24 April 2017


'India’s Aadhaar scheme and the promise of inclusive social protection' by Amiya Bhatia and Jacqueline Bhabha in (2017) 45(1) Oxford Development Studies 64-79 examines
the promise of inclusive social protection central to India’s Aadhaar scheme, a national initiative using biometric information to allocate unique identification numbers to Indian residents. Aadhaar has reached over one billion people and promises to expand access to basic identification, improve enrolment in social protection and financial inclusion schemes, curb leakages, reduce corruption and address other gaps in India’s social protection architecture. However, the establishment of a national identification scheme does not of itself guarantee social protection. This paper assesses Aadhaar’s aims to achieve inclusive social protection through personal, civic, functional and entrepreneurial inclusion, and explores whether Aadhaar indeed fulfils these goals. Although it is too early conclusively to evaluate Aadhaar as a transformative contributor to social protection in India, there is much to be learned for transnational social protection from the scheme’s efforts to create a more inclusive system and to address the critical questions of privacy and state surveillance at stake.
The authors conclude
It is too early conclusively to evaluate the inclusiveness of Aadhaar as a transformative contributor to social protection in India. Certainly, the scale of initial voluntary enrolment is impressive, the range of functions brought within the scheme is expanding (with central government support and backup), and so far, despite some public statements to the contrary, Aadhaar eligibility has not been limited to citizens or even to legal residents of India. More quantitative and qualitative research is needed in order to understand how Aadhaar is being used in a range of contexts, and to what extent it delivers on the early promises of inclusion. And further work is needed to ensure Aadhaar does not compromise India’s birth registration system. If Aadhaar is not paired with improvements to social welfare programmes in India, there is a risk that biometric technology may become a data collection device, instead of facilitating social protection programmes aimed at reducing the economic and social vulnerability of poor and marginalized groups.
Aadhaar offers the benefits of technology to India’s social protection system – efficiency, scalability, a mitigation of corruption and leakages, improved data systems, and a portable system with national-level commitment and financial support. Evidence presented in this paper, however, suggests some early warning signs. Geographic enrolment remains uneven, mirroring national patterns of inequality and under-provision with the least well-served populations, regions and states also the least enrolled. Some reports highlight the disproportionate rate of Aadhaar registration among convicted populations in tribal areas against a backdrop of extremely low tribal enrolment overall. One study raises serious questions about the inclusiveness of Aadhaar for urban homeless populations lacking a permanent abode or intact ngerprints. Aadhaar addresses many delivery challenges, yet the questions of how social protection is designed, whether it is targeted, and how a beneficiary is defined require changes which lie outside the realm of improved technology and authentication. Aadhaar’s technology has also created the largest biometric database in the world without a corresponding codification of data protection provisions.
Serious concerns exist about the scope for surveillance and control generated by the massive expansion of potential government access to personal data without the necessary legal or accountability framework. Lyon (2009) describes the ‘social sorting’ that ID card systems enable and opportunities for surveillance which come from having access to searchable and interconnected databases and to data mining techniques. A nine-country study of public perceptions of ID systems highlights the tension between public support for an efficient ID card system and anxiety about potential data misuse. In Canada, USA, France, Spain, Mexico and Hungary, there were acute public concerns about risk of misuse of data in relation to ID cards, when ID cards were associated with national registry databases containing additional data (Lyon, 2009). In the UK, public dissent defeated proposals for an integrated ID card as concerns were raised based about ‘data creep’ and potential privacy risks stemming from the possibility of integrating di erent databases (Beynon-Davies, 2006; Davies, 2005). In Greece, information about religion, profession and residence was initially included on ID cards and later removed by the national regulator (Davies, 2005). Although many countries have ID cards, only a few publicly disclose information about costs, implications, effects on civil liberties and the penalties of non-compliance (Davies, 2005). No such information is available for India, where at present. Enthusiasm for the inclusion potential of Aadhaar seems to far outstrip any concerns about surveillance or threats to personal privacy. Whether such concerns will grow as the system becomes entrenched and in the absence of a robust oversight and appeals mechanism remains to be seen.
Many have argued that Aadhaar is changing the logic of India’s social welfare system, and that biometric identity and the possibility of interoperability – one authentication system which can be used by many di erent institutions – signal a shift  in governmental rationality in India (Sarkar, 2014): ‘computerised biometrics, like its paper-based predecessors, is driven by the fantasy of administrative panopticism – the urgent desire to complete and centralize the state’s knowledge of its citizens’ (Sarkar, 2014, p. 518 quoting Breckenridge, 2005, p. 271). is search for the perfect enumeration or ‘legibility’ of a population can be connected to eighteenth- and early nineteenth-century ideas that subjects represent wealth and good governance requires measuring and counting (Merry, 2011). However ‘seeing better’ must be linked with ‘serving better’ for population knowledge to improve the delivery of social protection: "the premodern state was, in many crucial respects, blind; it knew precious little about its subjects, their wealth ... their very identity". (Scott, 1998, p. 2)
India’s operationalization of state welfare schemes is predicated on a newly transparent relationship between the state and its citizens. Biometric data and enrolment and enumeration efforts have created new hierarchies and allowed a series of interconnected actors to act as gatekeepers and stewards of India’s social protection system, and for bene ciaries or consumers to be governed by the use of biometric identification. These changes are influencing how social welfare is delivered and have triggered a shift  towards cash transfers and the creation of a welfare market, with multiple state and non-state actors providing, regulating and transferring welfare benefits (Khera, 2011; Sarkar, 2014). Although it is unlikely that Aadhaar alone will address the structural weaknesses in India’s social protection systems, universal identification can enable greater efficiency and transparency, helping schemes to reach their intended beneficiaries, and influencing the ease and delivery of these state-to-citizen welfare transfers. The changes Aadhaar catalyzes also have the potential to give banks and financial providers a much larger role in the delivery of education, health and employment services or subsidies as these providers become the distributers of cash. The state may shift  from being the direct supplier of social welfare schemes to disbursing funds or coupons (Sarkar, 2014) through a larger network of actors from both the public and private sectors, each of which brings their own agendas to the provision of social welfare.
It is possible that the current struggles to maintain the voluntary nature of Aadhaar enrolment will be unsuccessful, and obligatory Aadhaar registration may well follow. Future administrations may also insist on restricting Aadhaar eligibility to citizens or legal residents, a move which would signi cantly dent the programme’s universal and inclusive impact. For positive social protection objectives to be achieved in tandem with growing Aadhaar registration, the package of social protection schemes linked to the programme must be carefully designed and robustly implemented to bene t from Aadhaar. Transformative social protection can be a ordable while contributing to the fundamental policy goals of pro-poor economic growth and improved social equity (Devereux & Sabates-Wheeler, 2004). To have a sustained and decisive impact on prevailing inequities, underlying vulnerabilities need to be examined and resources reliably transferred through social protection programmes (Devereux, Mcgregor, & Sabates-Wheeler, 2011). For a comprehensive effect on the most vulnerable populations, these measures must proceed in tandem with a comprehensive strengthening of public services and programmes in order to address broader inequalities – efforts which Aadhaar, if appropriately utilized, could powerfully enhance.

