st century, because the OECD's 1980 Guidelines, on which they are based, relate to the context of the 1970s; and there have been massive advances in information technology since then.
The Privacy Amendment Bill 1998, clumsy though the legislative drafting may be, appears to sustain the existing, limited protections during the current fashion of outsourced government services. It is important that it be passed during the term of the present Government.
2.1 The Nature of Privacy
2.2 Why Privacy Matters
2.3 Threats to Information Privacy
2.4 The History of Privacy Protection
2.5 Information Technology's Contemporary Threats to Privacy
2.6 The Sharpened Public Concern
2.7 The Situation in Australia at the End of the 1990s
3. The Need (Terms of Reference 1 and 2)
4. The Privacy Commissioner's 'National Principles' (ToR 3)
5. The Privacy Amendment Bill 1998 (ToR 4)
I am a consultant in strategic and policy aspects of information technology, with 30 years' experience in the industry, including a decade as a senior academic at the Australian National University. Further details are available in my on-line bibliographical data.
I have been involved with privacy for a quarter-century, variously as researcher, advocate and consultant. Among many other recent activities of relevance, I served as a member of the Victorian Data Protection Advisory Council, which recommended the shape of the forthcoming Victorian legislation ( Stockdale 1998), and as a member of the committee that produced the Asia-Pacific Smart Card Forum's Code of Practice in relation to consumer and privacy matters ( APSCF 1998).
I have published scores of papers on many different aspects of privacy, including the primary references on data surveillance ( Clarke 1988) and human identification ( Clarke 1994). Many of these documents are available on the world wide web, indexed by theme at http://www.anu.edu.au/people/Roger.Clarke/DV/AnnBibl.html
This submission is provided in a personal capacity. I have, however, participated in the process whereby two organisations prepared their submissions in relation to this Inquiry:
This submission addresses Terms of Reference (1) and (2) by providing background information, followed by definition of the form of the privacy protections that are urgently needed. It then addresses the specifics of the Inquiry's Terms of Reference (3) and (4). The electronic version of the submission, at http://www.anu.edu.au/people/Roger.Clarke/DV/SLCCPte.html, provides links directly to the full text of many of the cited documents.
This section provides a brief review of privacy, of why it matters, of threats to it, of the history of privacy protection, of information technology's contemporary threats to it, of the sharpened public concern, and of the situation in Australia at the end of the 1990s.
This sub-section is an abbreviated version of the first few segments of my web-page, 'Introduction to Privacy and Dataveillance'.
Privacy can be treated as a moral or legal right. It is generally more constructive, however, to perceive it as one interest among many, specifically the interest that individuals have in sustaining a 'personal space', free from interference by other people and organisations.
'Personal space' has multiple dimensions, in particular:
With the close coupling that has occurred between computing and communications, particularly since the 1980s, the last two aspects have become closely linked, and are commonly referred to as 'information privacy'. This is the primary focus of public attention.
An important implication of the definition of privacy as an interest is that it has to be balanced against many other, often competing, interests. In particular:
Hence privacy protection involves a process of finding appropriate balances between privacy and multiple competing interests.
Information privacy has been under increasing threat as a result of the rapid replacement of expensive physical surveillance by the systematic use of personal data systems in the investigation or monitoring of people's actions or communications. This phenomenon, referred to by this author as 'dataveillance', is analysed in ( Clarke 1988).
Privacy is a vital human value, which underpins the democratic way of life. Some of the reasons for its importance are to be found at the level of individual psychology. People need to establish and sustain their individual integrity, and hence the many dimensions of their private space are crucial to their self-respect, and their ability to realise their individual potentials.
Other aspects of privacy's importance are sociological in nature. In a society in which surveillance is rife, people behave with an unhealthy degree of self-restraint, because of the so-called 'chilling effect'. As a result, the society atrophies. An erudite rendition of the arguments is to be found in Foucault (1977).
Privacy protections are also a pre-condition for a healthy body politic, because, without them, people do not perceive themselves to have the freedoms to think and speak freely, and hence they are amenable to despotic rule. This aspect is addressed in Zamyatin's 'We' (1922) and Orwell's '1984' (1948), and more clinically in (Clarke 1994b).
