Proposed extradition and mutual assistance reforms
Submission to Attorney-General’s Department - March 2011
Submission by Timothy Pilgrim, Australian Privacy Commissioner
Office of the Australian Information Commissioner
- The Office of the Australian Information Commissioner (OAIC) is an independent statutory agency established by the Australian Information Commissioner Act 2010 (AIC Act). The OAIC commenced operation on 1 November 2010 and is headed by the Australian Information Commissioner, supported by two other statutory office holders, the Freedom of Information Commissioner and the Privacy Commissioner.
- Together the Commissioners of the OAIC exercise three broad functions:
- the freedom of information (FOI) functions set out in s 8 of the AIC Act
- the privacy functions set out in s 9 of the AIC Act
- the Information Commissioner functions set out in s 7 of the AIC Act.
- As the national privacy regulator the OAIC can provide general advice on privacy issues and the application of the Privacy Act 1988 (the Privacy Act).
- The OAIC appreciates the opportunity to make comments to the Attorney-General’s Department (the Department) on the exposure draft Extradition and Mutual Assistance in Criminal Matters Legislation Amendment Bill 2011 (the draft Bill).
- The former Office of the Privacy Commissioner has previously made comments to the Department on its review of Australia’s mutual assistance and extradition legislation, including comment on the exposure draft Extradition and Mutual Assistance in Criminal Matters Legislation Amendment Bill 2009 in August 2009.
- The OAIC acknowledges that a number of its comments from the 2009 consultation are reflected in the draft Bill. Significantly, the draft Bill now proposes to limit the scope of the authorisation to disclosures that are reasonably necessary for the purposes of extradition processes or international assistance in criminal matters. This narrows the circumstances in which personal information can be collected, used and disclosed for the purposes of international assistance in criminal matters. However, there are some key areas of the draft Bill that affect personal information handling, which in the OAIC’s view may warrant further consideration.
- The OAIC’s comments are based on the premise that generally the Australian community expects personal information to be handled in accordance with our own laws and accepted community norms. These norms may be different from the standards in some other countries, where personal information handling practices may reflect different cultural, religious and political values.
- The right to privacy is not absolute and it is often necessary to balance this right with other important public interests, such as the public interest in maintaining the safety and security of the Australian community and preventing criminal activity. There needs to be an appropriate balance between the public interest in law enforcement agencies sharing information to facilitate their legitimate activities and the public interest in protecting the personal information of individuals. By implementing high standards of personal information handling, law enforcement agencies can help maintain information quality and assist in maintaining the integrity of investigations and inquiries. This has the potential to deliver better outcomes, including the promotion of community trust and confidence in the sharing of personal information for law enforcement purposes.
Comments on the proposed extradition and mutual assistance reforms
- The OAIC has previously expressed concern over the current threshold test for providing mutual assistance in the draft Bill. The proposed provisions require that the foreign offence under investigation would need to satisfy the threshold of three years imprisonment as a serious offence in the foreign jurisdiction. The OAIC considers that disclosures of personal information overseas for the purposes of criminal investigations should relate to offences that would be considered serious if they were committed in Australia. The OAIC notes that cultural, historical and legal issues in foreign countries may criminalise conduct that would not be criminalised in Australia or provide harsher penalties.
- The OAIC suggests that before Australia discloses personal information to a foreign country, an assessment be made of whether a foreign offence firstly has an equivalent offence under Australian law, and secondly whether the equivalent offence would be considered a 'serious offence' because the maximum penalty available for that offence meets a particular penalty threshold. The requisite penalty threshold should be comparable to that which would be imposed under Australian law for a similar offence. This is because the penalties which may be imposed under foreign law may be disproportionate to the level of seriousness that the Australian community attributes to a particular offence.
Personal information handling overseas
- The OAIC notes that some of the provisions in the draft Bill purport to regulate the way a foreign country handles certain information provided under the Mutual Assistance in Criminal Matters Act 1987 (the Mutual Assistance Act) and the Telecommunications (Interception and Access) Act 1979 (the TIA Act).
