Privacy Amendment (Re-identification Offence) Bill 2016
The submission to the Senate Legal and Constitutional Affairs Committee’s inquiry into the Privacy Amendment (Re-identification Offence) Bill 2016 (the Bill) was prepared by the Law Council.
The Bill would amend the Privacy Act 1988 (Cth) (the Privacy Act) by introducing provisions which prohibit conduct related to the re-identification of de-identified personal information published or released by Commonwealth entities (the Data). The Bill, if passed, would introduce specific offences and civil penalty provisions which provide that the data must not intentionally be re-identified, and re-identified personal information must not intentionally be disclosed.
Entities that contravene the prohibitions contained in the Bill face a criminal offence punishable by imprisonment for a maximum of 2 years or 120 penalty units or a civil penalty of up to 600 penalty units. Proposed subsection 16E(1) notes the ancillary offence provisions in Part 2.4 of the Criminal Code Act 1995 (Cth) (Criminal Code) apply in relation to the offence created by subsection 16E(7) of the Bill. Specifically, the inchoate offences in section 11.1 (attempt), section 11.2 (aiding, abetting, counselling or procuring), section 11.4 (incitement) and section 11.5 (conspiracy) would apply.
The offences would apply retrospectively to conduct engaged in, on, or after 29 September 2016. There are also reverse onus provisions in relation to which the defendant bears an evidential burden.
The Law Council recognises the apparent intention of the Bill, to protect private information from improper re-identification of data and the misuse of such data, is important. However, there are a number of concerning features with the implementation of the proposals, which are set out in this submission.
You can read the full submission below.