On a more practical level, Clarke (1993a) analyses why the public is scared of the public sector. This identifies a range of specific concerns, including the powers that government agencies have:
A similar analysis of why the public is concerned about particular private sector behaviours would be likely to identify many similarities, but also some distinct differences. Relevant sources include Packard (1957, 1964), Larsen (1992) and Gandy (1993).
In order to understand public attitudes to privacy, however, it is dangerous to restrict oneself to only the legalistic, the bureaucratic and the socio-philosophical perspectives. Theoretical analyses are all very well, but they tend to lead public opinion, and sometimes even to miss it. For most people, privacy is utterly abstract until it suddenly becomes gut-wrenchingly concrete; and for each individual, that arises in quite specific situations.
Dataveillance, the monitoring of people through data about them, threatens privacy in a large number of ways. In addition to the primary reference on dataveillance ( Clarke 1988), a more accessible account is provided in Clarke (1994a).
Personal dataveillance is the monitoring of a specific, identified person. Its threats are identified in Clarke (1988) as being:
Mass dataveillance is the monitoring of groups of people, generally large groups, and usually in order to identify individuals who belong to some particular category of interest to the surveillance organization. Its threats are identified in Clarke (1988) as being:
There are some natural defences against the ravages of technology-driven privacy invasion. These include inadequacies in the infrastructure on which dataveillance depends, operational inadequacies, the exercise of self-restraint by organisations or their employed professionals, the exercise of countervailing power by people or by other organisations, and economic constraints. These are examined in Clarke (1988), Clarke (1993b) and Clarke (1995b).
The experience of the last quarter-century has clearly demonstrated that these intrinsic protections are far too weak to protect privacy. The imbalance of power between organisations and individuals is so great that claims that privacy can be protected without legislation are naive or disingenuous. Comprehensive organisational, procedural and technical measures are necessary, back-ended by sanctions that exercise control over miscreants.
During the 1970s, many countries, especially in Europe, passed privacy protection laws, prompting Michael Kirby, then of the Law Reform Commission and now of the High Court, to refer to those years as 'the decade of privacy'. Kirby was instrumental in the codification of those laws as the well-known OECD Guidelines (OECD 1980), to which Australia acceded in 1984, and which have been used as the benchmark ever since.
Despite the very apparent need for protections, and the nominal commitment represented by the accession to the OECD Guidelines, actions by Australian legislatures have been appallingly slow. Retrospectives are provided in Clarke (1996b), elsewhere in Clarke (1996b), and in Clarke (1996c). The main existing laws are as follows:
Privacy protections are limited to a sub-set of the Commonwealth public sector, and a very few, very specific sectors of corporate activity, plus incidental and accidental protections arising under other laws. In short, Australian legislatures have consistently failed to provide their constituents with adequate privacy protections.
The twentieth century has seen an ongoing increase in the 'information-intensity' of administration, resulting in the collection, maintenance and dissemination of ever more data, ever more 'finely grained' (Rule 1974, Rule et al. 1980).
The 'information-intensity' phenomenon has arisen from the increasing scale of human organisations, making them more remote from their clients, and more dependent on abstract, stored data rather than personal knowledge. Other factors have been an increasing level of education among organisations' employees, the concomitant trend toward 'scientific management' and 'rational decision-models', and, particularly since the middle of the century, the brisk development in information technology.
Information technology has long threatened privacy, through its capabilities to store data, to process data, to communicate data, to inter-relate data, and to re-discover data. The last 25 years, however, has seen a very substantial and ongoing increase in the inherent invasiveness of technologies. Particularly privacy-intrusive technologies of the present decade are discussed in Clarke (1996b) and ( Clarke (1997c), and include:
The increasing ability to use data has stimulated an increasing tendency to collect and keep data. Linked with this is a conscious effort by organisations to convert hitherto anonymous interactions into identified transactions ( Clarke 1996d). People leave many data trails behind themselves, and these are increasing in number and becoming ever more intensive ( Clarke (1996a).
