United Australia Party MP Craig Kelly’s ‘spam’ text messages to thousands of people across the nation highlight the need for reform to privacy, spam and electoral laws, experts say.
The Australian Communications and Media Authority (ACMA) told InnovationAus it had received 3,420 complaints over the past several days about the controversial MP’s messages, which state “You can never trust the Liberals, Labor or Greens again” with a link directing them to the UAP website.
The messages prompted news website Crikey to publish Mr Kelly’s mobile number and invite readers to spam him back, and follow similar mass blasts by the Labor Party during 2016’s election, dubbed the “Mediscare” texts, and the Australian Marriage Equality campaign’s “Yes” messages in 2017.
Mr Kelly told The Sydney Morning Herald he had not purchased a list of phone numbers, but rather had sent the messages using software that generated phone numbers at random – the same method used by the Australian Marriage Equality campaign in 2017.
Privacy and security experts say the messages show the need for reform of the privacy and spam acts, which both provide exemptions for registered political parties. The ACMA said bulk political communications are also governed by the Commonwealth Electoral Act, which is regulated by the Australian Electoral Commission, showing the complexity of the multiple laws they cross.
Privacy expert Anna Johnston of Salinger Privacy said the exemption in the Privacy Act for political parties had existed ever since the Privacy Act was extended to cover private sector organisations, which was 21 years ago in the year 2000.
The political party exemption had been inserted as a “self-serving exemption”, Ms Johnston said.
“Other privacy laws around the world do not exempt political parties and there’s no real reason why political parties shouldn’t be held to the same standards as any other organisation,” she said.
“I guess the more egregious behaviour is what draws attention to the fact that they have an exemption.”
CyberCX national privacy lead David Batch said the exemption didn’t have a lot of support from the community or regulators since it was first drafted.
“If a corporation was doing [what Craig Kelly is doing], it would be considered spam,” he said.
“It’s probably time to have a conversation about it. This particular issue has really brought it to a head because I think it’s a bit of an abuse of that exemption to wholesale spam people.
“The exemption wasn’t ever drafted with this kind of technology in mind.”
At a minimum, Mr Batch said there should be guidelines around what political parties can and can’t do, “and this type of SMS campaign, which is just this untargeted spray, is one of those things that I think shouldn’t be allowed”.
On October 30, the Attorney-General’s Department put out an issues paper which included the question: “Should political acts and practices continue to be exempted…”.
Responses were published in December, with the federal, NSW, Queensland and Victorian privacy bodies stating that the exemption should be scrapped or reformed in some form.
The federal Office of the Australian Information Commissioner recommended the exemption be removed “subject to an appropriate transition period to aid with awareness of, and preparation for compliance with, the Privacy Act”.
“The OAIC has opposed the political parties exemption since its introduction, on the grounds that there are still few well-articulated policy reasons why the exemption should apply to political parties and political acts and practices, at least in its blanket form,” the OAIC said in its submission.
“There is also a risk that the exemption’s effect on political transparency may damage Australia’s system of representative democracy, as well as the public’s trust in Australia’s privacy protections.”
The federal privacy regulator referred to its 2020 Australian community attitudes to privacy survey, which showed that 62 per cent of the Australian public incorrectly believed that political parties were covered by the Privacy Act, with 74 per cent of respondents stating that political parties should be subject to the Act.
“These results indicate that there is also a disconnect with community expectations in this area,” the OAIC said.
Queensland’s Information Commissioner Rachael Rangihaeata and Privacy Commissioner Phil Green formed a similar view.
“Political parties have access to vast amounts of personal information contained in electoral databases, including contacts individual voters have with parliamentarians and electorate offices,” their submission said.
“In the context of compulsory voting and increasing concerns about risks posed by manipulation of private information by social media platforms to target and sway the political views of voters, it is OIC’s view that retention of this exemption is no longer fit for purpose and should be removed.”
Victoria’s Information Commissioner Sven Bluemmel said removing the exemption “would increase transparency and accountability in political parties’ information handling practices and would enhance trust in the democratic process”.
“The Privacy Act would also be more closely aligned with comparable international jurisdictions such as New Zealand, the United Kingdom and Hong Kong,” he said.
Meanwhile, NSW Privacy Commissioner Samantha Gavel said that the privacy exemption for political parties was “now out of step with privacy regimes in other similar jurisdictions”.
“I also support consideration of whether these exemptions should be removed or narrowed in scope, in order to provide greater privacy protection to citizens,” Ms Gavel said in her submission
The next step for privacy reform is for the Attorney-General’s Department to release a discussion paper and then draft legislation, although a federal election may come before that.
No reform is planned for spam or electoral laws.
Do you know more? Contact James Riley via Email.