Comparative Nudges

'Behavioral Insights All Over the World? Public Attitudes Toward Nudging in a Multi-Country Study' by Cass R. Sunstein, Lucia A. Reisch and Julius Rauber comments
Nudges are choice-preserving interventions that steer people’s behaviour in specific directions while allowing people to go their own way. Some nudges have been controversial, because they are seen as objectionably paternalistic. This study reports on nationally representative surveys in eight diverse countries, investigating how people actually think about nudges and nudging. The study covers Australia, Brazil, Canada, China, Japan, Russia, South Africa, and South Korea. Generally, we find strong majority support for nudges in all countries, with the important exception of Japan, and with spectacularly high approval rates in China and South Korea. We connect the findings here to earlier studies involving the United States, the United Kingdom, Italy, Denmark, France, Germany, and Hungary. The largest conclusion is that while citizens generally approve of health and safety nudges, the nations of the world appear to fall into three distinct categories: (1) a group of nations, mostly liberal democracies, where strong majorities approve of nudges whenever they (a) are seen to fit with the interests and values of most citizens and (b) do not have illicit purposes; (2) a group of nations where overwhelming majorities approve of nearly all nudges; and (3) a group of nations with markedly lower approval ratings for nudges. We offer some speculations about the relationship between approval rates and trust.
'The Curious Case of Choice Architect: Examining the Philosophical Inconsistencies of Libertarian Paternalism' by Francis Kuriakose and Deepa Kylasam Iyer comments 
Classical economics works on the principle that individuals are rational and make decisions to maximize their self interest. However in real situations, individuals face a conflict between rational and irrational selves leading to decision making that does not leave them better off. Libertarian paternalism proposes a solution to this rationality problem in an individual by conceiving a choice architect. Choice architect is a third party capable of arriving at what a perfectly rational choice would be and ‘nudges’ an individual towards making that choice. Libertarian paternalists claim that choice architect does not interfere with the freedom of an individual because the choices he offers are easily reversible, i.e, an individual can reject it at any given point in time. Libertarian Paternalism seems to offer the third way between absolute autonomy of individual choice (libertarianism) and third party intervention (paternalism). This paper argues that the conception of a choice architect comes out of a hasty commitment to reconciling libertarianism and paternalism by placing perfect rationality and autonomy in two separate individuals in the case of a single decision making process. The paper proposes alternatives to confront the rationality problem.

