|
|
[Home] [Databases] [Search] [Feedback] [Help] | |
Privacy Law Resources |
Smart card technology has arrived at an inopportune time in Australia - a time when privacy protection is virtually non-existent, and several major reviews of privacy legislation are under way. Technology has advanced much more rapidly than privacy policy or law. In the history of privacy protection in New South Wales, the following statement has never been so true:
"It is not difficult for those who care about infringement of privacy to feel as if they are trying to fight well equipped and motivated forces, whilst they are armed only with weak or cumbersome weapons, such as voluntary guidelines and consumer pressure groups." 43
The privacy debate regarding the cashless society began at the time EFTPOS was introduced. At that time, certain weaknesses in privacy protection were noticed, but were not immediately addressed. The most significant issue, then and now, has been recognised as the lack of adequate and enforceable privacy protection in the private sector.
During the debate regarding EFTPOS, the Australian Science and Technology Council (ASTEC) made the following comments, which summed up the prevailing mood at the time:
"ASTEC is concerned that privacy protection is intended only for Commonwealth government agencies. Our study shows the extent to which the private sector is compiling databases containing personal information. ASTEC also believes that there is no adequate logical, philosophical or practical basis for differentiating between the two sectors in protecting privacy interests." 44
It is a great pity that the issues surrounding the cashless society were not properly addressed at the time EFTPOS was first introduced. Smart card systems are being developed in Australia at a much more rapid rate than EFTPOS systems were developed, and are likely to have a much greater impact on personal privacy.
This chapter examines the existing regulatory environment, and canvasses some of the options available for ensuring that privacy is adequately protected. There is no real expectation that just one of these options, on its own, will be sufficient to protect the privacy of individuals as smart card systems develop. It may be that an approach based on "layers of regulation" - from the general to the more specific, is the most appropriate option at this stage.
The Committee's own preferred option is based on this layered approach. The first layer would be general privacy protection provided for by the enactment of improved state legislation, with application to both the public and private sectors. The second layer would be specific consumer protection contained in an industry code of conduct. The third layer would be the regulation of prudential aspects, perhaps through licensing requirements monitored by a body such as the Reserve Bank of Australia.
The reasons for the Committee's preferences are discussed below.