Evidence of the long-standing high levels of concern among the Australian public is provided in Clarke (1987), PCA (1995), Clarke (1996b) and MasterCard (1996, reviewed in Clarke 1997a). Of particular significance were the findings (PCA 1995, summarised in Clarke 1996b) that, even during the early 1990s:
The level of concern has since become much more acute. Harbingers of change were catalogued in Clarke (1996b). Specific aspects of the problem have since been examined in depth as follows:
Studies undertaken by agencies of Australian governments have reached similar conclusions (e.g. FBCA 1997, NACCA 1997).
While this Submission was being prepared, the Joint Committee of Public Accounts and Audit published a report on electronic commerce that also focused on the public confidence issue. Of 17 Recommendations, all of them supported unanimously, 6 were highlighted as "key recommendations". These included that "the Australian Government should introduce privacy legislation, with specific reference to information communications, to govern the use of personal information in the private sector" ( JCPAA 1998).
The concern about trust is not limited to Australia. The U.S. Federal Trade Commission has recently put significant pressure on direct marketers to greatly improve their present, entirely ineffectual self-regulatory arrangements, and has placed privacy legislation firmly on the Congressional agenda ( FTC 1998). Existing efforts based on trademarks (especially TRUSTe) and on privacy-sensitive technology (especially W3C's P3P protocol - see Clarke 1998d and Clarke 1998e) are very unlikely to be, by themselves, sufficient to achieve the necessary public confidence. The new and hastily organised industry association called Privacy Alliance is also very unlikely to deliver anything of consequence.
It is now well-established that electronic commerce is being held back by a crisis in public confidence about the trustworthiness of organisations operating in the electronic environment. This lack of trust reflects the difficulties of sustaining consumer protections in the new electronic context, and critical among these factors is the lack of privacy protections.
Under the Privacy Act 1988, a regulatory scheme applies to the Commonwealth public sector. Unfortunately that scheme has significant deficiencies, which are documented in Clarke (1989) and Clarke (1997b).
Under Part IIIA of the Privacy Act 1988, a regulatory scheme applies to the credit reporting segment of the financial services sector. A few additional provisions apply to the private sector generally, e.g. in relation to criminal records and tax file numbers. A small number of inadequate and unenforceable industry codes of conduct exist, e.g. in banking, in direct mail, and in consumer market research.
During the March 1996 federal election, both sides of politics committed themselves to the passage of privacy regulation for the private sector. The Coalition coined the highly descriptive term 'co-regulation' to refer to the model supported by privacy advocates, business and government regulatory agencies alike. The public has been appalled by the failure of successive governments, and especially of the current Government, to deliver on these promises.
During 1996-98, the Victorian Government has made clear that it regards privacy protection as being essential to public confidence in electronic commerce and electronic services delivery, and that it would legislate if the Commonwealth failed to do so. On 15 June 1998 it expressed its plans much more clearly ( Stockdale 1998). On 1 July, it published a Discussion Paper ( MMV 1998).
Successive N.S.W. Attorneys-General have made approximately annual promises to introduce legislation, but have confirmed the public's cynicism about politicians by failing to do so. Some action may, however, be prompted by the Victorian announcement.
Further impetus is provided by the EU Directive, which is scheduled to come into force in October 1998 ( EU 1995). Its precise implications remain unclear and much debated.
Enormous momentum has built up for privacy legislation to bind the private sector. The sources of support are highly diverse, and include:
It is urgent that the Commonwealth Parliament legislate, in order to protect the privacy of Australians, to establish the necessary basis for public confidence in electronic commerce, and to assure corporations that they will not be subject to multiple, inconsistent compliance requirements.
Meanwhile, public pressure is building for specific, targeted legislation in relation to particular threats such as video-surveillance in the workplace and in public spaces, and in relation to specific industry sectors such as health care.
This section outlines the shape of the legislative framework that is needed in order to deliver a satisfactory form of privacy protection for the Australian public. Valuable sources of information in relation to regulatory regimes include Laudon (1986), Clarke (1988), Flaherty (1989), the New Zealand Privacy Act (1993), and Clarke (1995b). This section draws on those resources, and adapts them to the present context.
