pdf (189.31 KB)

Key Recommendations

The Office of the Privacy Commissioner ('the Office') supports measures in the Do Not Call Register Legislation Amendment Bill 2009 ('the Bill')[1] that will add to the effectiveness of the Do Not Call Register ('the Register').  Specifically, the Office supports:

i. broadening the purposes and scope of the Do Not Call Register.

ii. the proposal for the Australian Communications and Media Authority ('ACMA') to conduct an education initiative prior to the commencement of any changes.

iii. changes which would make the Bill more technology neutral. It suggests that when the Do Not Call Register Act 2006 ('DNCR Act') is next reviewed consideration be given to adopting further technologically neutral concepts by reviewing the need for the terms 'fax' and 'marketing fax'.

iv. the opt-in approach adopted in relation to registered consent applying to specified industry classifications in section 4.

v. sub-section 13(6) of the Bill which specifies the primary purpose of the Register in collecting personal information for the purposes of the Privacy Act. The provision promotes transparency and certainty in the handling of such information.

Office of the Privacy Commissioner

1. The Office of the Privacy Commissioner ('the Office') is an independent statutory body whose purpose is to promote and protect privacy in Australia. The Office, established under the Privacy Act 1988 (Cth) ('Privacy Act'), has responsibilities for the protection of individuals' personal information handled by Australian and ACT Government agencies, large private sector organisations, all private health service providers and some small businesses.

Preliminary

2. The Office welcomes the opportunity to make a submission on the Bill. It generally supports broadening the purposes and scope of the Register as envisaged in the Bill. The Bill amends the DNCR Act and the Telecommunications Act 1997.

3. The Office was involved in the development of the Register and has made a number of submissions supporting its establishment and operation. During September 2008, the Office made a submission to the Department of Broadband, Communications and the Digital Economy ('DBCDE') relating to a public review of the eligibility requirements for registration on the Register.[2] In that submission the Office supported the extension of the Register to include:

• the telephone numbers of small businesses, particularly where those numbers are also used for private or domestic purposes and
• faxes, particularly when intended for private or domestic recipients.

4. The Bill is broadly the outcome of that review process. The principal elements in the Bill are to make provision for:

• the eligibility of all business, government and emergency service operator phone and all fax numbers to be included on the Register
• a prohibition on sending unsolicited marketing faxes to numbers recorded on the Register including faxes originating from overseas (subject to applicable exemptions)
• 'registered consent' which will allow new registrants the option of expressly consenting to receive telemarketing calls or marketing faxes relating to particular industry classifications, alternatively, choosing the default option of opting out from receiving all telemarketing calls and marketing faxes and
• the conferral of power on ACMA to make determinations for a number of related purposes.

Extension of the scope of the Register

5. The Privacy Act applies to the personal information of individuals which is defined in section 6(1) as 'information or an opinion ... about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion'. A phone or fax number when associated with an individual's name is likely to be personal information.

6. In the context of the Bill, it is the Office's view that the majority of business, government and emergency service operators' phone and fax numbers would not be considered personal information.

7. However, there may be situations where an individual uses their own name as a business name. This could be, for example, in the case of small businesses such as sole traders, partnerships and similar entities. In these cases the associated phone and/ or fax numbers would be personal information.

8. A key principle underlying the Privacy Act is that an individual should have a measure of choice and control over the handling of their personal information. A number of provisions in the Privacy Act give effect to that principle, for example, by restricting uncontrolled collection of personal information, requiring the giving of notice when collecting information and placing restrictions on the use and disclosure of such information.

9. Research that the Office conducted in 2007 found that respondents' reactions to receiving unsolicited marketing material are gradually becoming less favourable.[3] The main reaction of respondents in relation to this issue is concern about how direct marketers obtain their details. The extension of the Register under the Bill should further enhance an individual's choice and control over their personal information.

10. Accordingly, the Office supports measures in the Bill that will add to the effectiveness of the Register and it notes that ACMA will be undertaking an education initiative prior to the commencement of the changes.

Technological neutrality

11. The Bill removes references to 'telephone' in the DNCR Act and substitutes it with the terms 'an Australian number' (an existing definition in section 4 of the DNCR Act) and 'business number' (a new definition). The Office supports such a change as it makes the Bill more technology neutral which will have the effect of making the DNCR Act better placed to meet the demands of a sector where technology changes rapidly.

12. In its submission to the Australian Law Reform Commission's inquiry into privacy law and practice,[4] the Office submitted that Privacy Principles in the Privacy Act should continue to be technologically neutral. This is intended to ensure that the Privacy Principles remained flexible and relevant in an era of rapid technological change. In its response to the ALRC Report 108, the Australian Government has announced that it agrees with this approach.[5]

13. However, with this in mind the Office notes that the Bill also introduces the terms 'fax' and 'marketing fax' which appear to be technology specific. The Office would suggest that when the DNCR Act is next reviewed consideration be given to adopting further technologically neutral concepts by reviewing the need for these terms.

Registered consent

14. An opt-out approach puts the onus on the individual to act if they wish to limit telemarketing calls or unsolicited marketing faxes.

15. The Bill envisages that the opt-out approach used in the current scheme will continue subject to one exception.  That exception is the proposal in relation to 'registered consent' in section 4.   Registered consent applies where a registrant has opted-in by choosing particular industry classifications about which they wish to receive telemarketing calls or marketing faxes but not in relation to other industry classifications.

16. The Office submits that giving individuals a choice to opt-in to receive telemarketing calls or marketing faxes may give individuals an even greater degree of control over the contact that is initiated by them. The Office supports the opt-in approach adopted in relation to registered consent applying to specified industry classifications in section 4.

Primary purpose of the Register

17. Sub-section 13(6) of the Bill states that for the purposes of the Privacy Act the primary purpose of the Register is to facilitate:

• (a) the prohibition under section 11, of unsolicited telemarketing calls (other than designated telemarketing calls) and
• (b) the prohibition, under section 12B, of unsolicited marketing faxes (other than designated marketing faxes).[6]

18. Under Information Privacy Principle 10 in section 14 of the Privacy Act, a record-keeper with possession or control of a record that contains personal information must use it for the particular purpose for which it obtains the information, unless an exception applies in that principle. One of the exceptions provides that the use of that information is permitted where the secondary purpose is directly related to the primary purpose of collection. That exception is also likely to apply to a range of secondary uses of personal information envisaged in the Bill.

19. Stating the specific purpose of collecting personal information by ACMA (and the contracted service provider) in clear terms in the Bill promotes transparency and certainty in the handling of such information. The Office supports the provision.

[1] Do Not Call Register Legislation Amendment Bill 2009 available at http://parlinfo.aph.gov.au/parlInfo/download/legislation/bills/r4239_first/toc_pdf/09233b01.pdf;fileType=application%2Fpdf

[2] Office of the Privacy Commissioner submission to DBCDE available at www.privacy.gov.au/materials/types/download/8915/6686

[3] Office of the Privacy Commissioner Survey results: 2007 Community Attitudes to Privacy in Australia, p.29 at www.privacy.gov.au/materials/types/download/8820/6616    

[4] ALRC Report 108, For Your Information: Australian privacy law and practice, available at www.austlii.edu.au/au/other/alrc/publications/reports/108/10.html#Heading41.  The Office's submission to the ALRC Discussion Paper 72 is available at www.privacy.gov.au/materials/types/download/9111/6748  

[5] The Government's response to ALRC Report 108 is available at www.dpmc.gov.au/privacy/alrc_docs/stage1_aus_govt_response.pdf (see page37)

[6] Proposed sub-section 13(6)(b) of the Bill is a new provision while (a) restates the current provision