And the commissioner also has to address major government privacy issues, such as facilitating data sharing between government agencies and cloud computing. And deal with PRISM. Just wait until the industry codes (APP Codes) start arriving on his desk!
Everyone's in one the act
First by applying its Privacy Guidelines for Broadcasters in investigations about privacy related infractions of broadcasting codes, the ACMA has been the chief developer of the law as to serious invasions of personal privacy as applicable to the electronic media.
So although we do not yet have an accepted private right of action for invasion of privacy in Australia, the ACMA has developed and applied rules as to what is a serious invasions of personal privacy.
Second, through the ACMA's application of the Telecommunications Consumer Protections Code C628:2012 (the TCP Code), the ACMA has become a principal regulator of handling and use of telecommunications-related personal information.
The TCP Code has strong privacy provisions which require telecommunications service providers to, among other things, have robust procedures to keep customers' personal information secure. These provisions have been applied against providers for failing to adequately secure stored customer information from third party hack-in intrusions.
The ACMA has alas been a vigorous enforcer of spam and do not call legislation, two key planks in regulation of electronic marketing.
And the ACMA has been using its research and policy budget to good effect, recently releasing detailed discussion papers on diverse privacy related topics, such as why 'coherent regulation is best for digital communications policy', cloud services, near field communications and apps.
These papers include proposals for an active role for the ACMA in further development of privacy regulation of all information passing through telecommunications links or over radio communications or derived from communications services. In an interconnected digital and cloud-based world, that's most information.
But that's not all. We have the Australian Competition and Consumer Commission (ACCC) applying Australian Consumer Law. In the United States, the Federal Trade Commission has used comparable laws to become a de facto regulator as to the fairness and intelligibility — in the new trendy new term, 'transparency' — of privacy statements and consumer contracts.
These laws are also powerful tools for the regulator to argue that if a corporation does not comply with its own privacy statement, that corporation is guilty of misleading or deceptive conduct.
We also have the Australian Attorney-General's Department applying poorly understood the Telecommunications (Interception and Access) Act 1979 and Criminal Code provisions relating to unauthorised access to stored communications — such as email servers — and other unauthorised access to information technology systems. Arguably many cookie deployments today infringe these provisions.
Sign up for CIO Asia eNewsletters.