- Proposed section 15C of the Mutual Assistance Act provides that, pursuant to a request from a foreign country, the Attorney-General may only authorise a law enforcement officer to apply for a surveillance device warrant if the requesting country has given appropriate undertakings in relation to:
- ensuring that the information obtained as a result of the use of the surveillance device will only be used for the purpose for which it is communicated to the requesting country; and
- the destruction of a document or other thing containing information obtained as a result of the use of the surveillance device; and
- any other matter the Attorney-General considers appropriate.
- The OAIC supports the proposal to require the Attorney-General to seek undertakings of this kind before Australia discloses information overseas. However, other provisions in the draft Bill which permit information to be disclosed to foreign countries provide for more limited or no undertakings.
- The information disclosed under the Mutual Assistance Act or TIA Act will, in many cases, meet the definition of ‘personal information’ contained in the Privacy Act. Given the sensitive nature of this information, the OAIC considers that it may be appropriate to include a requirement that similar undertakings or memorandums of understanding be entered into before Australia discloses any information for foreign law enforcement purposes. The OAIC considers that all personal information disclosed by the Australian Government to foreign countries should be afforded substantially similar privacy protections to those applying in Australia.
- The draft Bill would amend the TIA Act so that an authorised law enforcement officer could authorise the disclosure of existing telecommunications data (such as subscriber details and call charge records) as well as authorise the secondary disclosure of telecommunications data originally obtained for domestic law enforcement purposes. This information can be disclosed to a foreign law enforcement agency, providing the authorised officer is satisfied that the disclosure is reasonably necessary to enforce a criminal law of a foreign country and the disclosure is appropriate in all the circumstances.
- In these circumstances, the telecommunications data could be disclosed overseas even if the offence to which it relates is not a ‘serious offence’. Also, the disclosure would not be subject to judicial oversight. While the OAIC acknowledges existing telecommunications data could be disclosed within Australia in similar circumstances for an offence under a domestic criminal law, the OAIC notes that this would be subject to established oversight and accountability mechanisms in Australia.
- The OAIC suggests that it may enhance the oversight process if the TIA Act included a non-exhaustive list of the matters the authorised officer should take into account when deciding whether a disclosure is ‘appropriate in all the circumstances’.These matters may include:
- the potential impact on an individual’s privacy and Australia’s security and other national interests
- the nature of the specified documents or specified information
- the gravity of the alleged offence and
- how much these documents would be likely to assist in connection with the investigation.
- These criteria are based on the matters an issuing authority needs to take into account under section 116 of the TIA Act.
Privacy Impact Assessment
- The OAIC strongly encourages agencies to undertake Privacy Impact Assessments (PIA) for initiatives proposing changes in the way personal information is handled.The OAIC suggests that a PIA be conducted in relation to the proposed extradition and mutual assistance reforms to help identify and address potential privacy issues associated with any proposed changes to international cooperation arrangements.
- A PIA allows agencies to identify and analyse privacy impacts during a project's design phase. A project that underestimates privacy impacts can place its overall success at risk. A PIA would help identify the various information flows relating to the proposed reforms, how privacy regulation might apply to them, the privacy risks that may arise and how these risks could be addressed. The OAIC has recently released a new version of its PIA guide.
 See part 2, schedule 1 of the draft Bill
 See the former Office of the Privacy Commissioner’s submission on the 2009 exposure draft: http://www.privacy.gov.au/materials/types/submissions/view/6940
 See for example division 1, part 3 of schedule 3 of the draft Bill; division 2, part 3, schedule 3 of the draft Bill and division 3, part 3, schedule 3 3 of the draft Bill.
 See for example part 2, schedule 3 of the draft Bill, division 1, part 3, schedule 3 of the draft Bill and division 3, part 3, schedule 3 of the draft Bill.
 See item 102, division 3, part 3, schedule 3 (proposed sections 180A and 180C in the Telecommunications (Interception and Access) Act 1979)
 See paragraph 3.44 of the Explanatory Document
 Privacy Impact Assessment Guide, 2010, www.privacy.gov.au/materials/types/download/9509/6590.