21 April 2017

German Privacy, Harm and Dignity

'A Pantomime of Privacy: Terror and Investigative Powers in German Constitutional Law' (Washington &  Lee Legal Studies Paper No. 2017-5) by Russell Miller comments 
Germany is widely regarded as a global model for the privacy protection its constitutional regime offers against intrusive intelligence-gathering and law enforcement surveillance. There is some basis for Germany’s privacy “exceptionalism,” especially as the text of the German constitution (Basic Law) provides explicit textual protections that America’s 18th Century constitution lacks. The German Federal Constitutional Court has added to those doctrines with an expansive interpretation of the more general rights to dignity (Article 1 of the Basic Law) and the free development of one’s personality (Article 2 of the Basic Law). This jurisprudence includes constitutional liberty guarantees such as the absolute protection of a “core area of privacy,” a “right to informational self-determination,” and a right to the “security and integrity of information-technology systems.” On closer examination, however, Germany’s burnished privacy reputation may not be so well-deserved. The Constitutional Court’s assessment of challenged intelligence-gathering or investigative powers through the framework of the proportionality principle means, more often than not, that the intrusive measures survive constitutional scrutiny so long as they are adapted to accommodate an array of detailed, finely-tuned safeguards that are meant to minimize and mitigate infringements on privacy. Armed with a close analysis of its recent, seminal decision in the BKA-Act Case, in this article I argue that this adds up to a mere pantomime of privacy – a privacy of precise data retention and deletion timelines, for example – but not the robust “right to be let alone” that contemporary privacy advocates demand.
'Data Privacy and Dignitary Privacy: Google Spain, the Right to Be Forgotten, and the Construction of the Public Sphere' by Robert Post comments
 In 2014, the decision of the European Court of Justice in Google Spain SL v. Agencia Española de Protección de Datos (“Google Spain”) set off a firestorm by holding that the fair information practices set forth in EU Directive 95/46/EC, which is probably the most influential data privacy text in the world, require that Google remove from search results links to websites containing true information on the grounds that persons possess a “right to be forgotten.” As a result of Google Spain, Google has processed 703,910 requests to remove 1,948,737 URLs from its search engine, and some 43.2% of these URLs have been erased from searches made under the name of the person requesting removal. The world-wide influence of Google Spain is likely to become even greater when the EU promulgates it General Data Protection Regulation (“GDPR”) in 2018.
At stake in Google Spain were both privacy values and freedom of expression values. Google Spain inadequately analyzes both. With regard to the latter, Google Spain fails to recognize that the circulation of texts of common interest among strangers makes possible the emergence of a “public” capable of forming “public opinion.” The creation of public opinion is essential for democratic self-governance and is a central purpose for protecting freedom of expression. As the rise of American newspapers in the 19th and 20th Century demonstrates, the press establishes the public sphere by creating a structure of communication that is independent of the content of any particular news story. Google underwrites the virtual public sphere by creating an analogous structure of communication.
With regard to privacy values, EU law, like the law of many nations, recognizes two distinct forms of privacy. The first is data privacy, which is protected by Article 8 of the Charter of Fundamental Rights of the European Union. Data privacy is safeguarded by fair information practices designed to ensure (among other things) that personal data is used only for the specified purposes for which it has been legally gathered. Data privacy operates according to an instrumental logic, and it applies whenever personal information is processed. Its object is ensure that persons retain “control” over their personal data. Google Spain interprets the Directive to give persons a right to have their personal data “forgotten” or erased whenever it is “inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes of the processing at issue carried out by the operator of the search engine.” It is not necessary to show that the processing of such data will cause harm.
In contrast to data privacy, Article 7 of the Charter of Fundamental Rights of the European Union is entitled “Respect for Family and Private Life.” Article 7 should be interpreted analogously to how the European Court of Human Rights interprets Article 8 of the European Convention. Article 7 of the Charter therefore protects the dignity of persons by regulating inappropriate communications that threaten to degrade, humiliate or mortify them. The privacy at issue in Article 7 follows a normative logic that tracks harms to personality caused by violations of civility rules. Article 7 protects the same privacy values as those safeguarded by the American tort of public disclosure of private facts. It protects what we may call “dignitary privacy.” Throughout the world, courts protect dignitary privacy by balancing the harm a communication may cause to the integrity of a person against the importance the communication may have to the public discourse necessary for democratic self-government.
The instrumental logic of data privacy is inapplicable to public discourse, which is why both the Directive and GDPR categorically exempt journalistic activities from the reach of fair information practices. The communicative action characteristic of the public sphere is made up of intersubjective dialogue, which is antithetical both to the instrumental rationality of data privacy and to its aspiration to ensure individual control of personal information. It was therefore a mistake for Google Spain to apply the fair information practices of the Directive to the Google search engine.
But the Google Spain opinion also glancingly mentions Article 7, and in the end the opinion creates doctrinal rules that are inconsistent with the Directive and roughly reminiscent of those used to protect dignitary privacy. The Google Spain opinion is thus deeply confused about the kind of privacy it wishes to protect. The opinion is pushed in the direction of dignitary privacy because courts have for more than a century sought to impose the values of dignitary privacy on both public discourse and the press. Although the normative logic of dignitary privacy is in tension with freedom of expression, because it limits what can be said, it is not ultimately incompatible with a right to freedom of expression insofar as that right seeks to foster democratic self-government. Public discourse cannot become an effective instrument of self-governance without a modicum of civility.
The Google Spain decision recognizes dignitary privacy only in a rudimentary and unsatisfactory way. It inadequately theorizes both the harm a Google link might cause and the contribution a link might make to public discourse. If it had more clearly applied the doctrine of dignitary privacy, moreover, Google Spain would not have held that the right to be forgotten should apply to Google and not necessarily to the underlying websites to which the Google search engine creates links. Google Spain would not have outsourced the enforcement of the right to be forgotten to a private corporation like Google. Only government agencies are authorized to determine the balance between civility and freedom appropriate for these underlying websites.

Robots, Liability and Accidents

'The Rise of Robots and the Law of Humans' (Oxford Legal Studies Research Paper No. 27/2017) by Horst Eidenmueller is characterised as an
ttempt to answer fundamental questions raised by the rise of robots and the emergence of ‘robot law’. The main theses developed in this article are the following: (i) robot regulation must be robot- and context-specific. This requires a profound understanding of the micro- and macro-effects of ‘robot behaviour’ in specific areas. (ii) (Refined) existing legal categories are capable of being sensibly applied to and regulating robots. (iii) Robot law is shaped by the ‘deep normative structure’ of a society. (iv) If that structure is utilitarian, smart robots should, in the not too distant future, be treated like humans. That means that they should be accorded legal personality, have the power to acquire and hold property and to conclude contracts. (v) The case against treating robots like humans rests on epistemological and ontological arguments. These relate to whether machines can think (they cannot) and what it means to be human. I develop these theses primarily in the context of self-driving cars – robots on the road with a huge potential to revolutionize our daily lives and commerce.
'Products Liability and the Internet of (Insecure) Things: Should Manufacturers Be Liable for Damage Caused by Hacked Devices?' by Alan Butler in University of Michigan Journal of Law Reform (forthcoming) comments
Despite the fact that discussions of liability for defective software go back more than forty years, there is no clear consensus on what theory governs liability for damage caused by ‘onnected devices’ (or the ‘Internet of Things’). However, the proliferation of IoT devices may be the catalyst for a new field of ‘connected devices’ products liability law, which could provide a good model for determining liability for several reasons. First, attacks on IoT devices can and have caused significant damage to property and are highly foreseeable given the widely acknowledged insecurity of connected devices and numerous high-profile attacks. Second, IoT devices are, in many cases, capable of being updated and secured remotely by the manufacturer, and patching well-known security flaws could significantly reduce the risk of future attacks. And third, holding manufacturers liable for downstream harms caused by their insecure devices is well aligned with the purposes of products liability law—to minimize harm by encouraging manufacturers (as a least-cost-avoider) to invest in security measures.

13 April 2017

Australian Metadata Regime

Today is the start of the Australian mandatory metadata retention regime - bad law, badly explained, inadequately justified, badly implemented, readily subverted - and as I have highlighted in recent media interviews at odds with the Prime Minister's 2012 Alfred Deakin Lecture. What a difference the PM's office makes.

Some Australians will presumably heed Turnbull's cogent 2012 critique and then emulate his practice by relying on VPNs and tools such as Whispr and Wickr!

