May 15, 1997

Article at South China Morning Post

NEWS | Australia facing a “data blockade”

WILSON da SILVA in Sydney   

A LOOSENING  of privacy laws in Australia could trigger a “data boycott” of the country by European Union nations, making it one of the first targets of a looming battle over the trans-border flow of private data, say privacy advocates and academics.

In March, Australian prime minister John Howard abandoned an election promise to extend to businesses privacy laws that now apply to government agencies. 

Finance minister John Fahey has since added that laws governing personal data held by the government would be relaxed so that work now done by civil servants could be contracted out to the private sector. A spokesman said companies using the data would have to sign guarantees restricting its use and ensuring privacy.

This may not be good enough for the E.U. It passed a privacy directive last year, to come into force in July 1998, that requires member nations to “take the measures necessary to prevent any transfer of data” to a third country that does not have “an adequate level of protection”. This is defined as having local laws that protect privacy; otherwise, company-to-company contractual arrangements have to be drawn up and individually vetted by the European Commission before data can be traded.

“If the directive is invoked, we could find ourselves in a bit of trouble,” said John Taggart, a lecturer in computers and the law at the University of Technology, Sydney. “It cuts off the right for (E.U. countries) to trade information with Australia if we don’t come within the terms of the directive.”

The sort of “data trade” between the E.U. and Australia affected might range from credit card details, bank Personal Identification Numbers (PINs) and health records, to address and telephone listings.

In response, the London-based lobby group Privacy International has called for a “data blockade” of Australia and is pressing European governments to restrict data flows to Australia – ahead of the 1998 implementation of the directive – until Canberra abandons the watering down of existing laws and proceeds with the tighter privacy legislation previously planned. 

Commentators and law experts in Australia have said the move could be an attempt by international privacy groups to single out the country as a “soft target” ahead of their real goal: the United States. 

Professor Roger Clarke of Canberra’s Australian National University, an expert on privacy law, said the U.S. has almost no laws governing privacy. Once the E.U. directive is implemented, American and other non-European corporations might find it being used as a “non-tariff barrier” to trade;  preference would be given European companies where privacy laws exist. He said the problem was “not an idle threat”.

The Australian Privacy Foundation, a lobby and research group, called the decision “a betrayal”. It said that in a digital age, the requirement for tougher laws is more necessary than ever. 

“The privacy of Australians is under siege from telemarketers, large corporations, and all kinds of new technologies such as multimedia, smart cards, surveillance cameras and personal computer profiles,” said director Tim Dixon. “New technologies will allow large corporations to make bucket-loads of money collecting and exchanging information on our most personal characteristics and habits, and we won't be able to do anything about it.”

Both major political parties had supported the extension of privacy laws to industry before the March 1996 election in which the 13-year-old Labor government was ousted. The now ruling Liberal-National coalition had said that existing laws were “hopelessly out of date” and that “reform is required as a matter of utmost priority”. The government now says that extending the laws to industry would be too costly for business and too restrictive.

But privacy groups in Australia dismiss this and have garnered the support of companies such as American Express and the Australian Direct Marketing Association as well as academic and policy groups such as the Communications Law Centre. They say the decision is not final, as it was not approved by cabinet.

However, some wonder whether the European directive is feasible. “The ease with which great wads of information can be zapped around the world makes one wonder if legislation alone is able to deal with it,” said Taggart.