Australia’s national privacy office has ruled that individuals should “reasonably expect” the government will release sensitive personal data publicly to refute its critics, sparking concerns of a “chilling effect” on free speech.
Late on Monday evening, the Office of the Australian Information Commissioner released the findings of an inquiry it launched in March last year following the Department of Human Services’ release of a blogger’s personal Centrelink history to a media organisation.
The Department did so to refute details contained in an opinion piece by the blogger for Fairfax Media in which she claimed that she had been “terrorised” by Centrelink as part of the controversial robodebt scheme.
After the opinion piece was published in February 2017, a briefing was provided to another journalist that detailed the blogger’s welfare history. This lead to a follow-up article claiming Centrelink may have been “unfairly castigated”.
The blogger in question complained to the OAIC, and former information and privacy commissioner Timothy Pilgrim opened an investigation into the matter in March.
Fourteen months later, the office has decided that the government was allowed to release the personal data under the Australian Privacy Principles, as individuals should “reasonably expect” the government to release private information under those circumstances.
The decision has sparked huge backlash against the OAIC and the country’s privacy laws more broadly.
The Australian Privacy Principles, which apply to all Australian government departments and agencies, include a range of exceptions where the personal information of an individual can be disclosed for another purpose.
These include when the individual would “reasonably expect the secondary use or disclosure” and this is related to the primary purpose of collection of the information.
It is under this exception that the department was allowed to release the blogger’s personal information to the media, the OAIC ruled.
“Having carefully considered the specific public statements made by the Centrelink customer, and the specific information disclosed in response, the acting Australian Information Commissioner and acting Privacy Commissioner reached the conclusion that, in this instance, the disclosure was permitted by APP 6.2(a)(ii),” the OAIC said in its decision.
The decision was made more than a year after the investigation was launched, and after the retirement of former privacy commissioner Timothy Pilgrim.
Angelene Falk has been serving as acting privacy commissioner since Mr Pilgrim’s retirement in March, with the agency close to announcing his replacement.
The OAIC’s decision pointed to a case note from 2010 as providing precedent, in which the Commissioner’s Plain English Guidelines to Information Privacy Principles gives examples of when an individual may be considered to be “reasonably likely” to think their information may be disseminated.
“A person who complains publicly about an agency in relation to their circumstances (for example, to the media) is considered to be reasonably likely to be aware that the agency may respond publicly – and in a way that reveals personal information relevant to the issues they have raised,” the guidelines say.
A number of Australian civil and digital rights advocates have been left outraged by the decision, with Electronic Frontiers Australia board member Peter Tonoli saying it “flies in the face of trust in government”.
Electronic Frontiers Australia policy team member Drew Mayo said she is concerned the recent ruling could have a chilling effect on criticisms of the government, with individuals concerned that their sensitive data will then be released publicly.
“EFA is extremely concerned about the implications of the recent ruling. The chilling effect posed by this decision is a direct risk to democracy and an attack on the strongest free speech protection Australians have, the implied right of political communication,” Mr Mayo told InnovationAus.com.
“We call on the government to enshrine in law the right of Australians to comment robustly on government policy without the risk of private data being released in retribution.”
The OAIC’s ruling that the release of personal data did not constitute a breach of privacy is “extremely concerning”, Digital Rights Watch chair Tim Singleton Norton said.
“To assume that the APP allows for release of information if a person has a ‘reasonably likely understanding’ is ludicrous, and tips the power way too much towards the holders of information rather than the individual,” Mr Singleton Norton told InnovationAus.com.
“Australian citizens should be able to exercise freedom of speech, particularly in relation to offering opinions and criticisms of government services, without the threat of their personal information being broadcast to the world.”
During a senate estimates hearing last year, it was confirmed that the Centrelink data had been collated by a DHS staff member, and then approved for release by then-Human Services minister Alan Tudge’s office following legal advice.
The department has claimed that the release of the sensitive data was “proportionate” given the claims made in the blogger’s opinion piece.
“The recipient had made a number of claims that were unfounded and it is the opinion of officers that this was likely to concern other individuals,” Department secretary Kathryn Campbell said.
“That’s why we felt that it was appropriate to release the information, so that people knew it was important to file their tax returns and tell us about changes in their circumstances. In this case, our data said that had not occurred and that is why we had been chasing the debt,” she said.
The decision comes just days after concerns were raised over the funding and resources provided to the OAIC by the government, and its “very overworked” team.
Despite an increase in its workload and the new responsibility of overseeing the mandatory data breach notification scheme, the OAIC has not received additional funding to complete these tasks.
“We are receiving an increased number coming through the door and despite the fact we’re able to resolve more and more efficiently, there is a gap between the two,” Ms Falk said at a senate estimates hearing last week.
“We are doing some work internally over the next couple of months to look at our process and if there’s anything else we can realign.”
“There’s definitely a workload increase across the board at our office, and we’re very thankful of our staff. We’ve made a commitment to look at the ongoing needs in the future and are in discussions with the department in relation to that.”
Do you know more? Contact James Riley via Email.