Caslon Analytics elephant logo title for Privacy guide
home | about | site use | resources | publications | timeline   spacer graphic   Ketupa
overview

issues

principles

Aust law

EU law

New Zealand

Asia law

N America

agencies

advocacy

reports

primers

other writing

technologies

harbours

statements

media

business

costs

spatial

cctv

bodies

workplace

politics

telecoms

search

attitudes

harvests

landmarks














related pages icon
related
profiles:

Australian
privacy regimes

Human Rights

section heading icon     principles

 This page looks at statements of principle regarding privacy, such as the 1948 Universal Declaration of Human Rights and the OECD Guidelines on the Protection of Privacy & Transborder Flows of Personal Data.

It covers -

subsection heading icon     background

As noted the historical and philosophical studies highlighted later in this guide, notions of privacy have a long history. David Banisar for example points to provisions in the English Justices of the Peace Act of 1361 against peeping toms.

Western legislation dealing with surveillance and data protection essentially dates from the Enlightenment, best articulated in the 1789 French Declaration of the Rights of Man (here).

Well over a century later the 1948 Universal Declaration of Human Rights (UDHR) dealt with communication and territorial privacy in stating that -

No one should be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks on his honour or reputation. Everyone has the right to the protection of the law against such interferences or attacks

The UDHR and other human rights statements, along with national anti-discrimination legislation, is discussed in our Human Rights profile.

The landmark 1794 Medical Jurisprudence; or, A Code of Ethics & Institutes Adapted to the Professions of Physic & Surgery by Thomas Percival (1740-1804) - a foundation of medical ethics codes in the UK, US and Australia - while using the term "ethics," had in effect written a book on medical "etiquette," describing the ways in which physicians dealt with each other and their patients.

subsection heading icon     1950 ECHR

The 1950 European Convention for the Protection of Human Rights & Fundamental Freedoms (ECHR) declared that -

1 Everyone has the right to respect for his private and family life, his home and his correspondence.

2 There shall be no interference by a public authority with the exercise of this right except as in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health of morals, or for the protection of the rights and freedoms of others.

In 1976 the European Commission of Human Rights, established under that Convention, commented that

For numerous Anglo-Saxon and French authors, the right to respect 'private life' is the right to privacy, the right to live, as far as one wishes, protected from publicity ... In the opinion of the Commission, however, the right to respect for private life does not end there. It comprises also, to a certain degree, the right to establish and develop relationships with other human beings, especially in the emotional field for the development and fulfillment of one’s own personality

and reiterated that privacy was a fundamental human right that must be reflected in legislation across the EU.

In 1981 the Council of Europe agreed on a Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data (here). That Convention built on two 1973 Resolutions by the Council's Committee of Ministers after expressions of concern that both European Community and national legislation had failed to keep pace with data processing.

The Council concluded that

'Information power' brings with it a corresponding social responsibility of the data users in the private and public sector. In modern society, many decisions affecting individuals are based on information stored in computerised data files: payroll, social security records, medical files, etc. It is essential that those responsible for these files should make sure that the undeniable advantages they can obtain from automatic data processing do not at the same time lead to a weakening of the position of the persons on whom data are stored. For this reason, they should maintain the good quality of the information in their care, refrain from storing information which is not necessary for the given purpose, guard against unauthorised disclosure or misuse of the information, and protect the data, hardware and software against physical hazards.

subsection heading icon     OECD Guidelines

In 1981 the Organisation for Economic Cooperation & Development released Guidelines Governing the Protection of Privacy & Transborder Data Flows of Personal Data. Australia's Michael Kirby, founding executive of the Australian Law Reform Commission and later a justice of the High Court, was a key figure in the development of those guidelines.

The OECD guidelines were adopted by the Australian Federal Government in 1984, with a Privacy Act in 1988 (described on the following page of this guide) covering federal agencies.

The principles embodied in the Guidelines were that personal information must be

  • collected fairly and lawfully
  • used only for the purpose specified during collection
  • adequate, relevant and not excessive to that purpose
  • accurate and up to date
  • accessible (eg for verification and correction)
  • kept secure
  • subject to disposal after the purpose is completed.

