Australian business needs to recognise its own interests in international privacy protection and take a more active part in the debate.
The recent partial endorsement by the Australian Law Reform Commission of the APEC approach to privacy protection of personal information that crosses national borders (see media statement of 11 August 2008) is likely to enliven public discussion of options for international privacy protection. Already, Chris Connolly has published a critique of APEC's accountability principle under which the exporter of personal information remains accountable for its privacy protection. ('Asia-Pacific Region at the Privacy Crossroads (2008)', Chris Connolly, Galexia).
It is this principle that, subject to some qualifications, has been adopted in the privacy report of the Australian Law Reform Commission. One of the qualifications is that the exporter should not be accountable where the laws of the receiving jurisdiction are rated as ‘adequate'.
Rating is to be done by the Australian Government which, under current administrative arrangements, means Senator Faulkner supported by the Department of the Prime Minister and Cabinet. Thus, the concept of ‘adequacy', which derives from the European Union's Privacy Directive, enters by the back door.
The Connolly article conveniently summarises the arguments put forward in public commentary on the APEC Privacy Framework. As the former chair of the working group that drafted the Framework, it appears to me that there are three underlying arguments, repeated in the Connolly article, that should not go unchallenged - that implementation of the Framework would be more burdensome than the EU approach, that the EU approach is the only valid one and that the Framework merely reflects the dominance of US business.