1 / 50

Use, disclosure, and related principles (data quality etc)

Privacy & Surveillance Graham Greenleaf & Nigel Waters Last updated October 2008. Use, disclosure, and related principles (data quality etc). Sources. ALRC Report 108, Chapter 25

aviva
Télécharger la présentation

Use, disclosure, and related principles (data quality etc)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy & Surveillance Graham Greenleaf & Nigel Waters Last updated October 2008 Use, disclosure, and related principles (data quality etc)

  2. Use, Disclosure and Quality Sources ALRC Report 108, Chapter 25 Greenleaf, Waters & Bygrave (Dec 2007) Strengthening uniform privacy principles: an analysis of the ALRC's proposed Principles Submission to the ALRC Review of Australian Privacy Laws Discussion Paper 72, particularly ‘8. Use and Disclosure (UPP 5)’ , ‘9. Direct Marketing (UPP 6)’& ‘10. Data Quality (UPP 7)’ Also Greenleaf, Waters & Bygrave (Jan 2007) Implementing privacy principles: After 20 years, its time to enforce the Privacy Act, Submission to the ALRC Review of Privacy Laws Issues Paper (2006) NSWLRC Consultation Paper 3, 2008, pp 117-124

  3. Use, Disclosure and Quality Overview Finality - Use & disclosure limitation principles Importance of ‘finality’ Meanings of use and disclosure Effect of purpose on subsequent recipients General exceptions to finality principles Related purpose; consent; authorised by law Other exceptions (numerous)‏

  4. Use, Disclosure and Quality Overview (2)‏ Related matters Public registers - Application of IPPs Data export limitation principles Data matching controls Related principles Data integrity/quality principles 'Objection to processing' principles

  5. Use, Disclosure and Quality ‘Finality’ - Use & disclosure limitation principles ‘Finality’ - the EU term for limiting subsequent use and disclosure to the original purpose of collection The single most important concept in information privacy Applies irrespective of how data collected, or who from Generally - Data can only be used / disclosed in 5 ways: (I) For the purpose for which it was collected (ii) For a related purpose (iii) With consent of the data subject (iv) As authorised by law (v) Other subject-specific exceptions Some common public interest exceptions (eg safety of others; law enforcement)‏ Many very specific exemptions (often jurisdiction-specific)‏

  6. Use, Disclosure and Quality Meanings of ‘use’ and ‘disclose’ IPPs limit both disclosure and use - but wordings differ Cth PA: IPPs and NPPs refer separately to ‘use’ and disclose;; definition of ‘use’ says it does not include ‘mere disclosure’, but does include inclusion in a publication HK DPP 3 refers only to ‘use’ but s2 definition of ‘use’ says use ‘includes disclosure or transfer of the data’ Disclosure Can be verbal or by allowing inspection - All Australian and HK IPPs refer to disclosure of ‘personal information’data, not disclosure of records Can ambiguity be ‘disclosure’? - see BG v DOCS ([2008] NSWADT71) - Case Summary [2008] AUPrivCS 2: Tribunal held that a letter disclosing that a criminal record check might be a reason for rejection of carer status did not disclose the fact that BG had a criminal record (was so). HK defn ‘disclosing’ specifically ‘includes disclosing information inferred from the data’ (s2) - implied elsewhere

  7. Use, Disclosure and Quality Meanings of ‘use’ and ‘disclose’ (2)‏ Is there ‘disclosure’ if the information is already known? see debate between Greenleaf and Gunning Example: if answer is ‘no’, any organisations could confirm the truth of any information put to it by another organisation without disclosure (and ‘no comment’ is not a disclosure either). Reasons for ‘yes’ answer Different sources have different authority (But careful - NSW ADT case regarded news report as ‘publicly available publication’) Unfair to require P to prove what another party did not know Courts may reduces damages if discloser shows information already known by recipient (less harm to P)‏ HK use of ‘transfer’ as well as ‘disclose’ - may confirm that it does include information already known

