Statement in support of complaint and enforcement cooperation, 15 April 2019
Privacy Authorities Australia (PAA) was established in 2008 to be a forum for the sharing of ideas, developments, resources and knowledge to improve the collective information privacy capability of Privacy Authorities across Australia.
Over ten years later, inter-jurisdictional collaboration remains essential to privacy authorities’ effectiveness and to our ability to contribute solutions to privacy complaints, breaches and policy challenges that cross borders or involve complex systems and technologies. As the issues for privacy become ever more complex, it becomes increasingly challenging to retain the requisite specialised expertise within any one jurisdiction. By working together, we can leverage each authority’s comparative strengths to achieve a more extensive or cross-cutting result in our enforcement activities than we could individually.
To this end, in 2018 PAA established a cross-jurisdictional Policy Group, to provide a formal avenue through which policy officers can convene to discuss matters of common interest, share ideas and experiences, and work together to enhance Australia’s information privacy policy capacity.
Following the success of the Policy Group, PAA has commenced a new initiative directed at improving cooperation in respect of their complaint handling and enforcement work. The initiative will involve ongoing work in three main areas:
- Complaint handling — PAA members will work to improve coordination and engagement between authorities in relation to complaint handling, with a particular focus on reducing friction and complexity for individuals wishing to make privacy complaints that cross jurisdictional boundaries.
- Investigations and enforcement — PAA members will work to improve coordination and provide appropriate mutual assistance in complaint handling and the enforcement of laws protecting privacy, including through notification, referral, investigative assistance and information sharing, subject to appropriate safeguards
- Closer working relationships — PAA members will work to foster closer working relationships between authorities at the officer level, to facilitate the sharing of knowledge and to learn from each others’ experiences in complaint handling and enforcement activity.
To guide cooperation between PAA members, PAA endorses the following principles on cooperation:
- Focus on best outcome for client/complainant. For example, where an individual may complain to multiple authorities, that individual will be provided with adequate information about the options available to them.
- Collaborative and collegiate working approach. For example, authorities may share information which may indicate breaches of the legislation administered by the other agency, consider joint investigations and direct and refer complaints as appropriate.
- Mutual recognition of jurisdictional independence, individual roles, legislative mandate and responsibilities. For example, each agency should consider consulting the other before providing public comment on a matter relating to the other agency’s jurisdiction.
- No surprises. For example, each agency will inform the other about any projects, activities or developments that may affect the discharge of the other’s responsibilities. Both parties will advise complainants of referrals to each other’s respective jurisdictions.
- Where possible and practical share knowledge and resources. For example, where possible and practical both agencies will share information on training, education, promotion and enforcement activities.
Members of PAA
The members of Privacy Authorities Australia are:
- Australian Information Commissioner
- New South Wales Information Commissioner, and Privacy Commissioner
- Northern Territory Information Commissioner
- Queensland Information Commissioner, and Privacy Commissioner
- Privacy Committee of South Australia
- Tasmanian Ombudsman
- Victorian Information Commissioner, and Privacy and Data Protection Deputy Commissioner