Market forces are subject to many imperfections, and it is in the economic self-interest of individuals and corporations to exploit these imperfections and to generate new ones. Recent evidence of the impotence of self-regulatory arrangements is provided in EPIC (1998a), which reports on a 2-day Internet Privacy meeting held by the U.S. Department of Commerce on 23-24 June 1998, and EPIC (1998b), which documents the failure of the U.S. Direct Marketing Association's attempts to stimulate compliance by its members with a quite limited code of practice.
Self-regulation has continually demonstrated itself to be inadequate by itself, and only of value if it operates within a broader context.
On the other hand, a heavy-handed regulatory regime is not appropriate. This is because:
The creation of a layer of legal stiffening behind self-regulatory arrangements can achieve the desirable outcome. As was presaged in an earlier section, comprehensive organisational, procedural and technical measures are needed, back-ended by sanctions that exercise control over miscreants.
Workable co-regulatory processes require a multi-tiered framework, in which each of the players needs to perform particular functions:
The legislation needed to implement a co-regulatory privacy protection regime needs to satisfy the following requirements:
I was a participant in the development of the National Principles for the Fair Handling of Personal Information' (hereafter NPPs) by the Office of the Australian Privacy Commissioner.
There are many ways in which the NPPs are a conventional implementation of the OECD's 1980 framework. Unfortunately, however, not all voices in the consultations were accorded equal force, and as a result there are a number of important deficiencies that need to be addressed before they are applied.
The NPPs do not satisfy the needs of the 1970s, as expressed in the OECD Guidelines (OECD 1980). The deficiencies are detailed in Clarke (1998b), and include the following:
Because of these deficiencies, the NPPs do NOT provide an appropriate basis for a co-regulatory regime for the private sector. If these deficiencies are overcome, then the revised NPPs would support a scheme appropriate for protecting the Australian public against the threats of 1970s information technology.
As long ago as the mid-1980s, it was apparent that the OECD Guidelines were inadequate, because they are based on the limited Fair Information Practices notion. See, for example, Clarke (1988), Clarke (1989), and Clarke (1998b). More up-to-date sets of Principles are those of the Australian Privacy Charter Council ( APCC 1994) and the European Union Directive ( EU 1995).
In comparison with the needs of the late 1990s, as expressed in such documents, the NPPs exhibit further deficiencies. These are examined in Clarke (1998b), and include the following:
Even if the NPPs are revised to address the first group of deficiencies identified above, they do NOT provide a basis for protecting the Australian public against the privacy threats inherent in information technology developments since about 1980, and therefore represent no more than a catch-up, stop-gap measure, in need of urgent extension to address the needs of the twenty-first century.
The NPPs are of course only one element of the complete privacy protection framework that is required. The other elements are outlined in the preceding section.
The Amendment Bill is tortuous in the extreme, and the inevitable weaknesses and limitations are accordingly very difficult to detect. It is abundantly clear that the draftsman has made strenuous efforts to ensure that there is no accidental increase in the extent of existing privacy protections.
There is a very real risk, however, that, should this Amendment Bill not be passed in its present form, it will become another political tool in the ongoing double-dissolution-trigger game. In accordance with the standard, dysfunctional practice, the Bill would lapse when the election is called. If the history of lapsed Bills is any guide, this would very probably result in no equivalent Bill being reintroduced into the new Parliament, and hence in existing protections being savagely reduced.
It therefore appears that the best interests of the public will be served by the Senate passing the Bill in its present form, and with haste, in order to ensure that the basic objective of sustaining existing protections is achieved.
One qualification to that conclusion arises in relation to the question of the Privacy Commissioner's power to make determinations in light of the Brandy decision. The Attorney-General asserted to the House, without explanation, that the Bill was not deficient in this regard. It is highly desirable that this issue be clarified by the Committee as part of its Inquiry.
The Senate is to be congratulated for taking the opportunity presented by the tabling of the Government's Privacy Amendment Bill 1998 to consider the broader requirements.
In relation to Term of Reference (1), it is essential and urgent that the Commonwealth legislate to establish generic privacy protections in relation to private sector activities. The standards must be no less than those established by the 1980 OECD Guidelines. It is vital, however, that they be extended to incorporate the additional protections needed to cope with late twentieth century information technology.