The 1994 Australian Privacy Charter (here), a statement by the independent Australian Privacy Charter Council, accordingly declared that

A free and democratic society requires respect for the autonomy of individuals, and limits on the power of both state and private organisations to intrude on that autonomy.

Privacy is a value which underpins human dignity and other key values such as freedom of association and freedom of speech ...

Privacy is a basic human right and the reasonable expectation of every person. It should not be assumed that a desire for privacy means that a person has 'something to hide'. People who wish to protect their privacy should not be required to justify their desire to do so.

In November 2003 the OECD published Privacy Online: OECD Guidance on Policy and Practice, a work that argues for a blend of regulatory and self-regulatory approaches (including legal, technical and educational solutions) suited to cultural and social contexts. It discusses developments over the past two decades and supplies specific policy and practical guidance in promoting privacy protection online at national and international levels.

subsection heading icon     EU Directives

In 1995 the European Union's Data Protection Directive, discussed in more detail here, sought to harmonise data protection legislation across the EU, ensuring consistent levels of privacy protection for EU citizens and enabling free flow of personal information throughout the EU.

That directive extended the OECD Guidelines, which were advisory only, and established a global benchmark for national legislation regarding personal information in electronic and manual files.

Two years later the EU 'Telecommunications' Directive Concerning the Processing of Personal Data & the Protection of Privacy in the Telecommunications Sector (here) was agreed; individual EU states have been passing national legislation to give effect that Directive and the one from 1995.

It is likely that the Telecommunications Directive will be superseded by a broader 'Electronic Communications' Directive, proposed in 2000 (PDF), regarding Processing of Personal Data & the Protection of Privacy in the Electronic Communications Sector. The new Directive covers prohibitions on spam and protection for mobile phone users from precise geolocation services.

subsection heading icon     an ISO standard?

What about a global quality standard for privacy protection, rather than national legislation and bilateral/multilateral agreements?

In 1995 the International Organization for Standardization (ISO), an umbrella body for national standards agencies such as Standards Australia, has been exploring the feasibility of an ISO privacy standard that would reflect the EU Directive and experience in national privacy standard development, such as that of Canada.

Advocates have suggested that such a standard would be welcomed by major businesses and many governments, providing a useful mechanism that would supplement rather than replace legislation, that would encourage best practice through a certification scheme and underpin accountability by facilitating independent audits.

However there has been little consensus about whether the ISO should indeed develop a standard and the specific features of that standard. The October 1998 OECD Ministerial Declaration on the Protection of Privacy on Global Networks temporised, commenting that

the technology-neutral principles of the 1980 OECD Privacy Guidelines continue to represent international consensus and guidance concerning the collection and handling of personal data in any medium, and provide a foundation for privacy protection on global networks.

In responding to moves to encourage work by the ISO the US Council for International Business (USCIB) commented in 2000 that the ISO

correctly determined that a privacy management system could not bridge the vastly different cultural, legal, regulatory and philosophical approaches to data privacy.

A response to such criticisms is provided in Colin Bennett's 2000 paper (PDF) on An International Standard for Privacy Protection: Objections to the Objections.

subsection heading icon     impact

The 1990s EU Directives have driven development in Canada, New Zealand, the US and Australia among other countries.

That reflects the Directives' significance as a model. It also reflects the enforcement provisions in the legislation: individuals ('data subjects') are able to invoke national data protection commissioners in administering rules about the flow of information across the EU's borders.

The expectation is that personal data relating to European citizens will have same level of protection when it is exported to - and processed in - countries outside the EU although sadly, that is not currently the case in Australia. Meaningful trade with EU consumers involves compliance with the Directives.

The Directives strengthened existing EU protection (at the community and national levels) regarding

  • the right to know where data originated
  • the right to have inaccurate data rectified
  • a right of recourse in the event of unlawful processing
  • the right to withhold permission to use data in some circumstances.

Under the EU regime individuals have a right to opt-out, free of charge, from being sent direct marketing material. Commercial and government use of sensitive personal data relating to finances or health will generally require an 'explicit and unambiguous' consent by the data subject. Telecommunication service providers must ensure the privacy of user communications, including internet-related activity.




icon for link to next page   next page  (Australia)


this site
the web

Google

 

version of March 2005
© Bruce Arnold
caslon.com.au | caslon analytics