  8. Use, Disclosure and Quality Meanings of ‘use’ and ‘disclose’ (3)‏ Use - Can mere inspection be ‘use’ by data user? ‘No’ answer for previous UK Act - R v Brown [1996] 1 AC 543; police officer viewed record in police database of interest to debt collector with whom he associated; HL held ‘using’ required that the information be subsequently deployed Reasons for a ‘yes’ answer (better view)‏ Abuse by ‘insiders’ is a major cause of privacy invasions; and it is very difficult to prove subsequent use (as in Brown)‏ Will encourage employers to adopt ‘need to know’ restrictions on access - so breaches will also breach internal policies HK and Aust long titles of Acts indicates purpose of privacy protection (contra UK Act at that time) - supports inspection being covered - see discussion in RG

  9. Use, Disclosure and Quality Meanings of ‘use’ and ‘disclose’ (4)‏ • Onus of proof problems • Obligation on complainant to prove use or disclosure; civil standard of balance of probabilities • QE v Macquarie University [2008] NSWADT 144 - Example of Tribunal unwilling to conclude that disclosure by Macq employee occurred despite strong circumstantial evidence; but also unwilling to find Macq in breach of security principle for lack of logging of mere accesses to files which did not involve amendments • Unauthorised access can be ‘computer crime’ • Also relevant: ‘computer crime’ offences can cover mere unauthorised access - in some jurisdictions, can cover access by authorised personnel for unauthorised purposes

  10. Use, Disclosure and Quality Finality - Effect on subsequent (3rd party) recipients ‘Finality’ usually refers to subsequent uses/ disclosures by thecollector Issues: (I) Are 3rd P recipients tied to the same purpose as the proper purposes of the discloser (the original collector)? (ii) Does this depend on whether the 3rd P is aware of the original purpose of collection? It is rare for IPPs to explicitly address this Cth public sector IPP 11(3) - Recipient from agency can only use the information for purpose for which it is disclosed to them Re NPPs, Note to s13B(1) (re related corporations) implies ‘yes’ answer

  11. Use, Disclosure and Quality Finality - Effect on subsequent (3rd party) recipients (2)‏ Other sets of IPPs (eg HK) do not address this Best answer is that collection must be by ‘fair’ means - fairness is an objective test in relation to data subject This covers both legitimate disclosures (wider purposes of collection unfair), and illegitimate disclosures (any collection unfair); Where 3rd P is unaware of original reasons for collection, a strong approach still protects the data subject; weak approach allows recipients new purposes (may be approach of HK PCO)‏ Necessary answer to support the policy of the legislation Once unlawfulness of discloser is known, collector’s use may also be a breach of confidence - additional ground for objection to either unlawful collection or unfair collection

  12. Use, Disclosure and Quality Finality - Effect on subsequent (3rd party) recipients (2)‏ Examples Use of personal data obtained from a public register - [2003] HKPrivCmr 8 - purpose of bulk disclosure of public register data by agency precluded commercial use of data; attempt by purchaser to use with search engine breached DPP 3. What implications for Tenants’ Union v TICA No 4 ?

  13. Use, Disclosure and Quality Allowed uses: Principal purpose of collection IPPs require a purpose of collection NPP 1.3 refers to ‘purposes’: PC’s Guidelines still say there is only one primary purpose Notice of purpose under IPPs is evidence of purpose Notice broader than function/ activity - invalid notice, use still limited by (objective) function/activity Notice narrower than all functions allow - users can limit by notice those of their purposes for which they collect - cannot use for any wider (though legitimate) function/ activity Is Tenants Uniion v TICA #4 (2004) consistent with this? Data subjects may expressly limit the purpose of collection Purpose need not be as wide as all allowable purposes HK [2003] HKPrivCmr 8: ‘Use of personal data obtained from public registry’ (Materials #5)‏

  14. Use, Disclosure and Quality Lack of notice - effect on purposes If no notice is given, purpose is inferred Purposes may be implied by relationship between parties Reasonable expectations of data subject are relevant when data is collected from data subject (B&W 127)‏ Where collected from 3rd parties, their reasonable expectations are relevant Where data is collected by observation/from documents, no expectations, so function/activity becomes crucial (B&W 127) Common complaint: Disclosure was within purpose of collection, but notice was not given as required HK PCO Eg Disclosure of skating competitors OK as a purpose of collection, but no DPP 1(3) notice given - breach of DPP1 (collection) , not DPP3 (disclosure)‏