The Attorney-General's Department has concurrently released its report on the Review of whether there should be exceptions to the prohibition on civil litigant access to retained telecommunications data. The Department concludes
1. Although there is a history of telecommunications data being obtained to support a modest number of civil cases, the review has received insufficient evidence to sustain a recommendation that regulations be made to allow civil litigants to access data retained solely for the purpose of the data retention scheme.
2. The prohibition preserves civil litigants’ access to data that is not retained for the purpose of the data retention scheme while restricting access to data accumulated and used solely for the purpose of the scheme.
3. Should evidence reveal a need for exceptions in the future, regulations could be considered at that time. This would be subject to consultation and involve consideration of privacy issues and the impact on telecommunications providers.
4. It would be open to the Parliamentary Joint Committee on Intelligence and Security to examine the prohibition and regulation making power in 2019 when it undertakes its prescribed statutory review of the data retention scheme. 
The Report notes
This review assesses whether regulations should be made to create exceptions to the prohibition on civil litigants accessing telecommunications data retained solely for the purpose of the mandatory data retention scheme.
The review has been conducted in accordance with Recommendation 23 of the Parliamentary Joint Committee on Intelligence and Security (PJCIS) Advisory Report on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, which the Government supported:
The Committee recommends that the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 be amended to prohibit civil litigants from being able to access telecommunications data that is held by a service provider solely for the purpose of complying with the mandatory data retention regime.
To enable appropriate exceptions to this prohibition the Committee recommends that a regulation making power be included.
Further, the Committee recommends that the Minister for Communications and the Attorney-General review this measure and report to the Parliament on the findings of that review by the end of the implementation phase of the Bill.
In its report, the PJCIS indicated that the data retention scheme was established specifically for law enforcement and national security purposes and that as a general principle it would be inappropriate for the data retained under that scheme to be drawn upon as a new source of evidence in civil disputes. However, the PJCIS also indicated that it was aware of the potential for unintended consequences resulting from a prohibition on courts authorising access to data retained under the scheme. The PJCIS indicated that ‘family law proceedings relating to violence or international child abduction cases’ were examples of exceptions that could be considered.
In accordance with the recommendation, the Government inserted section 280(1B) into the Telecommunications Act 1997 to prohibit telecommunications providers from disclosing data retained solely for the purpose of complying with their data retention obligations in response to subpoenas, notices of disclosure and court orders in connection with civil proceedings. The Government also inserted the recommended regulation making power into the Act that could be used to create exceptions to the prohibition.
Unsurprisingly, opening up the metadata for civil litigation did not inspire much enthusiasm outside public sector bureaucracies that confuse convenience with necessity and appropriateness. The Report in referring to the consultation comments
In general, most groups and individuals that made submissions argued that civil litigants should not be permitted to access data retained solely for the purpose of complying with the data retention scheme. Many cited privacy concerns and indicated that making regulations would be inconsistent with the scheme’s national security and law enforcement purposes. A small number argued that civil litigants should be able to access the data, or particular types of data, in some circumstances.
Legal sector: Members of the legal sector were generally concerned that making exceptions to the prohibition would adversely affect the operations of the courts. There were concerns that exceptions would increase the cost and duration of civil disputes, enabling litigants to waste court resources by seeking large volumes of potentially irrelevant data. It was suggested that the proliferation of documents, particularly electronic documents, is a feature of modern civil litigation, and that this can overwhelm both parties and the courts. The Australian Lawyers Alliance, for example, argued that exceptions ‘could add significant time to the preparation of cases, as the data available would be voluminous’ and interpreting it during the search for evidence would require additional details like the relevant phone number and locations. It argued that costs could ‘escalate dramatically’.  Further, many members of the legal sector also raised privacy concerns similar to those expressed by privacy and human rights organisations. The three courts that made submissions noted that retained data could provide useful evidence in certain circumstances.
Privacy and human rights organisations: A large number of privacy and human rights stakeholders raised privacy concerns in their submissions. The Australian Privacy Commissioner indicated that if it was considered necessary to create an exception then the scope of such a regulation ‘should be drafted as narrowly as possible to achieve the desired policy objective and employ appropriate privacy safeguards’.  The Commissioner for Privacy and Data Protection (Victoria) noted that ‘a broadening of the original intended purpose of the data retention scheme would serve to further undermine the fundamental right to privacy’. Several organisations expressed the view that data collected for the sole purpose of the data retention scheme is ‘data to which neither courts nor litigants would ever have had access without the retention regime, so it does not make sense to say that their proceedings or rights may be impaired if they cannot access it’.
Telecommunications sector: Telecommunications providers were generally neutral on whether, as a matter of principle, regulations should be made to allow civil litigants to access retained data. Telstra suggested that one option would be to remove the prohibition, leaving it to the courts to assess the value of telecommunications data in civil cases.
However, providers also indicated that it is already difficult to recover the costs of complying with court orders. They argued that allowing civil litigants access to retained data in certain circumstances would lead to further compliance costs and that if such access were to be provided then existing cost recovery arrangements should be improved. The Australian Communications Consumer Action Network (ACCAN) was concerned that if the costs of processing such requests fell to providers then ‘there is a possibility that they will flow down to consumers’. ACCAN also raised general privacy concerns similar to those expressed by privacy and human rights organisations.
Media sector: In a joint submission, major media groups argued that regulations had the potential to undermine the confidentiality of journalistic sources and freedom of speech. The groups supported a continuation of the prohibition against civil litigants being able to access this type of data without any exceptions for civil cases.
Political parties and Members of Parliament: Most of the submissions received from political parties and Members of Parliament recommended against creating exceptions to the prohibition on privacy grounds. Federal Member for Griffith, Terri Butler MP, recommended against exceptions on privacy and civil liberties grounds and to avoid further increasing the costs of discovery in civil proceedings.
Government entities and representatives: The Northern Territory Attorney-General and Minister for Justice, Natasha Fyles, indicated that an exception would place the data at much higher risk of loss or misuse, although it may be useful for proceedings with an important public interest purpose such as those related to criminal proceedings or obtaining a protection order. The Australian Federal Police is of the view that access to telecommunications data should be limited to law enforcement and national security purposes and ‘should not be extended to allow use in civil proceedings that lack a law enforcement nexus’. The Queensland Crime and Corruption Commission (CCC Qld) and the ACT Justice and Community Safety Directorate (ACT Directorate) identified proceedings such as proceeds of crime, control orders, child protection orders and apprehended violence orders as potentially appropriate exceptions to the prohibition.
The Report finds
