Looking into privacy matters

Whether or not they are immediately recognised as such, issues pertaining to privacy are to the fore in today's fast-changing, connected, digital world. It need not take a United Kingdom phone-hacking scandal to remind us of this.

Late last month, a Green Paper on child abuse was launched in New Zealand and, in the discussions surrounding it, the issue of information sharing between government agencies, constrained by privacy considerations, was raised.

How often do we hear about vexatious cases involving estranged relationships in which one party has posted intimate photographs of the other on internet sites? And is there a more common complaint around the water cooler than of the plethora of direct marketing phone calls intruding on much-valued privacy?

Such examples hint at a complexity and breadth of issues not so manifest when the Privacy Act 1993 was signed into law. So the comprehensive Law Commission review, led by the distinguished Prof John Burrows QC, and just completed, is timely. It has been in train for several years and has been divided into four parts.

Stage 1 was an overview of privacy issues, resulting in the paper, Privacy: Concepts and Issues (2008). Stage 2 took in the law relating to public registers; Stage 3 looked at whether criminal, civil and regulatory law in this country is adequate to deal with invasions of privacy, and recommended the establishment of a new Surveillance Devices Act; and Stage 4 has led to the just-released report, Review of the Privacy Act 1993. The Government will now consider the review in its entirety and formulate its response. Legislation will almost certainly follow.

At the heart of the review, and in any consideration of privacy issues, is the question of balancing private and other interests.

The Law Commission believes the balance is essentially in the right place, but "other interests" can sometimes override privacy protection. It makes a number of recommendations to this end.

These include a new framework in the Act for the sharing of personal information between government agencies; new health and safety exceptions and modifications; exceptions making it clear information derived from suspicions about criminal activity can be disclosed to law enforcement agencies; and, against this liberalising trend, establishing new grounds for refusing requests by people for information about themselves which could lead to harassment of, or distress to, other people.

Broader recommendations of the review canvass data breach notifications, whereby agencies must tell people when private information has been compromised. It believes the Privacy Act complaints process is unnecessarily complex and argues for simplification. It seeks better protection for individuals against offensive online publication, and raises the possible establishment of a "Do Not Call" register to screen out those who do not wish to be accosted by tele-marketers.

The media are, generally, excluded from the coverage of the Privacy Act, being regulated by their own complaints bodies. For print media, it is the Press Council; and for broadcasters, the Broadcasting Standards Authority (BSA). These exclusions recognise the role than media can and do play in the transmission of information in the public interest, and the requirements for openness in democratic societies.

Media are constrained by laws - contempt, and defamation for example - and by codes of professional ethics under which they are accountable to the Press Council and the BSA.

But the review does identify "a potential gap in privacy protection" with respect to internet-based media which are frequently not subject to either a code of ethics or a complaints body.

A large number of "blog-sites" would fall into this category and the commission's view they should be subject to the Privacy Act makes good sense. It will be some time before these recommendations - those which survive the select committee process - arrive on the statute books.

In the meantime, the thorough and reasoned nature of the report is a timely reminder of the growing opportunities for invasion of privacy, and also of the need to maintain mechanisms to override blanket protections under the Act where necessary. Privacy in an increasingly public world is a precious commodity. The trick is to balance that with requirements of the public good.