In relation to Term of Reference (2), a self-regulatory arrangement is worthless, and an appropriately designed co-regulatory scheme is essential. By 'appropriately designed', I mean that not only must the full range of protections be catered for, and educational, encouragement and enforcement mechanisms established, but also that the costs and inconveniences of compliance must be as low as practicable. An efficient-but-effective regime is entirely feasible.
In relation to Term of Reference (3), the Privacy Commissioner's NPPs, in their present form, do not provide an appropriate basis for a co-regulatory regime for the private sector. If their primary deficiencies were to be overcome, then they would support a scheme appropriate for protecting the Australian public against the threats of 1970s information technology. In order to provide a basis for protecting the Australian public at the threshhold of the twenty-first century, however, they require significant enhancement.
In relation to Term of Reference (4), it is very important that the Privacy Act 1988 be amended, along the lines proposed by the Government, to ensure that existing protections for Australians' relationships with much of the Commonwealth public sector are sustained, despite the substantial move towards outsourcing of information technology services.
ACS (1990) 'Position Paper # 8 - Information Privacy Implications of Information Technology, Australian Computer Society, November 1990, at http://www.acs.org.au/president/1998/past/acspos8.htm
ACS (1998) 'Position on Privacy', Submission to the Senate Legal and Constitutional Committee, Australian Computer Society, Economic, Legal and Social Implications Committee, 24 June 1998, at http://www.acs.org.au/president/1998/past/privpos.htm
APCC (1994), 'Australian Privacy Charter', Australian Privacy Charter Council, December 1994, at http://www.anu.edu.au/people/Roger.Clarke/DV/PrivacyCharter.html
APCC (1998) 'Australian Privacy Charter Council Submission to the Senate Legal & Constitutional References Committee Privacy Inquiry, June 1998', Australian Privacy Charter Council, 24 June 1998, at http://www.anu.edu.au/people/Roger.Clarke/DV/APCC980624.html
APSCF (1998) 'Smart Card Industry Code of Conduct', Asia-Pacific Smart Card Forum, at http://www.aeema.asn.au/apscfcode.htm
Clarke R. (1987) 'Just Another Piece of Plastic for Your Wallet: The Australia Card' Prometheus 5,1 June 1987 Republished in Computers & Society 18,1 (January 1988), with an Addendum in Computers & Society 18,3 (July 1988). At http://www.anu.edu.au/people/Roger.Clarke/DV/OzCard.html
Clarke R. (1988) 'Information Technology and Dataveillance' Commun. ACM 31,5 (May 1988), at http://www.anu.edu.au/people/Roger.Clarke/DV/CACM88.html
Clarke R. (1989) 'The Australian Privacy Act 1988 as an Implementation of the OECD Data Protection Guidelines', 25 June 1989, at http://www.anu.edu.au/people/Roger.Clarke/DV/PActOECD.html
Clarke R. (1993a) 'Why the Public Is Scared of the Public Sector' (February 1993), at http://www.anu.edu.au/people/Roger.Clarke/DV/PaperScared.html
Clarke R. (1993b) 'Profiling: A Hidden Challenge to the Regulation of Dataveillance' Int'l J. L. & Inf. Sc. 4,2 (December 1993). At http://www.anu.edu.au/people/Roger.Clarke/DV/PaperProfiling.html
Clarke R. (1994a) 'Dataveillance: Delivering 1984' Chapter in Green L. & Guinery R. (Eds.) 'Framing Technology: Society, Choice and Change' Allen & Unwin, Sydney, 1994. At http://www.anu.edu.au/people/Roger.Clarke/DV/PaperPopular.html
Clarke R. (1994b) 'Information Technology: Weapon of Authoritarianism or Tool of Democracy?' Proc. World Congress, Int'l Fed. of Info. Processing, Hamburg, September 1994. At http://www.anu.edu.au/people/Roger.Clarke/DV/PaperAuthism.html