The prohibition preserves civil litigants’ access to data that is not retained solely for the purpose of the data retention scheme. Prior to the introduction of the scheme, telecommunications providers were already retaining some of the data that they are required to retain under the scheme, particularly subscriber information and data relating to fixed voice services. The types of data individual providers will be able to disclose to civil litigants will vary depending on providers’ past retention practices and the degree to which their operational data is also used to comply with the data retention scheme. The data that can be disclosed will also depend on the degree to which providers use newly retained data for other purposes, although submissions from providers gave no indication of the degree to which they intend to use such data for other purposes.
The courts’ powers to order access to relevant telecommunications data in civil proceedings, via subpoenas, notices of disclosure or court orders, are long-standing. The submission from the Family Court of Australia noted that it already deals with information that is highly confidential or commercially sensitive and that a number of safeguards already exist in the subpoena process. These safeguards include that, with some exceptions for interim, ancillary, procedural or other administrative matters, issuing a subpoena requires the permission of the court, and the court will only grant permission where there is a legitimate forensic interest. Even when a subpoena has been issued, a party may object to the subpoena, or to the inspection of a specific document requested in the subpoena. The Family Court of Australia noted that ‘where the Court issues a subpoena for production of documents, an application may be made to set aside the subpoena, if, for example, it is oppressive, too wide, ambiguous, “fishing”, or conflicts with privilege’. Further, there are restrictions on the use of information obtained via subpoena, and where appropriate the court can apply further conditions or restrictions.
Several submissions expressed concern that it will be left to providers to ascertain whether the data is retained solely for the purpose of complying with the data retention scheme, and that consequently the law may be applied inconsistently or arbitrarily. As indicated above, civil litigants will be able to access different data from different providers depending on the interaction between their business models and information keeping practices. If a provider does not comply with a subpoena to produce information or documents then a court will follow its standard procedures for enforcing compliance. Similarly, if a provider discloses information that is retained solely for the purpose of the data retention scheme then it could be in breach of the Telecommunications Act 1997.
Civil litigants’ use of data prior to the prohibition
Submissions revealed limited information about the circumstances in which civil litigants currently seek access to telecommunications data or the circumstances in which they have done so in the past. Under existing arrangements, access can be sought in any number of circumstances provided relevant legal requirements, such as court rules, are met. Similarly, any type of available data could potentially be accessed, although it appears that requests commonly relate to billing and subscriber records.
Information was sought from telecommunications providers and legal sector stakeholders about the types of civil matters for which telecommunications data had been obtained in the past. No submissions received shed light on that question. Telecommunications providers advised that court documents generally only list the names of the parties, the court and the data requested – they do not identify the type of matter to which they relate. However, it appears that, in relative terms, a modest number of requests for data have been made in civil proceedings in the past when compared with the number of data authorisations made by law enforcement agencies. Figures published by Telstra indicate that in the 2015-16 financial year it responded to 518 court orders which ‘typically… involve a civil dispute that involves individuals or organisations’. This represents less than one per cent of Telstra’s total ‘law enforcement requests’, excluding those from national security agencies. It is difficult to predict whether requests from civil litigants (volume, type of data requested and the purposes for which requests are made) will change after the prohibition commences.
Evidence for exceptions
The review received little compelling evidence justifying exceptions to the prohibition in relation to particular types of civil matters. However, contributions from the Australian Federal Police (AFP), the Queensland College of Teachers (QCT), the Queensland Crime and Corruption Commission (CCC Qld), the ACT Justice and Community Safety Directorate (ACT Directorate) and the Law Council of Australia did raise issues for further consideration. Both the AFP and the CCC Qld indicated that it would be useful for law enforcement-related civil proceedings to be excluded from the prohibition. The AFP gave examples of proceeds of crime proceedings, child protection orders and apprehended violence orders, and the CCC Qld agreed that retained data is of ‘particular importance where civil proceedings are closely linked to a criminal matter’. The AFP and CCC Qld are criminal enforcement agencies under the Telecommunications (Interception and Access) Act 1979 (TIA Act). Access and use of telecommunications data by enforcement agencies such as the AFP and the CCC Qld is regulated by the TIA Act and separate to the current review.
The QCT indicated in its submission that telecommunications data has been useful to establish facts in disciplinary actions before the Queensland Civil and Administrative Tribunal (such as cases involving a breach of the professional boundary between teacher and student). Because the QCT has an important role in the protection of children by regulating teachers’ conduct, it argued that the disciplinary referrals it makes to the tribunal should be an exception to the prohibition. However, the QCT did not provide details about how telecommunications data has been used in such cases and the role it has played. In addition, it would be open for a police force to access telecommunications data for the purpose of bringing a criminal charge in relation to such conduct if it involved a breach of a criminal law. The ACT Directorate considered that there may be significant benefit in exceptions for domestic and family violence orders, protection orders and other serious civil proceedings (such as workers compensation, civil penalty and proceeds of crime proceedings, and coronial inquests). The ACT Directorate indicated in its submission that telecommunications data has been sought in these types of cases previously, because these types of proceedings can ‘lead to criminal sanctions, and the behaviour of concern is often akin to, or overlaps with, criminal conduct’.
The ACT Directorate submitted that prohibiting access to telecommunications data in these types of proceedings could potentially be catastrophic, as it could affect family and children’s safety. However, like the CCC Qld and the QCT, the ACT Directorate did not provide details on how telecommunications data has been used in these proceedings in the past.
The Law Council of Australia considered the use of telecommunications data in civil cases involving family violence. It indicated that there are difficulties in allowing access in these cases as subpoenas can be issued by administrative staff without judicial consideration, and can involve competing priorities of protecting a victim of family violence and full and frank disclosure between litigants when determining who should be able to access the data. Its preliminary view was that to justify access to retained telecommunications data in situations involving apprehended violence orders, the court must have the ability to assess the merits of granting a court order taking into account the potential danger to the victim in granting access, the privacy of the parties and the seriousness of the alleged behaviour.
The Law Council of Australia also considered access to data in civil child protection proceedings, and for related child location orders made under section 67J of the Family Law Act 1975. A location order is an order that requires a person to provide to the court any information they have about the location of a child. Such orders are used to locate and recover children in cases including domestic and international child abduction and are expressed to require compliance ‘in spite of anything in any other law’. The Law Council’s position was that further evidence would be required to demonstrate the kinds of circumstances where exceptions would be necessary and proportionate in these cases.
Given the limited practical evidence about the degree to which telecommunications data has been useful in these types of matters, it is difficult to determine the strength of the case for access in these circumstances at this time. Further consultation and evidence would be needed to properly assess the case for exceptions to the prohibition in such circumstances. Exceptions could be considered at a later date, should further evidence of need emerge.

