Centrelink duty of care has failed, regardless of Information Commissioner finding

Photo: CC Licensed Flickr user David Jackmanson

Privacy rights groups Digital Rights Watch, the Australian Privacy Foundation and Electronic Frontiers Australia have slammed a statement by the Office of the Information Commissioner and the Privacy Commissioner that their investigation found no wrongdoing in the release of personal information by a government department.

In February 2017, writer Andie Fox wrote an article that was critical of Centrelink’s controversial debt recovery program. In response, the office of the former Human Services Minister Alan Tudge released Ms Fox’s personal details (including details of Fox’s relationship and her tax and claims history) to another journalist, who subsequently published an article countering Fox’s claims.

“It’s extremely concerning that the OAIC has ruled that there has been no breach of privacy here. To assume that the Australian Privacy Principles allow for release of information if a person has a ‘reasonable expectation’ is ludicrous, and tips the power way too much towards the holders of information rather than the individual,” said Digital Rights Watch Chair Tim Singleton Norton

The groups warned of the consequences of a government agency disclosing someone’s personal information due to unfavourable media coverage.

“Australian citizens such as Ms Fox should be able to exercise freedom of speech, particularly in relation to offering opinions and criticisms of government services, without the threat of their personal information being broadcast to the world,” said Mr Singleton Norton.

“There is concern about the appearance that the privacy regulator may have been ‘captured’ by the Canberra federal bureaucracy and politicians after the government’s thwarted 2014-15 campaign to abolish and defund it. Rather than independent and fearless protection for an individual being in effect told ‘you should have expected this smear campaign using you and your partner’s personal information, so its legal’, the finding appears to normalise abuse of a legitimate complainant, who now has no other remedy. Ms Fox shared her personal experience of a system we know to have been a case study in IT governance failure: she did not deserve this kind of treatment”, said Australian Privacy Foundation Chair David Vaile.

“Worryingly, this could be taken as a green light for politicians in power to dig dirt, leak and smear anyone who complains publicly about their treatment, exploiting the grossly disproportionate imbalance of power. This would be a real attack on freedom of speech, and on the right to hold government to account, as well as on privacy and data protection. This also raises questions about inconsistencies between ‘open government’ accountability policies and the ‘doxing’ of a complainant.”    

“To witness such a fundamental breakdown of the right to freedom of the press is incredibly worrying,” said Electronic Frontiers Australia’s Lyndsey Jackson.

“That someone would speak out and then a Minister would order a staff member to go rifling through an individual’s personal file for ‘dirt’ and then share it with the media is clearly an act of silencing dissent.”

“Governments using the information Australians share with Centrelink, an agency people interact with at their most vulnerable point, to cover their own political agenda undermines public trust in the Privacy Act as well as trust in the OAIC having necessary autonomy.”