  15. Use, Disclosure and Quality Allowed uses (I): Secondary purpose exceptions Uses allowed for secondary purposes related to primary purpose - but tests differ (in wording): HK DPP 3, Cth and NSW public sector IPPs - must be ‘directly related’ NPP 2 for private sector and Vic/NT public sectors (I) must only be ‘related’ (or ‘directly related’ if it is sensitive information - difference must be meaningful); AND (II) ‘the individual would reasonably expect’ the secondary use ‘Reasonable expectations’ test NPP test is of the expectations of the individual concerned Cth PC suggests test is expectations of a reasonable person with no particular knowledge of the industry concerned Reasonable expectations of data subjects/3rd parties may also affect the meaning of ‘directly related’ (B&W support)‏

  16. Use, Disclosure and Quality Secondary purposes:‘Reasonable expectations’ (2)‏ [2003] HKPrivCmr 5 :‘Posting of complaint letter on notice board’ - ‘it was unlikely that he would have given consent’ HKPCO complaint 4/05: ISP used complainant’s credit card details from a terminated account to recoup charges on a different account - breach of DPP 3, ‘not within a consumer’s reasonable expectations’ HK AAB appeal 66/2003: C complained to property mgt co. R about neighbour; R disclosed her details to neighbour (who later used them in a civil action against her). PCO held disclosure was for a directly related purpose, to help resolve a dispute; also was for s58(1) purpose of remedying ‘seriously improper conduct’ (both upheld by AAB)‏

  17. Use, Disclosure and Quality Secondary purposes:‘Reasonable expectations’ (3)‏ HK AAB appeal 13/2004: disclosure of account information to debt collector is fora directly related purpose HK PCO appeal 26/2004:employer disclosed to Dr that medical examination was for purpose of confirming employee’s fitness to attend disciplinary hearing;PCO held (and AAB upheld) that this was for a directly related purpose; and could also be justified under s58 Excessive disclosures must still be avoided: Prosecution witness' personal data [2004] HKPrivCmr 5 - disclosure of whole statement to defendant was unjustified

  18. Use, Disclosure and Quality Secondary purposes: ‘Reasonable expectations’ (3)‏ Tenants’ Union v TICA No 4 [2004] PrivCmrACD 4 TICA collected from its members, not from tenants TU complained TICA breached NPP 2.1(a) in disclosing info to members from Enquiries database because tenants would not ‘reasonably expect’ information about unsuccessful applications to be disclosed to real estate agents. Dismissed by PC - ‘reasonable expectations’ is only relevant to secondary purposes, and use for default listings was TICA’s primary purpose of collection from its members. PC had already found that tenancy application information was ‘necessary’ for TICA’s provision of a ‘risk management service’ - PC used an objective assessment of TICA’s primary purposes

  19. Use, Disclosure and Quality Secondary purposes: ‘Reasonable expectations’ (4)‏ Tenants’ Union v TICA No 4 - Questions: (1) How do you determine what is a primary purpose? don’t you look at what TICA made consumers reasonably aware of under NPP1.5? PC found that TICA breached NPP 1.5 - didn’t they imply they only collected defaults? shouldn’t they be bound by that as their purpose? - it would be nonsense to say you can have a primary purpose different from what you say it is, but secondary uses must be within ‘reasonable expectations’ (2) Can TICA use the information if its members are in breach of NPP 2 in supplying it? PC questions [95] whether TICA members’ disclosures to TICA are for a secondary purpose and satisfy NPP 2 But he fails to consider the implications of this …

  20. Use, Disclosure and Quality Secondary purposes: Mistaken disclosures can still be for correct purposes [2003] HKPrivCmrAAB 1- Bank mistakenly disclosed complainant’s access request to his employer - mistake of fact that employer held the information sought - PC held, and AAB upheld, that this was for the original purpose of collection or at least directly related to it Seem that disclosure for an intended correct purpose is OK if it is based on a mistake of fact (not a mistake as to allowed purpose) S41 directions expand NSW ‘directly related’ test S17 limit on secondary use is expanded by Privacy Comm’s s41 Direction allowing uses where an agency is ‘reasonably satisfied’ that use is in pursuance of an agency’s lawful functions. Eg AK v Gosford City Council ([2007] NSWADT 289) - Case Summary [2007] AUPrivCS 16: Council sent advertising material for a chance to win prizes if rates were paid on time. Although not ‘directly related’ to Council functions according to Local Govt. Act, remitted back to Council for internal review on this exemption!

