pdf (91.58 KB)

OFPC Submission

Inquiry into the Australian Government’s response to the

Fourth Report of 2000: Entry and Search Provisions in

Commonwealth Legislation

Introduction

The Office of the Federal Privacy Commissioner (the Office) welcomes the opportunity to present a submission to the Inquiry by the Senate Standing Committee for the Scrutiny of Bills (the Committee) into the Australian Government’s response to the Committee’s Fourth Report of 2000: Entry and Search Provisions in Commonwealth Legislation (the Fourth Report).

The jurisdiction of the Office includes regulating the handling of personal information by Australian Government agencies, as provided for in the Privacy Act 1988 (the Act)[1]. The preamble to the Act also refers to the protection of persons from “arbitrary or unlawful interference with their privacy, family, home or correspondence”[2]. For this reason, the granting of additional powers to enter, search and seize material and the exercise of those powers (by Australian Government agencies) are issues of continuing interest to the Office.

Previous submission

In March 1999, the Office made a submission to the review by the Committee into the fairness, purpose, effectiveness and consistency of entry provisions in Commonwealth legislation authorising persons to enter and search premises. In that submission, the Office proposed two sets of principles (the OFPC principles); these principles had been developed by the Australian Law Reform Commission in its 1983 Report on Privacy. The principles are:

• principles governing the granting of powers of intrusion; and
• principles governing the exercise of powers of intrusion.

The submission recommended that all existing and future legislation should be assessed against the OFPC principles. The Office remains of the view that these principles provide a sound basis for the consideration of privacy issues in the assessment of entry, search and seizure legislative provisions. The Office’s previous submission is Attachment 1.

The Fourth Report

In summary, the Committee’s Fourth Report in April 2000 recommended that statutory search and entry provisions should conform to certain principles (the Report principles), including those for the grant and exercise of search and entry powers. The Office supports the Report principles (noting also some consistency between them and the OFPC principles proposed in 1999) and the Committee’s recommendations, especially wherever the handling of personal information is involved. In particular, the Office endorses the need for appropriate justification and proportionality in the grant of search and entry powers[3].

The Government’s Response

In August 2003, the Australian Government published the Government Response to the Senate Standing Committee for the Scrutiny of Bills Fourth Report: Entry and Search Provisions in Commonwealth Legislation (the Response). In short, there was agreement with the majority of the Report’s principles but, the Government noted, the complexity and range of regulatory and enforcement functions required a flexibility that is incompatible with some of the Report’s principles andrecommendations. There are sixteen recommendations in the Report. In this submission, further comment is made on two of those recommendations.

Recommendation 2 – the Office agrees with the Government’s response. Broadly speaking, the exercise of intrusive powers which involves a reduction of individuals’ privacy rights should not be the subject of administrative discretion alone. Except in cases of emergency or necessity, agencies should be required to obtain judicial authorisation for the exercise of specified powers related to entry and search[4]. Also, the Office agrees that the grant of entry and search powers to regulatory and revenue collecting agencies should not exceed the powers available to the Australian Federal Police unless there are exceptional and critical circumstances.

Recommendation 3 – in the Office’s view, ensuring public trust in the grant and exercise of intrusive powers requires the highest practicable degree of transparency. There are a number of transparency mechanisms which could usefully be adopted. These include:

• each agency maintaining a centralised record of its exercise of intrusive powers;
• agencies reporting on the grant and exercise of these powers to a Minister, under a model similar to that required of law enforcement agencies under the Telecommunications (Interception) Act 1979; or
• agencies reporting to the Parliament annually on effectiveness of these powers.

Entry and search provisions

In evaluating intrusive statutory powers, there needs to be an appropriate balance between adequateand effective investigative powers and the protection of personal information. In a rapidly changingenvironment a degree of flexibility in the grant and exercise of entry and search powers may be justified.At times, the public interest in ensuring that criminal activity is effectively investigated and prosecutedwill permit elements of individual privacy to be set aside.

As one means of deciding between competing priorities in the present context, the Office commends tothe Inquiry a basic framework against which these kinds of legislative measures can be assessed.Since 2002, the Office has developed and refined this framework for the purposes of assessinganti-terrorism and law enforcement initiatives. The framework is extracted from an OFPC Submission[5]and is Attachment 2.