12 April 2017

SA Assisted Reproductive Treatment regime report

The 325 page Report on the Review of the Assisted Reproductive Treatment Act 1988 (SA) [PDF] responds to terms of reference that require the reviewer to
evaluate the operation and effectiveness of significant changes made to the Act in 2010, which had a legislative requirement for review after five years. The changes included:
1. the replacement of the previous licensing scheme with a registration scheme for clinics providing assisted reproductive treatment (A.R.T.);
2. the dissolution of the SA Council on Reproductive Technology and its Code of Ethical Conduct;
3. the requirement that the welfare of any child born as a consequence of A.R.T. is to be treated as being of paramount importance, and accepted as a fundamental principle, in respect of the operation of the Act, as well as in the provision of A.R.T.;
4. allowing for the establishment of a donor conception register;
5. amending eligibility for access to A.R.T. services—noting that such conditions relate to the circumstances in which, and to whom, A.R.T. may be provided; and
6. provisions regarding record keeping and confidentiality.
The report features the following summary
Chapter One: Introduction
The review of the Assisted Reproductive Treatment Act 1988 (SA) was concerned with the operation and effectiveness of the Act following significant changes to it in 2010. Chapter One outlines what those changes were and the reasons and intentions of Parliament for making them. It details the scope of the review, the qualifications and experience I brought with me, and the approach I took to conducting the review. It notes the principles upon which the review was predicated, including independence, objectivity, an inclusive and rigorous methodology, and openness and transparency. Details are also given regarding the process of consultation, which included
  • preparation and distribution of seven Fact Sheets and a poster that provided information about the review and called for contributions; 
  • the establishment of a consultation space on the YourSAy website where people could gain information, comment and lodge submissions to the review; 
  • the use of social media to engage with the community and draw attention to the review; 
  • letters of invitation sent to invite people to participate in the review; 
  • the collection of written submissions, and the conduct of numerous meetings in South Australia, and beyond, in which I heard the views of people who had accessed assisted reproductive treatment (A.R.T.) and donor conception, donors, donor-conceived people, academics, representatives from government agencies, fertility clinics, medical associations, law associations, consumer organisations, and support groups. The views of the contributors to the review informed this final report and the recommendations I make to the Minister for Health.
Chapter Two: Oversight
The discussion in Chapter Two considers the operation and effectiveness of the Act focusing upon the changes made to the South Australian regulatory approach. It details how the  current Act and regulations changed prior regulatory oversight and advice mechanisms that existed via the South Australian Council on Reproductive Technology (SACRT), and repealed the Code of Ethical Clinical Practice that contained detailed provisions governing A.R.T. The changes introduced in 2010 saw South Australia move to a ‘co-regulatory’ system implementing framework legislation, which stipulates registration conditions for A.R.T. providers, and requires adherence to National Health and Medical Research Council Guidelines (NHMRC Ethical Guidelines) combined with the self-regulatory Reproductive Technology Accreditation Committee (RTAC) accreditation process. Examination of the intentions of Parliament reveal that the changes were intended to reduce what was seen as duplication in terms of regulatory oversight and ethical guidance, regulatory costs and burden, and to improve the regulation of A.R.T. practices in South Australia. Further discussion ensues in Chapter Two regarding how the co-regulatory system could be improved to give effect to the intentions of Parliament and to ensure effective oversight of, and compliance with, the Act.
Chapter Three: Welfare of the Child
Chapter Three focuses upon section 4A of the Act which provides the welfare of any child to be born as a consequence of the provision of A.R.T. must be treated as being of paramount importance, and accepted as a fundamental principle, in respect of the operation of the Act. It was the intention of parliament to maintain and strengthen the provision under the changes made to the Act in 2010, parliament stating that the interests of children born as a result of A.R.T. must be placed above all other parties. In considering the welfare of the child provision in the context of the operation and effectiveness of the Act, the review was particularly concerned with
  • whether there was support for the paramountcy of the child provision, and its being strengthened as part of the 2010 changes; 
  • how the provision was being used, and to what effect; 
  • what sorts of considerations were being made and/or systems put in place to uphold the provision; what guidance was needed, if any, as to the sorts of considerations that should or should not be made; 
  • whether the paramountcy of the welfare of the child principle was being upheld in practice; 
  • whether more needs to be done to ensure the paramountcy of the welfare of the child principle is met, and if so, what.
Recommendations are made that will support the better operationalisation of the paramountcy of the welfare of the child principle, and consistency of practice across clinics in upholding the principle.
Chapter Four: Establishing the Donor Conception Register