  21. Use, Disclosure and Quality Allowed uses (II) Consent A lot of variation in requirements for disclosure: HK DPP3 requires ‘prescribed consent’ (s2(3) defn) Australia usually ‘express consent or implied consent’ (Cth PA s6, also Vic) (see GG & LB 2005, 1.8) - Contra NSW requires ‘express consent’ for disclosures (s26(2)), but only consent for new uses (s17(a)). C.f. NZ requires ‘authorisation’ NZ Courts (L v J, L v L) have held this includes implied authorisations (see Roth article)‏ Consent must also be informed (meaning of ‘consent’) Data subject’s consent to change of use is needed even if data was not collected from the data subject (B&W support). See ‘effect on subsequent recipients’

  22. Use, Disclosure and Quality Consent exception (2) Re NSW s26(2) ‘express consent’ for disclosures Macquarie v FM [2003] NSWADTAP 43 See also Greenleaf casenotes on original decision and appeal NSW s18 requires express consent (s26(2))‏ UNSW had express consent to obtain FM’s academic transcript from other Unis Held: This ≠ express consent to Macquarie to disclose it to UNSW; ‘must be the subject of administrative action by the agency disclosing …’ So not even enough if the UNSW form had expressly mentioned Macquarie - very strict

  23. Use, Disclosure and Quality Consent (3)‏ HK DPP3 requires ‘prescribed consent’ (s2(3) defn)‏ Inclusion of ‘voluntariness’ implies strictness beyond normal meaning of consent (PCO suggests)‏ Might imply there cannot be any adverse consequences for failure to consent, if consent is to be ‘prescribed consent’ Does not necessarily require writing Does not allow ‘opt out’ - In HK PCO complaint estate agent attempted to require clients to opt out from being members of a club - ineffective S2(3)(b) allows prescribed consent to be revoked, but only in writing

  24. Use, Disclosure and Quality Consent exception (4) - Can consent be implied from failure to opt out? HK - ‘No’ - see ‘prescribed consent’ in DPP 3 Australia - sometimes ‘yes’ Supported by Explanatory Memo to 2001 amendments re NPP2.1(b)‏ Aust PC’s NPP (draft?) Guidelines - ‘Yes’, but considers it depends on specific circumstances - Sets out 8 factors supporting finding of consent: (I) clearly stated / understandable ; (ii) likely to be read; (iii) likely to understand implications; (iv) free and not bundled; (v) no cost / little effort; (vi) consequences harmless; (vii) subsequent restoration possible; (viii) multiple means of opt-out Example (PC): Rarely applicable to opt-outs from marketing info because (I) not likely read; (ii) belief of adverse effects of replying Canadian PC has recognised opt-out can be consent: see case #207

  25. Use, Disclosure and Quality Consent (5)‏ When can consent be otherwise implied? Family members: can’t just be assumed HK ‘express consent given voluntarily’ (s2(3)) - How different from implied consent allowed in Australia? A broad interpretation of ‘directly related’ can have the same effect PCO eg in RG - purpose of collection of client data by a social worker implicitly includes compliance with any legal obligation to the Courts - disclosure allowed

  26. Use, Disclosure and Quality Consent (cont)‏ ‘Bundled’ consent Unresolved, but reference to notice of ‘purposes’ in NPP 1.3(c) gives some support Argument against is that it bundled consents may not be consents given freely (except for principal purpose) because refusal to consent will disadvantage ALRC 108 (2008) proposes only that PCO issues guidance See Greenleaf, Waters & Bygrave ‘3.2. Meaning of Consent’ in submission to ALRC, 2007, particularly Submission DP72-10 that separate consent should be required for each proposed purpose of use