The Office notes that recent initiatives designed to enhance law enforcement powers in the interests ofnational security and inter-jurisdictional policing have emerged and are relevant to the deliberations ofthe Committee and its recommendations. These initiatives include the establishment of a Joint WorkingGroup by the Standing Committee of Attorneys-General and the Australasian Police Ministers’ Councilin relation to National Investigative Powers. For instance, in November 2003 the Joint Working Grouppublished its Report, which incorporated the Surveillance Devices (Cross-Border Investigations) ModelNational Provisions[6]. The impetus of these model provisions is to improve the inter-jurisdictionaloperation of certain law enforcement surveillance measures.

Generally, the Office has taken the following approach in commenting on such initiatives:

• to recommend that agencies’ powers for specified purposes be prescribed in legislation orregulations that carefully articulate the limitations upon the use of those powers, particularly inrespect of the purposes for which personal information can be used or further disclosed. Theoperation of an agency in the exercise of such powers is supported and enhanced if it isrequired to develop operational guidelines and protocols; and
• to emphasise the need for independent and effective oversight and accountabilitymechanisms to ensure the protection of personal information.

These considerations are relevant to the grant and exercise of entry and search powers.

Developments in intrusive powers – the incidental collection of third party information

A further development is the increase in the powers of agencies to seize materials. One example in thetelecommunications field is the proposed interception of ‘stored communications’ without the need toobtain a telecommunications interception warrant. This is intended to facilitate the seizure of emails,SMS messages, voicemail and other technological forms of communication that have been describedas ‘stored communications’.

The Office recently made a submission to the Senate Legal and Constitutional Legislation CommitteeInquiry into the Telecommunications (Interception) Amendment (Stored Communications) Bill 2004.The Office submitted that the Bill appeared to involve a reduction in personal privacy forcommunications[7].

The seizure of electronic forms of communications involves the incidental collection and storage ofpersonal information about third parties. In many cases, third party personal information may beirrelevant to the investigative purpose of the seizure or interception. The Information Privacy Principles(IPPs) in s.14 of the Privacy Act apply to information about individuals handled by most Commonwealthagencies, including the Australian Federal Police, but the IPPs do not include a requirement to destroydata that is not relevant to an agency’s functions or activities.

This is in contrast, for example, to the National Privacy Principles (NPPs) that apply to the privatesector. In general terms, NPP 4.2 requires that an organisation must take reasonable steps to destroyor permanently de-identify personal information that is no longer needed. In the absence of a protectionprinciple around data retention in the IPPs, information about third parties may be retained indefinitelyby an agency, even if that information is not needed by the agency.

The Office considers that legislation granting agencies power to seize materials should contain arequirement that incidentally collected third party personal information be destroyed by the agency assoon as practicable or when operational necessities permit.

Conclusion

The availability of powers to enter and search premises and to seize materials is an essential tool forgovernment agencies performing law enforcement, national security and other regulatory functions.Appropriate regard should be given, however, to the extent to which the privacy of individuals isdiminished in the grant and exercise of these powers.

The Office continues to support the giving of due weight and consideration to matters of justification,proportionality, necessity and accountability in the grant and exercise of search and entry powers.

ATTACHMENT 1

Privacy Commissioner

SENATE STANDING COMMITTEE FOR THE SCRUTINY OF BILLS

Review of the fairness, purpose, effectiveness and consistency of entry provisions in Commonwealthlegislation authorising persons to enter and search premises

SUBMISSION

March 1999

2004 5 Office of the Federal Privacy Commissioner

1. Introduction

I am pleased to have the opportunity to make this submission to the Senate Standing Committee for theScrutiny of Bills.

Under the Privacy Act 1988, I carry out a number of functions. These functions primarily relate to theareas of direct jurisdiction under the Privacy Act 1988: the handling of personal information byCommonwealth and ACT government agencies; and the rights of the individual to access and correctionin relation to his/her own personal information. The Act applies to the wider community (including theprivate sector and state and local governments) only in relation to specific categories of information: taxfile number information and consumer credit information.