Chapter Four begins with a brief history and overview of donor conception, and the changes that have occurred across various jurisdictions that have moved to provide for access to information by donor-conceived people about their donors and siblings. Such history and changes form the backdrop to discussion of the operation and effectiveness of the current Act, which in 2010, provided that the Minister may establish a donor conception register. Chapter Four notes that to date a donor conception register has not been established. The Chapter reflects upon submissions by donors, recipients, and donor-conceived people who wish to exchange information. For more than thirty years many have called for access to identifying information in South Australia. From at least the early 2000s the former SACRT, and the South Australian Social Development Committee, also called for the establishment of the register. Current practices regarding information recording and release by clinics are examined, and their support for the donor conception register noted. The primary recommendation in this regard is that the Minister should act to establish the donor conception register as a matter of priority. Past records and practices are also discussed. The Chapter highlights the concern that some past records are currently held in places that do not fall under the auspices of the Act, and that donor-conceived people that they relate to are not afforded the same protections as others. The call to transfer all records onto the donor conception register is made. The subsequent question of whether to provide access to information by all donor-conceived people, regardless of when they were born is examined; alongside how to balance their interests with those who donated under a previous regime, who may wish to protect their privacy. The release of information to donor-conceived people is recommended, subject to a system that offers intermediary and support services to all parties, and the option for donors to lodge a contact veto/preference statement. The recommended system would achieve a balancing of the interests of donor-conceived people, who seek information, with the interests of past donors, who may wish to determine the level of contact, if any, they would be willing to have.
Chapter Five: Further Matters Regarding Donor Conception and Access to Information
Chapter Five continues examination of matters related to donor conception that were raised via submissions and meetings during the review. In particular, it focuses upon matters related to the operation of the donor conception register and access to information, including
  • where the donor conception register should be located; 
  • the provision of intermediary and support services; 
  • access to information by donor-conceived people, recipients, donors, and siblings; 
  • voluntary registration of information upon the register by known donors and past donors (when records do not exist); 
  • information to be held on the donor conception register; 
  • notification of donor-conceived status via an addendum to the birth certificate; 
  • entry of information about biological heritage on birth registration statements, and second birth certificates; and 
  • cost considerations regarding transferring records to the register, and the ongoing functions of the register and provision of intermediary and support services.
These matters go to the operation and effectiveness of the current Act as it provides for the establishment of a donor conception register, and requires that the paramountcy of the welfare of the child be upheld. They also serve to respect the interests of donors and recipients of A.R.T.
Chapter Six: Access to A.R.T.
Chapter Six focuses on access to A.R.T. in South Australia. It outlines how the current law operates via the setting of ‘conditions’ for registration for clinics providing A.R.T that determine to whom, and under what circumstances, clinics may provide such treatment. This compares to the previous regime by which an extensive Code of Ethical Practice determined access requirements. The discussion examines how the 2010 amendments maintained some of the previous requirements regarding who could access A.R.T and in what circumstances—including requirements of infertility for more invasive treatments, and risk of a child being born with a serious genetic defect. The amendments also introduced a number more instances in which A.R.T could be used, such as risk that a serious disease or serious illness would be transmitted to a child conceived naturally; illness which may in the future result in infertility; and the posthumous use of sperm when the woman’s deceased genuine domestic partner/spouse has left written instructions prior to his death that his sperm could be used by his widow to conceive a child. How the old and new requirements for access are working, and any adjustments that need to be made, are examined. Other issues raised in submissions relevant to access to A.R.T. are also considered. Recommendations in relation to such things as body mass index and obesity, smoking, age related considerations, social egg freezing, social sex selection, and process issues, are made.
Chapter Seven: Record Keeping
Chapter Seven provides information on the pre- 2010 South Australian legislative provisions regarding record keeping and the operation and effectiveness of the Act following the 2010 changes. It notes that issues relevant to record keeping are discussed throughout the report, for example regarding donor conception, and the short and long term health outcomes for children born as a result of A.R.T. and for recipients and donors. Further discussion of record keeping and measures that would improve record keeping and reporting relevant to A.R.T. to enhance the operation and effectiveness of the Act ensues.
Chapter Eight: Conclusion
Chapter Eight concludes the report. It provides brief discussion of other concerns relevant to A.R.T. in South Australia, and looks to the future. It ends by summarising the recommendations I have made to make more effective the operation of the Act, by addressing issues related to the oversight and regulation of A.R.T., the paramountcy of the welfare of the child principle, establishing the donor conception register, access to A.R.T., and record keeping.