  27. Use, Disclosure and Quality Prior awareness exception Prior awareness exception Cth IPP 11(a) ‘individual …is reasonably likely to have been aware, or made aware under IPP2’ of disclosure practices NSW s18(1)(b) – similar - nothing similar in NPPs or HK Example - Macquariev FM [2003] NSWADTAP 43 No need to be directly related, with consent, or authorised by law; but argue that it must still be within purposes of agency Does this allow post-collection notice/awareness of changes to disclosure practices? - inimical to finality No evidence whether so abused since introduced in 1988 ALRC Report 108 (2008) – ALRC proposed UPP 5 does not include any such exception

  28. Use, Disclosure and Quality Allowed uses (III): ‘Authorised by law’ Cth Privacy Act (IPPs and NPPs) - uses/disclosures ‘authorised by or under law’ PA did not retrospective invalidate any legislation permitting or requiring disclosures Includes common law duties/rights to disclose see GG&LB 2.1.3 - EU A29 Committee incorrect - still requires a positive authorisation or requirement to disclose NSW more restrictive (s25): non-compliance may be ‘lawfully authorised or permitted’ or ‘necessarily implied or reasonably contemplated’ ‘under an Act or any other law’ HK does not have a general exception ‘where authorised under law’ - see specific exceptions (later)‏

  29. Use, Disclosure and Quality ‘Authorised by law’ exception (2)‏ ACT Dept JACS [2004] PrivCmrACD 5 C, JACS employee, was whistleblower to ACT Omb.; JACS staff disclosed personal info about C’s internal grievances to Omb. JACS claimed it did so to show Omb that complaint may be ‘frivolous or vexatious’ PC held no defence (I) that C would be ‘reas aware’ of such disclosures; or (ii) that it was ‘authorised by law’ - some disclosure was authorised, but only if it was relevant to the Omb. Investigation - this was not. However, $0 compensation; apology ordered - who would be a whistleblower?

  30. Use, Disclosure and Quality 'Authorised by law' exception (3) ALRC Report 108, Chapter 16 Considered case for limiting exception to 'specifically authorised’, but decided against (Greenleaf, Waters & Bygrave submission recommended this) Same wording 'required or authorised by or under law' recommended for several principles Recommends defining 'law', including to cover common law duties of confidentiality, and exceptions to them (R16-1) May make no difference to existing law here Recommends OPC guidance (R16-2)

  31. Use, Disclosure and Quality Reminder: Limited role of exceptions The limited role of exceptions They are usually not a requirement to disclose/use They are usually not authority to disclose/use if some other law forbids this (eg BOC)‏ They merely mean there is no breach of an IPP This also applies to ‘authorised by law’ exceptions - ‘Authorised’ ≠ ‘required’ (trite but important) - not required to disclose just because an IPP exception exists - still their discretion to exercise HK Pt VIII (Exemptions) s52 specifies that an exemption ‘neither confers any right nor imposes any requirement’

  32. Use, Disclosure and Quality Other exceptions Will only consider some important ones: Direct marketing exceptions Protection of safety of self and others Law enforcement purposes Disclosure between related corporations (NPPs)‏ See also 'Exemptions' slides Sources Cth PC Info Sheet 11 - Exemptions from NPPs GG&LB 2005

  33. Use, Disclosure and Quality Direct marketing exception Many jurisdictions (including EU) have a Direct Marketing (DM) exception allowing opt-out Hong Kong direct marketing ‘opt out’ exception (s34)‏ Notice of right to opt out must be given first time personal data is used for direct marketing. Data user must comply with subject’s wish to opt out Need notice be given every time new data is held, or only if it is actively used for direct marketing? See 4 examples in RG S34 applies even if the direct marketing is with consent (PCO egs); this differs from Australia Promotion of government programs, and investment newsletters, are both direct marketing (HK PCO egs)‏

  34. Use, Disclosure and Quality Direct marketing exception (2)‏ HKPCO complaint AR 7/05: publisher outsourced direct mailings to a lettershop, who failed to recognise different versions of name of complainant who had previously opted out; held publisher was in breach of s34, required to find a better lettershop, and to for its staff to do quality checks on de-duplication processes used

