How the 2016 Census breaches the right to privacy

By Melissa Castan and Caroline Henckels

This Australian Census undoubtedly provides essential information to government for planning for our nation’s future needs. However, this year’s Census has raised a number of concerns. In particular, we are concerned about:

  • The privacy of peoples’ personal information retained by the Australian Bureau of Statistics (‘ABS’)
  • The lack of legal authority for the ABS to collect names and specific dates of birth as part of the Census under the Census and Statistics Act 1905 (‘the Act’).

Unless privacy concerns can be adequately addressed, the ABS should not retain this information from the 2016 Census. Moreover, names and dates of birth should not be collected in any future Census.

Privacy concerns

Although the ABS has previously collected this information as part of the Census, the ABS’ announcement that it would be retaining this data in a new manner has caused widespread concern. Retaining identifying information that can be linked to Census records has significant privacy implications. Although the data provided to the ABS is currently protected by robust secrecy provisions in the Act, concerns remain over the security of the storage of data and the potential for its misuse. There are also concerns raised about the commercial and government agency use that may be made of such data through data linkage and statistical linkage keys.

There are relatively limited enforceable protections for personal privacy in Australia. We draw the Committee’s attention to Article 17 of the International Covenant on Civil and Political Rights, which states:

    1. No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation.
    2. Everyone has the right to the protection of the law against such interference or attacks.

Article 17 prohibits interferences with privacy which are ‘unlawful’ and ‘arbitrary’. The UN Human Rights Committee, in General Comment 16 (1988), on the Right to Privacy, has stated that ‘[t]he term ‘unlawful’ means that no interference can take place except in cases envisaged by the law. Interference authorised by States can only take place on the basis of law, which itself must comply with the provisions, aims and objectives of the Covenant.’

Therefore, laws that authorize interference with privacy must be precise and circumscribed, and must not give decision-makers undue discretion in authorizing interferences with privacy.

The General Comment also states that ‘relevant legislation must specify in detail the precise circumstances in which such interferences may be permitted. A decision to make use of such authorised interference must be made only by the authority designated under the law, and on a case- by-case basis.’ Moreover, ‘public authorities should only be able to call for such information relating to an individual’s private life the knowledge of which is essential in the interests of society as understood under the Covenant. . . .’

With contemporary technological capacity for gathering, storing and analyzing enormous amounts of personal information, the application of Article 17 regarding data protection is therefore very relevant.

The Human Rights Committee has specifically turned its attention to the relationship between the right to privacy and governments’ need to collect certain data for national purposes, stating that:

The gathering and holding of personal information on computers, databanks and other devices, whether by public authorities or private individuals or bodies, must be regulated by law. Effective measures have to be taken by States to ensure that information concerning a person’s private life does not reach the hands of persons who are not authorised by law to receive, process and use it, and is never used for purposes incompatible with the Covenant…Every individual should also be able to ascertain which public authorities or private individuals or bodies control or may control their files. If such files…have been collected or processed contrary to the provisions of the law, every individual should have the right to request rectification or elimination. (General Comment 16)

In 2008 the Human Rights Committee considered this issue in relation to France. We draw attention to the following extract:

  • The State party should take all appropriate measures to ensure that the gathering, storage and use of sensitive personal data are consistent with its obligations under Article 17 of the Covenant. Taking into account general comment No. 16 (1988) on Article 17 (Right to privacy), the State party should in particular ensure that:
  • The gathering and holding of personal information on computers, data banks and other devices, whether by public authorities or private individuals or bodies, is regulated by law;
  • Effective measures are adopted to ensure that such information does not reach the hands of persons who are not authorized by law to receive, process and use it;
  • Individuals under its jurisdiction have the right to request rectification or elimination of information when it is incorrect or has been collected or processed contrary to the provisions of the law.

Whilst Australia is a signatory to the ICCPR, there is incomplete protection of the right to privacy in Australian law. The Privacy Act 1988 (Cth) requires that data collected and stored by government agencies must be treated in a manner consistent with the Australian Privacy Principles (APPs). Under those principles, only the information necessary for a particular service should be collected (APP 3.1 & 3.2) and stored in a way that provides a reasonable level of protection against misuse or interference (APP 11). The ABS is a Commonwealth agency established in order to gather data from the community on a wide range of aspects of Australian life.

