Skip to main content
Skip to secondary navigation
Menu
Australian Government - Office of the Australian Information Commissioner - Home

Review of Consumer-Related Industry Code Processes - Part 6 Telecommunications Act 1997; Submission to the Department of Broadband, Communications and the Digital Economy (May 2009)

Submission on Review of Consumer-Related Industry Code Processes – Part 6 Telecommunications Act 1997 to the Department of Broadband, Communications and the Digital Economy May 2009

pdfsub_broadband_communications_digital_economy

Submission to the Department of Broadband, Communications and the Digital Economy

May 2009

Office of the Privacy Commissioner

1. The Office of the Privacy Commissioner (the Office) is an independent statutory agency responsible for promoting an Australian culture that respects privacy. The Office, established under the Privacy Act, has responsibilities for the protection of individuals' personal information that is handled by Australian and ACT government agencies, and personal information held by all large private sector organisations, credit providers and credit reporting agencies, health service providers and some small businesses.

2. The Office welcomes the opportunity to provide comment on privacy related aspects of the Review of Consumer-Related Industry Code Processes Issues Paper (the Issues Paper).[1] The Office believes that strengthening and clarifying the role of the Privacy Commissioner in the mandatory consultative provisions in Part 6 of the Telecommunications Act 1997 in the ways described below will help ensure that community confidence in the code and industry standard approval and registration process is maintained.

3. The Australian Law Reform Commission’s (ALRC) recent inquiry into privacy law considered privacy related issues in relation to telecommunications. The ALRC’s Report 108 For Your Information: Australian Privacy Law and Practice[2], made two recommendations (71-5 and 71-6) in relation to telecommunications industry codes and standards and also recommended a general review of the Telecommunications Act by government (71-2). The Issues Paper does not appear to refer to the ALRC’s consideration of Part 6 of the Telecommunications Act. The Office believes the discussion and recommendations in ALRC Report 108 would also be useful in analysing the privacy related matters in this Issues Paper.

Description of ‘privacy’ in Part 6 of the Telecommunications Act

4. Section 113 in Part 6 of the Telecommunications Act is headed: ‘Examples of matters that may be dealt with by industry codes and industry standards’ and includes:

  • privacy and, in particular:
    1. the protection of personal information; and
    2. the intrusive use of telecommunications by carriers or service providers; and
    3. the monitoring or recording of communications; and
    4. calling number display; and
    5. the provision of directory products and services’.

5. Separately, sub-paragraphs 113(3)(i), (j) and (n) mention additional examples of matters that can be dealt with by industry codes and industry standards:

  • Debt collection practices (s.113(3)(i));
  • Customer credit practices (s.113(3)(j)); and
  • The accuracy of billing customers of carriage service providers in relation to the supply of standard telephone services (s.113(3)(n)).

However, these are not described as privacy matters.

6. While the Telecommunications Act does not classify these matters as privacy related they are covered by the Privacy Act, specifically in part Part IIIA or more broadly by the National Privacy Principles (NPPs) in the Privacy Act.[3]

7. Describing ‘privacy’ in s.113(3)(f) in a relatively narrow sense may inhibit the ability of the Privacy Commissioner to fully canvass all aspects of an industry code or standard during the mandatory consultation process.

8. The Office considers that the description of privacy in s.113(3)(f) of the Telecommunications Act should be amended to include debt collection, customer credit practices and the accuracy of billing customers. It is in the public interest that codes or standards that include coverage of matters within the jurisdiction of the Privacy Act are subject to mandatory consultation by Australian Communications and Media Authority (ACMA).

Mandatory consultation with the Privacy Commissioner

9. The Office supports the continued role of the Privacy Commissioner, under Part 6 of the Telecommunications Act, in being consulted by ACMA, on a mandatory basis, in relation to the following privacy issues:

  • Before the registration of an industry code developed by industry (s.117(1)(k));
  • When ACMA requests an industry code to be made (s.118(4A));
  • Before ACMA gives directions or formal warnings about compliance with an industry code (ss. 121(1A), 122(3)); and
  • When ACMA determines, varies or revokes an industry standard (ss.134(2) and (3)).

10.Consulting with the Privacy Commissioner in these circumstances is an important step in the regulatory framework as it is the mechanism by which ACMA can be advised of any industry code or standard that may inadvertently contravene the Privacy Act, either directly or indirectly. This assists industry comply with its code and privacy obligations. It also helps maintain community confidence in the code and industry standard registration and approval process.

11.However, it appears that there is no requirement in Part 6 of the Telecommunications Act for the Privacy Commissioner to be consulted in relation to privacy issues prior to revocation of an industry code. The Office submits that the Privacy Commissioner should be consulted in relation to privacy issues prior to revocation of an industry code.

12. This would align with the other matters for which the Privacy Commissioner is currently consulted. As well, the ALRC in their Report 108 also observed that ACMA ‘should not be able to revoke an industry standard that deals directly or indirectly with a matter dealt with by the Privacy Act... unless it has consulted the Privacy Commissioner’.[4]

13. The Issues Paper also states that there is no provision in Part 6 to permit an industry code to be varied. If an amendment is made to enable a code to be varied, the Office submits that a provision for the Privacy Commissioner to be consulted in relation to privacy issues would align with the other matters for which the Privacy Commissioner is currently consulted by ACMA.

Clarifying the Privacy Commissioner’s role

14.Section 116A states that ‘Neither an industry code nor an industry standard derogates from a requirement made by or under the Privacy Act 1988 or an approved privacy code (as defined in that Act)’. The Office notes that s.116A is not linked to an express requirement for the Privacy Commissioner to consider and form an opinion on whether an industry code or industry standard appears to derogate from the Privacy Act when being consulted by ACMA.

15.To address this, the Office recommends that specific reference to the Privacy Commissioner providing such comments as part of the mandatory consultation process in ss.117(1)(k), 134(2) and (3) be considered as part of any legislative amendments, or for inclusion in the Explanatory Memorandum to any such amendments.

16.In addition, as part of its inquiry into privacy law the ALRC also considered the Privacy Commissioner’s role in being consulted on industry codes and standards. The ALRC made two specific recommendations suggesting this role be clarified further. Their recommendations are:[5]

Recommendation 71-5:

‘Section 117(1)(k) of the Telecommunications Act 1997 (Cth) should be amended to provide that the Australian Communications and Media Authority cannot register a code that deals directly or indirectly with a matter dealt with by the Privacy Act, or an approved privacy code under the Privacy Act, unless it has consulted with, and taken into consideration any comments or suggested amendments of, the Privacy Commissioner’.

Recommendation 71–6:

‘Section 134 of the Telecommunications Act 1997 (Cth) should be amended to provide that the Australian Communications and Media Authority cannot determine or vary an industry standard that deals directly or indirectly with a matter dealt with by the Privacy Act, or an approved privacy code under the Privacy Act, unless it has consulted with, and taken into consideration any comments or suggested amendments of, the Privacy Commissioner’.

17. The Office supports these ALRC recommendations.

Whether submissions should be publicly available

18. The Office supports submissions and comments made on draft consumer related industry codes and standards being made publicly available. This will assist stakeholders, including the Privacy Commissioner, being informed on privacy related issues arising in the code from an industry or consumer perspective.



[1]Review of Consumer-Related Industry Code Processes Issues Paper located at www.dbcde.gov.au/communications/review_of_consumer-related_industry_code_processes

[3] Aspects of debt collection and consumer credit practices are covered by Part IIIA and aspects of customer billing by the National Privacy Principles.

[4] ALRC 108, paragraph 71.129.

[5] ALRC 108, Recommendations 71-5 and 71-6.