  35. Use, Disclosure and Quality Direct marketing exception (3)‏ Australian NPP 2.1(c) Only applies to use, not disclosure, for DM Better view - 2.1(c) is an alternative to (a) or (b)‏ Marketing use need not be within reasonable expectations Wishful thinking view - all direct marketing must comply with 2.1(c) (Many submissions to PC’s review support a change)‏ NPP 2.1(c) can only be relied on to allow DM if Impractical to obtain consent [under (b)] before this use PC (NPP GLs) says it is ‘normally not impractical’ with online communications Individual has not previously opted out from marketing from this organisation [will it cover central opt -out lists?] Each marketing communication must give an option to opt-out from further communications (No equiv to HK annual notice)

  36. Use, Disclosure and Quality Direct marketing exception (4)‏ ALRC Report 108 recommends stronger right to opt-out of Direct Marketing (DM) – UPP 6, but: Organisations only – not extended to agencies Right to opt out etc would apply to all uses of PI for DM Direct marketing left undefined To existing customers, (i) DM must be within existing expectations and (ii) offer a ‘simple and functional’ means of opting out. To non-customers, DM allowed provided (I) consent obtained unless not practicable; (ii) explicit notice that opt-out possible; and (ii) disclosure of source of PI provided on request.

  37. Use, Disclosure and Quality Direct marketing exception (cont)‏ Alternatives to NPP 2.1(c) for direct marketers: Rely on DM as express purpose of collection (implied consent)‏ Rely on 2.1(a) ‘related purpose’ / reasonable expectations Obtain express consent to marketing, come within 2.1(b)‏ PC (NPP GLs) says express consent will be needed In all 3 cases, no need to give 2.1(c) opt-out notice BUT Where individuals do opt-out anyway, this would negate both consent and reasonable expectations Current development Government considering ‘Do Not Call’ register US one has US$15K fines if they do after opt-out (bounty better)‏ How would this handle the 200M calls p/a outsourced O/S? Note also the requirements of the Spam Act 2003

  38. Use, Disclosure and Quality 2 Protection of safety/health All Australian Acts have variants of 'necessary to prevent or lessen a serious and imminent threat to the life or health of the individual concerned or of another person’ HK s59 exempts ‘personal data relating to the physical or mental health of the data subject’where access (DPP 6) or restricting use (DPP 3) ‘would be likely to cause serious harm to the physical or mental health’ of the data subject or another person FM v Macquarie University [2003] NSWADT 78 Macq staff were concerned that FM might injure someone at UNSW No exemption because not ‘serious’ or ‘imminent’

  39. Use, Disclosure and Quality 3 Law enforcement exceptions Cth PA exempt purposes of disclosure IPPs 10.1(e)/11.1(e) ‘reasonably necessary for the enforcement of the criminal law’ etc NPPs 2.1(f)&(h)‏ NSW Act has much broader set of exemptions, often blanket for agencies All law enforcement exemptions (except NSW) require a ‘note’ to be kept of all disclosures The only example of logging of disclosures required by IPPs (NPP 2.2; Cth IPP 10.2)‏ Is logging essential for adequate security? - see FH v NSW Corrective Services ([2003] NSWADT 72) - Summary [2003] NSWPrivCmr 1 If there is no logging, rights of access (and notification of corrections are significantly crippled

  40. Use, Disclosure and Quality Exceptions - law enforcement etc HK PDPO s58(2) - use/disclosure for 'prevention or detection of crime', 'serious improper conduct' etc does not breach DPP 3 See earlier examples from 2004/05 AR D must show that adherence to DPP 3 would prejudice one of these interests, and he had reasonable grounds for believing this Lily Tse Case [1998] HKCFI 811 - Personal injuries action concerning Albert House collapse 1994 - Held DPP 3 did not apply so as impede third party discovery (of witness statements held by Police) in a civil action A tort was 'serious improper conduct’ for s58(2). This has broad implications for PC(P)O.