Clarke R. (1994c) 'Human Identification in Information Systems: Management Challenges and Public Policy Issues' Info. Technology & People 7,4 (December 1994), at http://www.anu.edu.au/people/Roger.Clarke/DV/HumanID.html
Clarke R. (1995a) 'Computer Matching by Government Agencies: The Failure of Cost/Benefit Analysis as a Control Mechanism' Informatization and the Public Sector (March 1995), at http://www.anu.edu.au/people/Roger.Clarke/DV/MatchCBA.html
Clarke R. (1995b) 'A Normative Regulatory Framework for Computer Matching' Journal of Computer and Information Law XIII,4 (Summer 1995) 585-633, at http://www.anu.edu.au/people/Roger.Clarke/DV/MatchFrame.html
Clarke R. (1996a) 'Trails in the Sand' (May 1996), at http://www.anu.edu.au/people/Roger.Clarke/DV/Trails.html
Clarke R. (1996b) 'Privacy and Dataveillance, and Organisational Strategy', Proc. Conf. EDPAC'96, Perth, 28 May 1996, at http://www.anu.edu.au/people/Roger.Clarke/DV/PStrat.html
Clarke R. (1996c) 'Federal Privacy Legislation in Australia', 14 September 1996, at http://www.anu.edu.au/people/Roger.Clarke/DV/FedLeg.html
Clarke R. (1996d) 'Identification, Anonymity and Pseudonymity in Consumer Transactions: A Vital Systems Design and Public Policy Issue', Conference on 'Smart Cards: The Issues', Sydney, 18 October 1996, at http://www.anu.edu.au/people/Roger.Clarke/DV/AnonPsPol.html
Clarke R. (1997a) 'What Do People Really Think? MasterCard's Survey of the Australian Public's Attitudes to Privacy' Privacy Law & Policy Report 3,9 (January 1997) , at http://www.anu.edu.au/people/Roger.Clarke/DV/MCardSurvey.html
Clarke R. (1997b) 'Flaws in the Glass; Gashes in the Fabric: Deficiencies in the Australian Privacy-Protective Regime' Invited Address to Symposium on 'The New Privacy Laws', Queen Victoria Ballroom, George St, Sydney, 19 February 1997 , at http://www.anu.edu.au/people/Roger.Clarke/DV/Flaws.html
Clarke R. (1997c) 'Five Most Vital Privacy Issues', at http://www.anu.edu.au/people/Roger.Clarke/DV/VitalPriv.html
Clarke R. (1997d) 'Promises and Threats in Electronic Commerce (August 1997), at http://www.anu.edu.au/people/Roger.Clarke/EC/Quantum.html
Clarke R. (1998a) 'Direct Marketing and Privacy', Proc. AIC Conf. on the Direct Distribution of Financial Services, Sydney, 24 February 1998, at http://www.anu.edu.au/people/Roger.Clarke/DV/DirectMkting.html
Clarke R. (1998b) 'Serious Flaws in the National Privacy Principles', Privacy Law & Policy Reporter 4, 9 (March 1998), at http://www.anu.edu.au/people/Roger.Clarke/DV/NPPFlaws.html
Clarke R. (1998c) 'Information Privacy On the Internet: Cyberspace Invades Personal Space' Telecommunication Journal of Australia 48, 2 (May/June 1998), at http://www.anu.edu.au/people/Roger.Clarke/DV/IPrivacy.html. This paper is drawn from a more detailed paper, at http://www.anu.edu.au/people/Roger.Clarke/DV/Internet.html
Clarke R. (1998d) 'Platform for Privacy Preferences: An Overview', July 1998, at http://www.anu.edu.au/people/Roger.Clarke/DV/P3POview.html
Clarke R. (1998e) 'Platform for Privacy Preferences: A Critique', July 1998, at http://www.anu.edu.au/people/Roger.Clarke/DV/P3PCrit.html
EPIC (1998a) 'Self-Regulation Gets Low Marks at Privacy Summit', Epic Alert 5.09 at (5), June 25, 1998, at http://www.epic.org/alert/alert_vol_5.html
EPIC (1998b) 'EPIC Releases New Report on Online Privacy', Epic Alert 5.09 at (1), June 25, 1998, at http://www.epic.org/alert/alert_vol_5.html
EU (1995) 'The Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data', European Commission, Brussels, 25 July 1995, at http://www2.echo.lu/legal/en/dataprot/directiv/directiv.html