Consumer Law Enforcement

The Productivity Commission research report on Consumer Law Enforcement, following up the discussion paper noted here, features the following 'key points'
  • Despite the adoption of a single Australian Consumer Law (ACL) in 2011, Australia’s consumer protection framework remains complex.
  • Two commonwealth and eight state and territory regulators administer and enforce the ACL. 
  • Numerous specialist safety regulatory regimes complement the ACL. 
  • Redress is provided via tribunals, courts and ombudsmen, and most ACL regulators.
  • The multiple regulator model for the ACL appears to be operating reasonably effectively given the intrinsic challenges in having 10 regulators administer and enforce one law. 
  • The ACL regulators communicate, coordinate and collaborate with each other through well developed governance arrangements. 
  • Some regulators have been criticised for undertaking insufficient enforcement. Limited resources partly explain this, but regulator culture may also play a role.  
  • However, the limited evidence available on regulators’ resources and performance makes definitive assessments difficult.
  • There is scope to strengthen the ACL’s administration and enforcement, including through: 
  • developing a national database of consumer intelligence – ensuring that data on consumer complaints published by ACL regulators are meaningful 
  • providing all state and territory ACL regulators with the full suite of enforcement tools – increasing maximum financial penalties for breaches of the ACL 
  • exempting interim product bans from commonwealth regulatory impact assessments 
  • centralising powers for interim product bans and compulsory recalls in the ACCC 
  • improving the transparency of the resourcing and performance of the ACL regulators.
  • The ACL regulators and specialist safety regulators generally understand the delineation of their remits and interact effectively, notwithstanding a handful of problematic cases. Consumers and suppliers are not always clear about which regulator to contact but they are typically redirected to the right regulator in a timely manner. 
  • Interactions between ACL and specialist safety regulators could be enhanced through: 
  • greater information sharing between ACL and specialist regulators 
  • addressing deficiencies in the tools and remedies available to specialist regulators 
  • regular national forums of building and construction regulators 
  • greater national consistency in the laws underpinning electrical goods safety.
  • State and territory governments should tackle the current impasse on standardising electrical goods safety laws.
  • Governments should enhance ACL consumer redress, including by: 
  •  reviewing the bodies and powers for delivering ACL alternative dispute resolution services 
  • implementing the Commission’s Access to Justice Arrangements recommendations.
  • Previous Commission proposals to address gaps in consumer policy research and advocacy should be revisited. There are also grounds for enabling designated advocacy groups to make ‘super complaints’ to ACL regulators, subject to appropriate guidelines. 
The Commission suggests that its findings and recommendations should be considered by the Legislative and Governance Forum on Consumer Affairs in conjunction with the recommendations from the parallel study of the ACL undertaken by CAANZ.
Assessments of the multiple regulator model
F3.1 The multiple regulator model appears to be operating reasonably effectively given the intrinsic difficulties of having 10 regulators administer and enforce one law. However, the limited evidence available on regulators’ resources and performance makes definitive assessments difficult. Enhanced performance reporting requirements (recommendation 4.2) would help address this limitation.
F3.2 The Australian Consumer Law (ACL) regulators communicate, coordinate and collaborate with each other through well developed governance arrangements, and have mechanisms in place to promote consistent approaches to the interpretation and application of the ACL. Nevertheless, the multiple regulator model allows for differences among jurisdictions in approaches to aspects of their administration and enforcement of the ACL, which likely create some inconsistent outcomes for consumers and for businesses.
F3.3 ACL regulators have developed policies and protocols to implement strategic and proportionate approaches to compliance and enforcement, including prioritising matters that represent higher levels of risk to consumers. The extent to which these are implemented in practice is likely to vary across regulators and there are some indications of limitations in the enforcement of the ACL.
The generic national product safety regime
R4.1 The state and ACT governments should relinquish their powers to impose compulsory recalls or interim bans. This would signal that it is the commonwealth’s responsibility to immediately respond to all product safety issues that warrant a compulsory recall or ban. In parallel with any such change in responsibilities, there should be a mechanism for state and territory governments to raise and provide input on product safety matters to the Australian Competition and Consumer Commission (ACCC) that they consider would warrant a compulsory recall or ban.
F4.1 The commonwealth government’s regulation impact assessment requirements can impede the timely implementation of national interim product bans. There would be merit in exempting interim product bans from the requirements. Permanent product bans should continue to be subject to the existing regulatory impact assessment requirements.
Performance reporting
R4.2 ACL regulators should publish a comprehensive and comparable set of performance metrics and information to enhance their public accountability and enable improved regulator performance. Consumer Affairs Australia and New Zealand (CAANZ) could be charged to develop a reporting framework with a view to providing meaningful metrics and information on: • resources expended on regulator activities • the range and nature of regulator activities • behavioural changes attributable to regulator activities • outcomes attributable to regulator activities.
Databases on consumer complaints and incidents
F4.2 A national database of consumer complaints and product safety incidents for use by consumer regulators has merit. It would enable better identification and analysis of consumer hazards and risks, and help focus ACL regulators’ compliance and enforcement activity. CAANZ could be tasked to examine the impediments to establishing such a database, its likely benefits and costs, and, subject to the findings of that analysis, develop a plan to implement such a system.
F4.3 There are grounds for making data on consumer complaints public, but this should be done in a careful and comprehensive way to ensure its usefulness to consumers and minimise unwarranted effects on businesses. Ideally, any public register of consumer complaints and incidents should incorporate: • appropriate vetting of complaints before publication • detailed information about the complaint or incident • information on the resolution or outcome of the complaint • where feasible, a mechanism to place complaints and incidents in context. Development of a public register should involve consultation with consumers and business, and there should be subsequent reviews of its effects and effectiveness.
Enforcement tools and penalties
F4.4 There is scope to improve consistency in infringement notice powers and other remedies that the states and territories have introduced to augment the ACL ‘toolkit’.
F4.5 Maximum financial penalties available under the ACL are small relative to the benefits that a business can accrue by breaching the ACL.
Interaction between ACL and specialist regulators
F5.1 While interaction between ACL and specialist safety regulators generally works well, some changes are warranted. Options to improve the response to product safety concerns currently dealt with by joint ACL and specialist regulators’ actions include: • instituting formal arrangements to guide cooperation and coordination between building regulators and ACL regulators, and between the ACCC and some national specialist safety regulators • expanding the regulatory tools and remedies available to specialist safety regulators • introducing greater consistency in legislation underpinning the specialist safety regime for electrical goods.
Industry specific consumer regulation
F6.1 The Productivity Commission’s 2008 Review of Australia’s Consumer Policy Framework called for a process to review and reform industry specific consumer regulation that would, among other things, identify unnecessary divergences in state and territory regulation and consider the case for transferring policy and enforcement responsibilities to the commonwealth government. While there has been some progress in implementing this recommendation, reform has been limited or has stalled in some important areas, including the safety regimes for building and construction and for electrical goods.
R6.1 State and territory governments should move to agree on nationally consistent laws on electrical goods safety.
Consumer redress
R6.2 Australian governments should establish an independent review of consumer alternative dispute resolution (ADR) mechanisms. Among other things, the review should: • assess the nature and structure of current arrangements, areas of unmet need and the appropriate institutions to deliver services • take account of differences in jurisdictions’ legal systems for the design of ADR mechanisms • have regard to recommendation 9.2 from the Productivity Commission’s 2008 Review of Australia’s Consumer Policy Framework regarding the need for effective and properly resourced ADR mechanisms to deal consistently with consumer complaints not covered by industry based ombudsmen • where state and territory ACL regulators are to continue to provide ADR services, consider options for expanding the ACL regulators’ powers, including the authority to compel businesses to cooperate with the dispute resolution process. Enhanced reporting of the ACL regulators’ ADR services (as part of the performance reporting framework outlined in finding 4.2) should inform the review.
Consumer policy research and advocacy
F6.2 In its 2008 Review of Australia’s Consumer Policy Framework, the Commission identified material gaps in consumer input in policy processes. As such gaps remain and can hamper sound policy decision making, there are grounds to revisit recommendation 11.3 from the 2008 report — that the commonwealth government should provide additional public funding to support consumer research and advocacy.
F6.3 There are grounds for enabling designated consumer bodies to lodge ‘super complaints’, on behalf of classes of consumers, with such complaints to be fast tracked by the relevant regulator. Instituting sound operational principles — including the criteria for designating consumer bodies, evidentiary requirements to support a complaint, and the process by which a regulator should respond — is an important prerequisite for an efficient super complaints process.