My interest in the present inquiry stems from the fact that under section 27(1)(o) of the Privacy Act, I amgiven a more general function, ‘ to do anything incidental or conducive to the performance of any of thepreceding functions’. This is generally taken to cover the promotion and protection of broader principlesof privacy and in particular the privacy rights of individuals. However, the only direct area of jurisdictioninvolved would arise if and where the power to enter and/or search is accompanied by a power to seizedocuments, which contain the personal information of identifiable individuals.

A large number of Commonwealth Acts confer powers to enter and search property. The conferral andexercise of such powers always represents a significant incursion into the individual’s right to privacy.In some circumstances, the public interest is best served by allowing some elements of privacy rights tobe set aside. However, this should always be done in a manner that is consistent and fair and onlywhere necessary and to the extent necessary to achieve that purpose.

This submission proposes a number of principles that should be followed by Parliament when conferringsuch powers and by Commonwealth officers when exercising them. It then examines the broad areasof Commonwealth legislation where such powers are conferred and exercised and measures themagainst these principles.

2. Fundamental Principles

In its 1983 report, Privacy[8]the Australian Law Reform Commission (ALRC) examined a number ofinternational principles relevant to Privacy. A number of these have particular relevance to the grantand exercise of powers of search and entry.

Principal among these is, of course, Article 17 of the International Covenant on Civil and Political Rights(ICCPR):

1. No one shall be subjected to arbitrary or unlawful interference with his privacy, family,home or correspondence, nor to unlawful attacks on his honour and reputation.

2. Everyone has the right to the protection of the law against such interference or attacks.

Australia signed the ICCPR on 18 December 1972 and ratified it on 13 August 1980.

Consideration of Article 17 led the Organisation of Economic Cooperation and Development (OECD) toconvene an Expert Group to draw up guidelines on the basic rules to be observed for the protection ofprivacy in transborder data flows. This group was chaired by an Australian, the Hon. Justice MichaelKirby, AC CMG, now of the High Court of Australia. The OECD Guidelines were published in 1981 andadopted by Australia in 1984. The ICCPR and the OECD Guidelines are both acknowledged in thePreamble to the Privacy Act 1988 and partially form the basis for the Commonwealth’s jurisdiction tolegislate in this area, under the External Affairs power contained in s. 51(xxix) of the Constitution.[9]

The ALRC distilled a number of basic principles relevant to the grant and exercise of the powers ofsearch and entry that underlie the various international instruments, overseas laws and principlesdiscussed in its Report. Despite the passage of time, it is my view that these principles still serve as auseful basis for the proper granting and exercise of such powers. The relevant principles are:

PRINCIPLES GOVERNING THE GRANTING OF POWERS OF INTRUSION

1. A power of intrusion (ie. a power to arrest a person, to search a person or a place or toenter private premises) should not be granted as a matter of course. There should be aclear weighing up of the need to interfere with privacy against the social value of the policyto be achieved by conferring the power.

2. A power of intrusion should be conferred expressly, not by implication.

3. A power of intrusion should be conferred by an Act, not by subordinate legislation.

4. The grounds on which a power of intrusion may be exercised should be stated expresslyand in objective terms.

5. Authority to exercise a power should normally be dependent on special judicialauthorisation (a warrant). Exceptions may be made to this, where necessary, for ‘barrier’powers (for example, customs) and cases of emergency.

PRINCIPLES GOVERNING THE EXERCISE OF POWERS OF INTRUSION

The ALRC included here material concerning powers of arrest and powers of search of the person.These are not relevant to the present inquiry and are not reproduced.

Powers of entry and search of premises (including vehicles)

6. A person should not exercise power to search premises (including vehicles and otherproperty) except::

a. with the consent of the owner or occupier of the premises or property;

b. to prevent the loss, concealment or destruction of evidence relating to an offence; or

c. in accordance with law.

7. Reasonable notice should be given of intention to exercise a power of entry, unless to doso would defeat the purpose of the exercise of the power.

8. A power of entry onto premises should only be exercised at a reasonable time.

9. A person should not use any more force than is necessary in effecting an entry ontopremises under a power of entry.

15. Where a person has taken possession of any goods, papers or documents, he shouldpermit, so far as is practicable, the person otherwise entitled to possession of them to usethem.