There is generally widespread public goodwill towards the Census, and people understand the public benefit of the collection of census data. However, given the abbreviated public consultation on the manner and use of data collected by the ABS for the 2016 Census, we are concerned that there is no evidence of widespread informed consent to the changes in use, or prospective uses of data emerging from this census.

We are also specifically concerned about matters such as ‘data linking, information security and statistical linkage keys’ of which the general public have very limited knowledge or understanding. Nor can it be said that people have given consent to the myriad uses to which this data could be applied. Assurances by the ABS that data linking and linkage keys are ‘best practice’ and provide adequate privacy protection by de-identifying people’s name from their data are no longer convincing or reliable. In the days following 9 August 2016 (‘Census night’) many examples came to light of simple ‘reverse de-identification’ of statistical linkage keys, once a person’s name, date of birth and gender were available. We are concerned that the use of census data and data linkage across government agencies leads us into ‘a system requiring personal information under compulsion of law where the system has increasingly powerful capacity to store, sort, match, and predict’ individual behaviour (see Kate Galloway’s Submission [#10] to this Senate Committee). The potential for this information to be sold on to commercial operators is of even greater concern. Such a system, even if authorised by law, itself represents a fundamental breach of people’s rights to privacy.

In light of the concerns regarding privacy and the relationship between the retention of data, names and other identifying indicia, and the use of statistical linkages keys, and the unclear uses that the ABS census data could be put to, it is important to consider the legal authority to collect certain materials in the Census.

The ABS has no legal authority to collect names and dates of birth

As Caroline Henckels previously posted on this blog, we consider that the ABS does not have the legal authority to require people to provide their name as part of the Census exercise. Moreover, an argument can also be made that the ABS does not have the power to collect a person’s specific date of birth. This is because the ABS is only permitted to collect ‘statistical information.’ Section 8(3) of the Act provides that ‘[f]or the purposes of taking the Census, the Statistician shall collect statistical information in relation to the matters prescribed [by regulations] for the purpose of this section.’ Section 14 of the Act states that a person commits an offence if they fail to comply with a written direction by the Statistician or an authorised officer to fill out the Census form or a written direction by the Statistician to answer ‘a specified question that is necessary to obtain any statistical information’ in the Census.

In other words, the Statistician must collect ‘statistical information’ for ‘the purposes of taking the Census.’ ‘Statistical information’ is not defined in the Act, but section 12 of the Act provides that ‘The Statistician shall compile and analyse the statistical information collected under this Act and shall publish and disseminate the results of any such compilation and analysis, or abstracts of this result.’ This suggests that ‘statistical information’ is information that will be ‘compiled’ to be ‘analysed’—examined in the aggregate—for the purpose of publishing and disseminating the results.

Although the relevant regulations prescribe ‘name’ and ‘date of birth’ as ‘statistical information’, it seems highly unlikely that the ABS intends to compile and analyse ‘names’ and ‘dates of birth’ as a category of information (for example, how many people named ‘Caroline’ were in Australia on Census night, or how many people were born on 1 January every year). The 2016 Census made provision for people to include their age, rather than date of birth; this suggests that the request for specific date of birth is not needed as a statistical matter. Instead, names and dates of birth are collected to undertake a data-matching process between Census records and other administrative records held by government, such as tax, social security and education records. We understand from former ABS Statistician Bill McLennan that this is a separate statistical exercise performed after the Census has been taken, and is not part of the Census itself.

Therefore, we argue that names and dates of birth are not ‘statistical information’, meaning that their collection is not authorised by legislation. Moreover, in relation to the offence of failing to comply with a direction (section 14), we fail to see how provision of one’s name and date of birth is ‘necessary’ to obtain statistical information, although it may be expedient.

Because, in our view, names and dates of birth have been collected without lawful authority, the ABS should delete this information. As the UN Human Rights Committee has stated (in General Comment 16 noted above): ‘If such files…have been collected or processed contrary to the provisions of the law, every individual should have the right to request rectification or elimination.’

We further submit that there should be no prosecution brought against people who withhold their name and/or date of birth from the Census form, including those people who filled in the Census form online and indicated their intention not to provide their name but were obliged to enter text in all fields of the form in order to submit it.

This blog post is an edited version (footnotes omitted) of the Castan Centre’s Submission (Submission #48) to the Senate Standing Committee on Economics’ Inquiry into the 2016 Census.

The ConversationTo receive notification of new posts, click “sign me up” at the top.
To become a Castan Centre member (it’s free), click here.
To follow the Castan Centre on Twitter, click here.  

One comment

Submit a comment

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s