  41. Use, Disclosure and Quality 4 Related corporations exception No HK direct equivalent Aust Cth s13B allows information to be disclosed by corporation A to related corporation B primary purpose of collection of corporation A will normally determine what secondary use corporation B can make (restricted by 'reasonable expectations' test) [see note to s13B(1)] BUT not in relation to the direct marketing exception in NPP 2.1(c) (test does not apply)‏ B can send direct marketing to A's customers (with opt-out) irrespective of A’s purpose of collection

  42. Use, Disclosure and Quality Other rules and Principles related to use and disclosure Related principles (covered in following slides) Data integrity/quality principles - see following 'Objection to processing' principles Proposed ‘automated decision-making’ principle Separate slides / Reading Guides Data export limitation /cross-border principles Public registers - Application of IPPs Limited separate NSW principles Data matching controls

  43. Use, Disclosure and Quality Data integrity/quality principles Quality principles - these variously require: HK DPP 2(1) - ‘all practicable steps’ to ensure data are ‘accurate’ having regard to principal and directly related uses Cth IPP 8 - reasonable steps to ensure ‘accurate, up-to-date and complete’ (AUC) before use (not disclosure, not at collection)‏ NPP 3 - reas steps to ensure AUC when collects, uses or discloses Cth IPP 9 - may only use for relevant purposes NSW s11 (IPP 4) reas steps to ensure AUC when collecting ‘from an individual’ NSW s16 (IPP 9) reas steps before use to ensure relevant and AUC

  44. Use, Disclosure and Quality Data integrity/quality principles: Hong Kong DPP 2(a) requires that 'All practicable steps … to ensure … personal data are accurate having regard to the purpose‘ (of use). 'use' includes disclosure, so DPP2 obliges data users to ensure data accurate for the purpose for which it is being disclosed to a 3rd party DPP2(c) also imposes obligation to inform 3rd party of inaccuracy and provide corrected data "Inaccurate" …. means … incorrect, misleading, incomplete or obsolete' (s2) - same as elsewhere HKPCO avoids adjudicating on correction of data - see discussion under Access & Correction

  45. Use, Disclosure and Quality Data integrity/quality principles: Hong Kong DPP2(b) requires that inaccurate data (i) not be used or (ii) be erased. Discussed in next topic s66 compensation claims possible subject to defences - DPP 2 is one of most likely sources

  46. Use, Disclosure and Quality Data integrity/quality principles Significance of quality principles: Correction of errors may not be enough - prior failure to take reas steps may be breach Legitimate uses/disclosures may still lack quality control Legitimate collection may still lack quality control Examples L v Commonwealth Agency [2003] PrivCmrA 10 - failure to take any steps to check a mailing address was a breach

  47. Use, Disclosure and Quality Data integrity/quality principles Tenants’ Union v TICA #2[2004] PrivCmrACD 2- PC found breach of NPP 3 in relation to the ‘enquiries’ (ie not defaults) database vital nature of housing impacts on what is reasonable TICA’s random checking to ensure accuracy PCO carried out its own (since TICA did not keep records) and found many inaccuracies Important elements in a system of quality control include (I) system of random checking; (ii) advising those who have received inaccurate records - TICA failed TICA’s collection practices - for tenancy databases (given prejudicial effect) 3 pieces of identifying information is minimum necessary - TICA failed tho always had two. Failure to advise tenants of listing impacts quality obligations Deleting notes that listings are disputed after 30 days 6 forms of breach identified in Determination

  48. Use, Disclosure and Quality Data integrity/quality principles Tenants’ Union v TICA #3[2004] PrivCmrACD 3- PC found breaches of NPP 3 in relation to its defaults database because it was retained for an excessive time and therefore ‘out of date’. Criteria applied (para 53) set out steps required for reasonableness if potentially prejudicial information is to be held for a long period (over 3 years in this case)‏ ALRC proposals Greenleaf, Waters & Bygrave (Dec 2007)‘10. Data Quality (UPP 7)’

  49. Use, Disclosure and Quality 'Objection to processing' principles EU privacy Directive contains examples: Art 14(a) right to object to data processing generally, Art 14(b) right to object to direct marketing Art 15(1) right to object to decisions based on fully automated assessments of one's personal character Only Aust and HK examples is the right to opt-out of direct marketing (Aust - NPP2.1(c))‏ ALRC Report 108 strengthens right to opt out of direct marketing – UPP 6 – see slide above

  50. ‘Automated decision-making’ proposed Principle • ALRC 108 (2008) Rejects case for an automated decision making rule • In Greenleaf, Waters & Bygrave 2007 ‘15.6. Automated decision-making principles’ we agree with the ALRC that a separate principle is unnecessary, but submit that it should be made an express requirement as part of UPP 7, with an appropriate ‘reasonable steps’ limitation.

More Related