The ALRC also made the following statement:

Of necessity, these principles are expressed in general terms. Nevertheless, they form a basis for theprotection of privacy where powers of arrest, search, entry or seizure are conferred on or exercised byCommonwealth … officials. They should be adopted as the basis for the consideration of privacy issuesso far as Commonwealth … legislation and administrative practices within the Commonwealthadministration… are concerned.

I strongly reiterate this statement. The only principle that needs some clarification is Principle 15 c).Where an exercise ‘in accordance with law’ is mentioned, it is important to make clear that this refers toexpress authorisation by statute in order to effect a necessary legislative purpose, as indicated inPrinciples 1 to 5. I believe that the principles should be read together.

3. Existing legislative provisions

Over 300 legislative provisions (Acts and Regulations) conferring powers to enter and search propertywere revealed by a search of the Australasian Legal Information Institute (AUSTLII) web-site[10], usingthe key words ‘enter premises’ and ‘access to premises’ to search the ‘Commonwealth: All Legislation’databases. While this search elicited a large number of statutes and regulations, it should not be seenas exhaustive. It is highly likely that the statute book contains other provisions granting powers ofsearch and entry.

These provisions encompass a wide range of areas, from the Australian Meat and Live-Stock IndustryAct 1997 to the International War Crimes Tribunals Act 1995. The provisions have been grouped intothe following categories:[11]

i. Revenue Collection

ii. Revenue Disbursement

iii. Conservation and Environment

iv. Social Benefit or Welfare

v. Public Health and Safety

vi. Occupational and Commercial

vii. Law Enforcement

viii. Defence and National Security

ix. Miscellaneous

Each category will be dealt with in turn, with the general features of the provisions within each categorybeing discussed in terms of the principles outlined above and their fairness, purpose, effectiveness andconsistency. As well, there will be more detailed discussion of provisions that are of particular concernor interest. It should be noted that, as in the ALRC report, a number of provisions appear in more thanone category.

Revenue Collection[12]

The powers in this area are in general exercisable by officers within the taxation and customsadministrations. The safeguards attaching to the exercise of the powers vary significantly. The optimalposition in my view, and that which most frequently obtains, is the requirement that entry be with theconsent of the occupier or pursuant to a warrant issued by a magistrate or a Justice of the Peace, withprovision for the magistrate or Justice to set conditions regarding the exercise of the warrant. This isthe case in almost all of the Acts. However, in several cases,[13]such safeguards are absent. Theseprovisions, almost always conferring powers on officers of the Australian Tax Office, authorised by theCommissioner of Taxation, are similar in form and substance to the following section, Section 263 of theIncome Tax Assessment Act 1936, which is reproduced as an example:

1) The Commissioner, or any officer authorized by him in that behalf, shall at all times have full andfree access to all buildings, places, books, documents and other papers for any of the purposes ofthis Act, and for that purpose may make extracts from or copies of any such books, documents orpapers.

2) An officer is not entitled to enter or remain on or in any building or place under this section if, onbeing requested by the occupier of the building or place for proof of authority, the officer does notproduce an authority in writing signed by the Commissioner stating that the officer is authorised toexercise powers under this section.

3) The occupier of a building or place entered or proposed to be entered by the Commissioner, or byan officer, under subsection (1) shall provide the Commissioner or the officer with all reasonablefacilities and assistance for the effective exercise of powers under this section.

Penalty for a contravention of this subsection: $1,000.

Such provisions concern me, in that they do not contain a similar level of privacy protection as thoserequiring consent or a warrant. The protection of public revenue is vitally important to the national polityand civic life. So too, however, is the protection of the individual’s right to privacy.

The Joint Committee on Public Accounts, in its Report on the Australian Taxation Office[14](ATO),recommended changes to these provisions. Recommendation 103 was:

Section 263 of the Income tax Assessment Act 1936 be amended to require that the Australian TaxationOffice show just cause before being granted a warrant by an appropriate judicial official to access orenter the private property of a tax payer without permission.

