23 May 2023

Tabled opening statement of Australian Information Commissioner and Privacy Commissioner Angelene Falk

Thank you for the opportunity to provide a brief opening statement. I am joined by Acting Freedom of Information Commissioner Ms Toni Pirani and Deputy Commissioner Ms Elizabeth Hampton.

I will provide a short update on some relevant matters covering both privacy and information access.

Since the OAIC last appeared before Senate estimates, there have been a number of developments.

Ms Pirani has joined us as Acting Freedom of Information Commissioner this week, bringing a range of regulatory and senior-level experience to the OAIC. Most recently, Ms Pirani was the General Manager, Regulatory Operations at the Australian Financial Security Authority. Ms Pirani has also been an Official Secretary to a number of Royal Commissions and was previously an Assistant Commissioner and, in 2013, Acting FOI Commissioner, at the OAIC.

Ms Pirani’s interim appointment follows Mr Hardiman’s resignation from the position effective 19 May. During his term, Commissioner Hardiman worked to advance the objectives of the Freedom of Information Act to promote timely access to government-held information. I thank Commissioner Hardiman for his development of FOI jurisprudence and for his service to the Commonwealth in the role of FOI Commissioner.

The Attorney-General has also announced that the government will separately appoint a Privacy Commissioner in addition to a Freedom of Information Commissioner.

This will mean the OAIC will have three statutory office holders: the Australian Information Commissioner (myself, as agency head), a Privacy Commissioner and a Freedom of Information Commissioner.

I welcome the decision by the Attorney-General as it will increase the senior capacity of the OAIC to carry out our important statutory functions across privacy, access to information and information management, in recognition of the increasing complexity and volume of the work. The reinstatement of the three-Commissioner model brings exciting opportunities for the OAIC and will assist us in delivering for the Australian community.

There was also a significant increase in funding in the recently announced budget.

Over four years, the OAIC will receive $44.3 million to support privacy activities, including work responding to the increased complexity, scale and impact of notifiable data breaches, as reflected in recent large-scale breaches. In addition, $9.2 million is allocated over two years to regulate privacy aspects of the Consumer Data Right, My Health Record and Digital Identity. We have also received funding to conduct a strategic review.

The increased funding to support the OAIC’s regulation across the Australian economy sends a strong message that protection of Australians’ personal information must be a priority for business and government agencies, and bolsters our capacity to regulate in line with community expectations.

In other news, in addition to the major investigations into data breaches involving Optus, Medibank and Australian Clinical Laboratories, I have commenced a joint investigation with the New Zealand Office of the Privacy Commissioner into the personal information handling practices of the Latitude group of companies. This is the first joint privacy investigation by Australia and New Zealand, which both reflects the impact of the data breach on individuals in both countries and the trend towards regulatory cooperation, an approach that delivers for our community and is also in the interest of regulated entities.

Previous additional privacy funding from the October 2022 budget allowed us to build a Major Investigations unit that has the appropriate expertise and resources, and there is increased momentum behind our investigative efforts.

Further, a decision by the Full Court of the High Court of Australia on 7 March 2023 to revoke Facebook’s special leave to appeal, also paves the way for the substantive proceeding to now progress in the Federal Court. In that case, the OAIC is seeking civil penalties against Facebook Ireland and Facebook Inc alleging serious and/or repeated interferences with Australians’ privacy.

In addition, on 8 May the Administrative Appeals Tribunal (AAT) decided Clearview’s appeal against my determination that it had interfered with the privacy of Australians. The AAT found that Clearview is bound by the Privacy Act because it has an Australian link and that it collected data, which includes sensitive information about individuals, without consent (APP 3.3).

While we did not receive additional budget funding specifically for our freedom of information role, I will continue to work with government and the department regarding FOI resourcing challenges and, drawing upon the expertise of our FOI Branch and across the OAIC, consider further strategies to support the delivery of our FOI functions.

The OAIC continues to receive a significant number of Information Commissioner reviews, receiving 1,285 this year to date. However pleasingly, this is a 7% decrease on the same period the previous year.

I would like to acknowledge the continued dedication, commitment and professionalism of OAIC staff in working towards upholding the community’s rights to access government-held information and protecting privacy rights.

Thank you.