Washington International Law Journal


Global and national transfers of personal information and data protection laws meant to regulate such transfers will have a significant impact on the growing Internet. Yet vastly different philosophies on how to protect individuals' personal information from theft or misuse by the private sector have led to very different regulatory models throughout the world. In the industrialized world, the European Union's approach, a universally applicable, comprehensive data protection law, occupies one end of the regulatory spectrum, while a self-regulatory scheme like the United States' stakes out the other end. Australia's Private Sector Privacy Act Amendment ("2000 Amendment") lies somewhere in between. Australia's 2000 Amendment has been called "co-regulatory" or "light touch" regulation partly because it was meant to allay citizens' increasing privacy concerns, yet not impose a significant regulatory burden on industry. Australia 's Private Sector Privacy Bill was touted as an innovative compromise between costly state regulation and ineffective self-regulation. However, some of the concessions made in the name of flexibility and de-regulation have resulted in a weak regulatory scheme that produces inconsistent and ineffective information privacy protection. In particular, the small business exemption and the limited enforcement mechanisms weaken the 2000 Amendment so much as to call into question whether Australia's information privacy law is merely a baby step away from self-regulation rather than a happy medium on the regulatory scale. If the 2000 Amendment is to provide Australians with the substantive privacy protections it sets forth, legislators should fix two flaws in the next round of private sector privacy regulation. First, they should close or phase out the small business exemption. Second, in order to give effect to the substantive provisions of the Amendment, the law should allow more effective enforcement by using a system of appropriate penalties that escalate according to the degree of non-compliance. These changes would provide more thorough protection of Australians 'privacy, yet would not reduce the benefits derived from the "co-regulatory" model.

First Page