Privacy Commissioner sits on OzLog fence


Australian Privacy Commissioner Karen Curtis has issued a muted statement in reaction to a proposal — dubbed “OzLog” online — by the Federal Attorney-General’s Department which could see Australians’ email and telephone records tracked by internet service providers.

“My office was consulted by the Attorney-General’s Department on this proposal last year as part of initial consultations including with industry,” said Curtis. “At this stage, we understand the government is still considering the matter and we look forward to providing further comment as the proposal is developed.”

The Privacy Commissioner said in general, limiting the amount of information collected and the length of time it was retained was good privacy practice, however she added that under Australian legislation “it is important to balance other community interests such as public safety and national security with privacy considerations.”

“My office would also expect that any proposed legislation would have the appropriate privacy safeguards built-in,” she said.

Curtis’ statement came in reaction to a number of questions sent by Delimiter to her office on the issue, which arose on Friday after the Attorney-General’s Department confirmed it had been examining the European Directive on Data Retention to consider whether it would be beneficial for Australia to adopt a similar regime.

The directive requires telcos to record data such as the source, destination and timing of all emails and telephone calls – even including internet telephony. has also quoted ISP sources stating that the proposal could go as far as tracking Australians’ web browsing history — a claim since denied by the office of Federal Attorney-General Robert McLelland.

The questions sent by Delimiter asked Curtis to give her opinion on whether the Attorney-General’s proposal had the potential to contain privacy risks, but also general questions on how seriously the potential privacy risks were associated with the automatic storage of email information such as “to” and “from” addresses. Curtis did not directly address some of the questions.

Image credit: Chris Chidsey, royalty free


  1. “it is important to balance other community interests such as public safety and national security with privacy considerations”

    No, it’s not. If you need to delve into somebody’s private details, you get a warrant. Fín.

  2. The Australian Privacy Commissioner is spineless and hasn’t made a declaration for her entire term. I’m not surprised that she’s rolling over yet again, it is what she does. Far from protecting our privacy and being a strong advocate she’s letting Australians get increasingly screwed. It is a shame we can’t fire or elect some of these people at times – incompetent bureaucrats reign free.

    • I don’t think she’s spineless, but I would have expected to see a better comment on this matter than she gave — it’s kind of disappointing that for something this large, she’s not that interested in it.

      • It isn’t just this issue that she hasn’t done much about, there are a whole swag of issues that she refuses to really make a strong opinion upon, determination in or any form of ruling. It really feels like she isn’t particularly interested in taking a strong stand on anything. This is just another in a long stream of things where not a lot has happened. Have a look around and you will see a significant amount of criticism about the inaction of the current privacy commissioner in a wide range of contexts.

        • Sam, you are exactly right. She has been there for years, and as you say, she “hasn’t made a declaration for her entire term”.

          Have you ever lodged a complaint with her office? Oh my, massive corporations with access to in house and external lawyers against inidividuals who cannot, in a million years, access such resources.

          Her staff treat complainants with contempt. Shame, shame, shame.

          I’m not sure if you have seen or heard this — it’s well worth a listen. Here’s an excerpt:

          Graham Greenleaf: That’s right. The Act provides in Section 52 that after investigating a complaint the Privacy Commissioner may, a) make a determination dismissing the complaint; or b) find the complaint substantiated, and then make a determination that includes various remedies. Now obviously the legislature anticipated that the Privacy Commissioner would make determinations, deciding both ways, both in the negative or the positive on a complaint. Now what is happening with the Privacy Commissioner’s office, with the current Privacy Commissioner, is that the Commissioner’s Office essentially refuses to make any formal determinations under Section 52, dismissing a complaint. The current Commissioner has never made any determination one way or the other, on making a determination.

          Damien Carrick: How long has the current Commissioner been in office?

          Graham Greenleaf: I think it’s approximately five years, but I’m not sure of the exact time, and the Commissioner’s Office in letters to Sara and in other published statements, have said that a complainant has no right to require the Commissioner to make a determination, it’s a discretionary power. And I’m quoting a letter from the Commissioner’s Office. ‘She’s not required or obliged to make a determination even if the parties request it.’ Now the letter doesn’t go on to say well what’s their policy on when she will make a determination? And the facts I think, speak for themselves. She never ever makes a determination.

          • This is a fairly shocking situation, if true. I have to say, however, in dealing with the various regulatory authorities over the years that are supposed to have some form of independence from the government, the only one I have found that really does have a degree of independence is the ACCC.

            And even then, ACCC chairman Graeme Samuel still does have a strong nose for detecting where the political wind is sailing …

            The Reserve Bank also has had a degree of independence, but the same situation exists there — it will exert its independence within the broad limits that current political expediency allow.

            If the Privacy Commissioner won’t have a say about this issue — a gross invasion of Australian privacy — what issue is she likely to stand up on? Oh wait, that’s right, Google’s Wi-Fi scanning!


  3. Oh, I think that I was wrong… she may not be going soon :(

    I was getting confused with the former TIO being appointed as NSW Information Commissioner.

  4. As if anyone doing anything dodgy won’t route through an offshore proxy they have an encrypted connection to, or use a SSH tunnel or other kind of VPN technology.

    I already use an off-shore server for all my emailing that I only access via encrypted connection simply out of good security practice.

    It’s an affront to the privacy that should be the right of everyday Australians and a waste of time and resources in regards to the tracking of criminal activity.

    More Technofail from Australian Government/Authorities.

Comments are closed.