Justice Michael Kirby

(Ed. Note: This is a shortened version of a speech by Justice Michael Kirby to an international conference on privacy in Hong Kong on 13 September1999. Between 1978 and 1980 Justice Kirby chaired an OECD expert group on privacy protection)

In 1980 the Organisation for Economic Cooperation and Development (OECD) adopted guidelines on the protection of privacy in the computer age. The OECD does not usually get involved in such human rights concerns. The reason that propelled the OECD into this issue was a fear that its member states, including Australia, would introduce incompatible and conflicting laws for the defence of privacy. This would result in serious impediments to the generally free flow of data across their borders and beyond. This was the reason that brought together an expert group on privacy. I was elected to chair the group.

Given the different cultures and legal systems of the 24 participants, it was remarkable that we achieved consensus. But once adopted, the OECD Guidelines, upon which we agreed, became highly influential on the laws of the member states. The Australian and New Zealand laws on privacy for example basically adopted the privacy principles expressed in the Guidelines and accepted the high measure of flexibility which they permitted. The key provisions required limitations on the needless collection of personal information, security of such information once in the system and a right of access by a data subject to his or her own personal information so as to know what others were seeing in that person's data profile.

Privacy Protection More Complicated

Since the 1980 guidelines, the world has moved increasingly to recognise the close inter-relationship between an open and dynamic economy and an open and dynamic democracy operating under the rule of law. This has led bodies such as the OECD and the World Bank into an increased appreciation of the importance of good governance for sustained economic development. The protection of basic human rights is vital in this context for the growth of global markets upon which depend the economic viability and strength of the economy of every nation.

Yet the world, particularly in the field of information technology, has changed beyond recognition from the world into which the OECD Guidelines came nearly twenty years ago. It is therefore timely to consider the changes and some of their implications. We must ask, as The Economist did in May 1999: Are we witnessing "the end of privacy"?

The most important change has been brought about by the growth of the World Wide Web, the unstoppable expansion of the Internet and the rapid development of e-commerce. Use of the Web more than doubles every twelve months. Looking ahead, it is necessary to envisage the way in which the lives of human beings will be altered as the global network of interconnected users of information technology becomes bigger and ever more powerful. Can individual privacy survive in such a world?

In the past, the chief practical protection for privacy lay in the sheer cost of retrieving personal information and the impermanency of the forms in which much information was stored. However, such practical safeguards largely disappear in the digital age. It is not always appreciated by users of the Web that without specific initiatives on their own part, their visits to particular websites can often be resurrected, presenting a comprehensive profile of their attitudes and interests. That profile may illustrate the subjects inclinations: political, social, sexual and otherwise.

Informed writers are therefore already suggesting the necessity for new principles to protect individuals appropriate to today's technology. The suggestions include the assertion that privacy today involves a right not to be indexed; a right to encrypt personal information effectively; a right to secure human checking of adverse decisions made on computer profiles; a right to be alerted to such decisions; and a right of disclosure about the collections to which others have access and which may affect the projection of the profile of the individual concerned.

In Hong Kong, Privacy Commissioner Stephen Lau has drawn attention to high levels of concern reported amongst computer users both about the privacy and security of their personal data. He has mentioned the demands of consumers and their representatives to be informed of a providers' policy on data privacy; to have a choice of anonymity for browsing and transacting business; and to be able to secure encryption facilities for the collection and use of sensitive data. One suggestion in this context is accreditation of information systems with a recognised "privacy ¹seal". This would provide effective assurance to consumers about suppliers' compliance with an adequate privacy policy. But governments may sometimes want to crack such seals where they consider this to be warranted for law enforcement, intellectual property protection and taxation objectives.

One of the most dynamic technological changes which is occurring today involves the marriage of information technology and the study of human genetics. Scientists collaborating in the Human Genome Project are in the process of sequencing the entire human genome. Unless restrained by law, governments, employers, insurers and others may, in some circumstances, seek access to personal data of this kind. Concerns of this type did not exist in 1980. Doubtless further and more complex developments will occur between now and the end of the next 20 years. What may be needed is a global institution by which the rapid advances of technology and their implications for effective privacy protection can be kept under constant review. After all, the technology is interactive and trans-continental. So the problem is international.

Privacy a Universal Value

A global meeting on privacy protection is therefore timely. It is symbolic that it should take place in Hong Kong. Such a venue makes the point that privacy is a universal value, as the instruments of the United Nations declare. It is not a culture-bound value relevant only to advanced Western democracies. Whilst the exact content and priorities for privacy protection will differ from one country to another and will vary as between different cultures, the core value is the same. It arises from the dignity of each individual human being. It gathers universal significance because of the dynamic force of global technology.

According to The Economist it is too late to do much about protecting privacy. The edition of May 1999 says that we cannot even restore the levels of privacy enjoyed by individuals in the 1970s. Most people, it asserts, do not care. With greater surveillance comes the chance of greater safety in shopping malls and urban streets. A universal data bank of DNA will allow criminals to be found and convicted. International satellite monitoring of telecommunications will make the world safer from terrorists. The Economist's conclusion: "The best advice is: get used to it'.

But not everyone takes this attitude. For example, the European Union has issued a new and protective Data Protection Directive. It aims to defend privacy values. The Australian Government, after initially promising privacy protection laws applicable to the private sector and then retreating, now appears to have returned to its original intention. New Australian legislation is awaited.

These are the two visions for the future. One defends individual privacy. The other gives up. One asserts the capacity of law and policy-makers to uphold a fundamental human right in the face of technology. The other says it is impossible - and possibly unnecessary. Resolving these debates presents one of the greatest questions before humanity in the coming century. Their resolution will shape the human environment and all that follows. What is at stake is nothing less than the future of the human condition.