FBCA (1997) 'Untangling the Web: Electronic Commerce and the Consumer' Federal Bureau of Consumer Affairs, March 1997, at http://www.dist.gov.au/consumer/publicat/untangle/index.html
Flaherty D.H. (1989) 'Protecting Privacy in Surveillance Societies', Uni. of North Carolina Press, 1989
Foucault M. (1977) 'Discipline and Punish: The Birth of the Prison' Peregrine, London, 1975, trans. 1977
FTC (1998) 'Privacy Online: A Report to Congress', Federal Trade Commission, June 1998, at http://www.ftc.gov/reports/privacy3/toc.htm
Gandy O.H. (1993) 'The Panoptic Sort: Critical Studies in Communication and in the Cultural Industries' Westview, Boulder CO, 1993
JCPAA (1998) 'Internet Commerce - To buy or not to buy?', Joint Committee of Public Accounts and Audit, Report 360, 24 June 1998, at http://www.aph.gov.au/house/committe/jpaa/elecom/report/contents.htm
Larsen E. (1992) 'The Naked Consumer: How Our Private Lives Become Public Commodities' Henry Holt, New York, 1992
Laudon K.C. (1986) 'Dossier Society: Value Choices in the Design of National Information Systems' Columbia U.P., 1986
MasterCard (1996) 'Privacy and Payments: A Study of Attitudes of the Australian Public to Privacy - Summary and Findings', MasterCard International, 146 Arthur St, North Sydney NSW 2060, reviewed in Clarke (1997a)
MMV (1998) 'Discussion Paper: Information Privacy in Victoria: Data Protection Bill' Multimedia Victoria, July 1998, at http://www.mmv.vic.gov.au/DIR0123/mmv_www.nsf/Graphic+All+Content/75500028EDECB6084A2566330022A8C0?OpenDocument
NACCA (1997) 'Consumer Protection in Electronic Commerce: Draft Principles and Key Issues', National Advisory Council on Consumer Affairs, October 1997
NPP (1998) 'National Principles for the Fair Handling of Personal Information', Office of the Privacy Commissioner, February 1998, at http://www.hreoc.gov.au/privacy/natprinc.htm, accessed 3 April 1998
OECD (1980) 'Guidelines on the Protection of Privacy and Transborder Flows of Personal Data', Organisation for Economic Cooperation and Development, Paris, 1980, at http://www.oecd.org/dsti/sti/it/secur/prod/PRIV-en.HTM, accessed 3 April 1998
Orwell G. (1948) '1984' Penguin, 1948, 1980
Packard V. (1957) 'The Hidden Persuaders' Penguin, London, 1957
Packard V. (1964) 'The Naked Society' McKay, New York, 1964
PCA (1995) 'Community Attitudes to Privacy', Information Paper No. 3, Human Rights Australia - Privacy Commissioner, Sydney (August 1995)
Privacy Act 1988 (Cth), at http://www.austlii.edu.au/au/legis/cth/consol_act/pa1988108/, accessed 3 April 1998
Privacy Act 1993 (NZ) at http://www.knowledge-basket.co.nz/privacy/legislation/legislation.html
PW (1997) 'Privacy Survey - 1997', Price Waterhouse, Melbourne, 1997
Rule, J.B. Private Lives and Public Surveillance: Social Control in the Computer Age. Schocken Books. 1974.
Rule. J.B. McAdam, D. Stearns, L. and Uglow, D. The Politics of Privacy. New American Library. 1980
Stockdale A. (1998) 'Victoria to Introduce Legislation on Data Protection', Proc. Conf. Privacy, IIR, Sydney, 15 June 1998, at http://www.stockdale.vic.gov.au
Zamyatin E. (1922) 'We' Penguin, 1922, 1980
Go to Roger's Home Page.
Go to the contents-page for this segment.
Send an email to Roger
Created: 24 June 1998
Last Amended: 7 July 1998
|These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).|
| The Australian National University|
Visiting Fellow, Faculty of
Engineering and Information Technology,
Information Sciences Building Room 211
Consultancy Pty Ltd, ACN: 002 360 456|
78 Sidaway St
Chapman ACT 2611 AUSTRALIA
Tel: +61 6 288 6916 Fax: +61 6 288 1472