The Committee expressed a view that the ATO should not be given greater powers than any otherenforcement body (eg. see ‘Law Enforcement’, below). The Committee indicated that ‘just cause’ couldbe shown by evidence of reasonable attempts by the ATO to gain information voluntarily from thetaxpayer.[15]The then Privacy Commissioner supported this view, in his response to the Report. He alsoput this position in his Annual Report of 1994:

The recommendation limiting the circumstances in which ATO officers can enter premises without theconsent of the occupier is also strongly supported.[16]

While the then Government did not support the recommendation, such a measure would be a welcomestrengthening of privacy protection and would enhance the consistency and fairness of Commonwealthlaw.

While not all Regulations dealing with access to property and revenue collection were examined, thosethat were[17]all dealt with formal or incidental matters, rather than conferring powers. This is consistentwith principle 3, above.

Revenue Disbursement[18]

Typically, these powers permit entry to registered premises or non-residential premises where there arestored articles in respect of which bounty has been or in the opinion of an authorised person, is likely tobe claimed. The only explicit restriction on the exercise of such powers is that entry must occur atreasonable times.[19]Some provisions specify that an authorised person may only enter with consent or,in certain circumstances related to the purpose of the Act, with a warrant issued by a Justice of thePeace. These provisions offer better privacy protection.[20]

Conservation and Environment

Most of the provisions in this grouping appear to be consistent, fair and to offer adequate protection ofprivacy rights. The statutory powers make provision for entry not only to land and buildings but also toships and boats[21]and aircraft.[22] Most of these powers of entry require consent or a warrant issued bya Justice of the Peace or a Magistrate.[23]Moreover, it is unlikely that issues of personal privacy wouldarise in this area unless documents containing personal information were to be seized.

Social Benefit or Welfare

Most of these provisions are unexceptional – they require consent or a warrant before entry. However,the Aged Care Act 1997 contains a variation on this. Section 91.1 of that Act gives an ‘authorisedofficer’ power to enter premises with the occupier’s consent to monitor compliance with the Act.[24]Underthis provision the officer may enter an ‘aged care service’ (as defined) at any time and any otherpremises between 9 am and 5 pm on a business day. While consent is required[25], s. 91.1 (4) provides,inter alia, that:

Note: Approved providers have a responsibility under paragraph 63- 1(1)(b) to co-operate with a personexercising powers under this Part and to comply with this Part in relation to the person's exercise ofthose powers.

An approved provider who: a) refuses to consent to the entry of an *authorised officer; or

b) withdraws consent for an authorised officer to enter premises;

may not be complying with that responsibility. Failure to comply with a responsibility can result in asanction being imposed under Part 4.4.

This appears to have the effect of rendering a seemingly voluntary action compulsory. Given the objectsof the Act, which include ‘(b) to promote a high quality of care and accommodation for the recipients of*aged care services that meets the needs of individuals and (c) to protect the health and well-being ofthe recipients of aged care services’,[26]there may be arguments justifying compulsory inspection ofpremises. For reasons of fairness, however, a more transparent process would be preferable.

Public Health and Safety

These powers are conferred for a variety of reasons, from monitoring air safety[27]to preventing medicalfraud and overservicing.[28]Most of the provisions comply with the principles enunciated in Section Two,above, in that they require the consent of the occupier or a warrant prior to entry. Where this standardis not met, it is generally for well justified public interest reasons, to prevent imminent threats to life,health or safety.[29]Where particularly sensitive material is involved, for example medical records,suitable provisions apply.[30]My major concerns in this area would be with the fact that a number ofRegulations actually grant powers of entry[31]. As outlined above, it is my strong belief that such powersshould be conferred by statute, not regulation.

Occupational and Commercial

The provisions in this group are also concerned with a diverse range of matters. Powers of entry areexercisable for an equally diverse range of purposes, from the assessment and collection of levies,[32]tomonitoring compliance with workplace agreements.[33]Most of the provisions contain appropriatesafeguards, with a requirement for consent or a warrant. A number draw a distinction between premisesregistered under legislative instruments and other premises, with a right of entry without consent to theformer, provided the premises are not also a residence.[34]While this is a less effective protection ofprivacy, it is arguable that becoming registered is a form of implied consent, provided the possibility ofinspection/monitoring etc. is made clear at the time of registration. However, in industries whereregistration is a pre-requisite to participation, this argument is more difficult to sustain.

In addition, in at least one instance,[35]powers of entry are contained in Regulations, rather than theprincipal Act.

It should be noted that this is an area in which issues of personal privacy are unlikely to arise, unlessitems containing personal information are seized.

Law Enforcement

Most of the provisions listed in Appendix G are reasonable and necessary, requiring consent or awarrant for search and entry, except in emergency situations. However, a small number of provisionsdo not conform with this. Under sections 25 and 27 of the Australian Security Intelligence OrganizationAct 1979, warrants are issued, not by a Court, but by the Minister, on receipt of a request from theDirector-General. While there are a number of limits and safe guards included in these provisions, thelevel of accountability and protection is lower than if the warrant were to be issued by a Court. Likewise,under section 27E of the Financial Transaction Reports Act 1988, it is the Director who ‘may, by writtennotice to a cash dealer, a solicitor, a solicitor corporation or a partnership of solicitors, require thedealer, solicitor, corporation or partnership to give the authorised officer named in the notice access onthe day and during the hours stated in the notice to the business premises described in the notice of thedealer, solicitor, corporation or partnership.’ [36]While certain limits and safeguards also apply here, it isa matter of some concern that no judicial oversight applies.

Defence and National Security

All of these provisions contain appropriate safeguards and appear consistent and fair.

Miscellaneous

The final category contains those statutory powers of entry which do not fall neatly within any other ofthe named groupings. Most provisions are reasonable and consistent. A small number of provisions,however, present reasons for concern.

Section 251 of the Migration Act 1958 provides very broad powers of search and entry of vessels, withfew, if any safeguards. While this may be justifiable, given the objects of the Act, it would appearpreferable to include some judicial oversight of the process, except in cases of emergency, as is trueunder other statutory provisions.

There are some inconsistencies between provisions with similar objects, as well. For instance, section14 of the Ombudsman Act 1976 gives fairly broad powers of entry and search to the Ombudsman.Section 155 of the Trade Practices Act 1974 gives similarly broad powers to the Australian Competitionand Consumer Commission. However, section 68 of the Privacy Act 1988 requires consent or awarrant before officers of my office can enter or search premises. There are no clear reasons for thisinconsistency.

4. Conclusions

While most statutory provisions granting powers of search and entry appear to be fair and consistent,there are areas of concern. In some cases, the legislative objects of the Act in question do not clearlyoutweigh the violation of privacy rights involved. Provisions which grant very broad powers of entry tothe Australian Tax Office, in particular, are of concern.It is my submission that such existing provisions, along with all proposed new legislative provisions,should be examined using the criteria and principles set out in Section 2, above. In this way, thefairness, consistency, and effectiveness of such provisions and the privacy rights of all Australianswould be greatly enhanced.

TIMOTHY PILGRIM

Acting Privacy Commissioner

ATTACHMENT 2

Essentially, the framework intends to bring about balance and perspective to considerations oflegislative proposals with significant effects on privacy. It does so by leading us through seven keysteps, including: defining the nature of the problem and the scope of possible responses to it; thinkingabout how new powers might be enacted; considering what the transparency, accountability andreporting requirements should be; and ensuring review of the mechanisms after a suitable period.

The Framework

The latter two steps (outlined in the table above), reflect a vital process in ensuring that what we aim forin constructing anti-terrorism measures is just what we deliver. Not only this, but individuals have areasonable right of complaint and should have available the option of redress by an independent body.The community expects to be told about how the use of these measures is progressing with regard totheir effects upon the use of personal information.[37]These steps, supplemented by the assurance thatnecessary monitoring and auditing maintains an effective and proportional overview of the measures, gofar in maintaining community confidence that potentially intrusive actions are minimised, justified,exercised accountably and that they are reviewed.

Finally, building in a review of the measures helps guard against ‘function creep’ at a later date or theotherwise unnecessary retention of powers that risk losing their necessity as circumstances change.Two practical ways of achieving this outcome are to build into the legislation a trigger for parliamentaryreview, perhaps involving an assessment and report to that review by an independent body, oralternatively (and arguably more effectively) to insert a ‘sunset clause’ into the legislation. The latterstep means that the law will lapse, so the parliament must look again at the circumstances and consideranew whether that which influenced the measures in the past, remains a consideration in the present. Ifso, further legislation would need to be passed.