By Prof Richard Mulgan*
The Office of the Australian Information Commissioner recently released what it calls “an interactive performance portal” on its website.
It gives access to performance information taken from the agency’s annual reports and corporate plans over the past three years.
The information itself is not new but the three-year perspective, along with user-friendly graphics, allows for convenient and interesting assessments of trends in the office’s activities. The portal is a useful, if modest, addition to government transparency, befitting an agency dedicated to more open government.
More significantly, considering the office’s recent roller-coaster history, the decision to present its performance over the past three years as a steady and almost seamless progression towards its statutory objectives is an act of considerable courage, even defiance.
If the Coalition government had had its way, the office would be long gone by now, its functions either dropped or transferred elsewhere. The Abbott government’s first budget (2014) proposed abolishing the office and removed its funding. Responsibilities relating to freedom of information were to be divided between the Commonwealth Ombudsman and the Attorney-General’s Department, while the Privacy Commissioner and privacy matters would go to the Human Rights Commission.
After the Senate blocked the required legislative changes, the government was forced to restore a modicum of funding to allow the office to cover its core statutory obligations. But the government clearly saw the reprieve as temporary and continued to treat the office as if it were on death row. Of the three commissioners attached to the office, the FOI commissioner, John Popple, and then the agency head, information commissioner John McMillan, resigned, leaving Privacy Commissioner Timothy Pilgrim (photo) to take on all three statutory roles. The abolition of the office joined the long list of proposals in the 2014 budget that were unlikely to pass the Senate but still on the government’s wish-list.
For some months, the office ran out of the suburban Canberra home of then Commissioner, Prof John McMillan (a CLA member).
Gradually, however, the Turnbull-Morrison regime faced reality and quietly removed the so-called “zombie” proposals from the Coalition’s agenda. The office’s rescue eventually came in last year’s budget, which provided funding to continue the office’s operations over the full forward-estimates period. At the same time, privacy functions and funding were returned from the Human Rights Commission while the Attorney-General’s Department surrendered its extra FOI functions and funding.
The budget allocation was less than before the proposed abolition ($9.3 million in 2016-17 compared with $10.6 million in 2013-14). Moreover, the government has shown no inclination to fill the two vacant commissioner positions, leaving Pilgrim to carry the load. But Attorney-General George Brandis’s ambitious plan to remove the office altogether has been pronounced officially dead. The new three-year “performance portal” can be interpreted as a quietly triumphant acknowledgment of survival.
The Office of the Australian Information Commissioner covers three broad functions associated with its three statutory commissioners: FOI, privacy, and information policy in general.
The main interfaces with the public have been inquiries about FOI and inquiries over privacy, which form the office’s bread-and-butter work. At the individual level, interest in FOI is strong and getting stronger. FOI inquiries increased by 31 per cent between 2014-15 and 2015-16. Over the same period, privacy inquiries also increased but at a slightly lower rate.
The third function, information policy, involves work with agencies and government as a whole, promulgating more enlightened approaches to handling public information. This area has seen a significant shift in emphasis as privacy issues have become more salient. The focus of government information policy has moved away from the need to disclose government documents and statistics, the traditional concerns of FOI. Attention is now on big data and the pressure to make much better aggregate use of the large banks of data that governments hold about individual citizens.
This push runs straight up against privacy concerns, as was well illustrated by the controversy over the 2016 census and the Australian Bureau of Statistics’ plan to retain individuals’ census data for a longer period than usual.
Big data use versus privacy
The issue is about to receive greater prominence with the completion of a Productivity Commission report on the availability of government data. The commission chairman, Peter Harris, had flagged that the report would recommend giving consumers and business the ultimate right to control information held about them, thus reducing any government veto over the use of data. He had also warned against the overuse of privacy concerns to prevent legitimate use of aggregate data.
By contrast, FOI policy has attracted little political interest. The government has not taken up any of the recommendations made by Allan Hawke in his 2013 report on FOI legislation and the information commissioner’s role in its operation. The flurry of complaints about the dampening effects of FOI coming from senior public servants, current and recently retired, seems to have died down. Brandis, as Attorney-General, put more energy into a drawn-out personal FOI battle over his diaries than into the policy itself. For the moment, at least, FOI is being allowed to tick over normally.
Meanwhile, the Office of the Australian Information Commissioner has been active in the area of big data and privacy. Last year, for instance, it published a draft Guide to big data and the Australian privacy principles, intended to promote public discussion. The draft emphasises methods by which policymakers can use big data while still safeguarding core privacy principles.
For example, it stresses the value of “de-identifying” personal information wherever possible. Information about individual cases can often be recorded in ways that prevent the individuals from being personally identified.
De-identified information does not count as personal information under the Privacy Act and so escapes the need for special protection under privacy principles. The guide also recommends the proactive use of “privacy impact statements” so agencies collecting personal information can anticipate and avoid possible clashes with privacy principles.
That the same person, Pilgrim, now holds the positions of both Information Commissioner/agency head and Privacy Commissioner is a serendipitous consequence of the government’s botched assault on that office. The privacy function is now front and centre of the office’s role rather than an ancillary add-on.
Pilgrim is well placed to give public expression to the value of protecting personal information in the new era of mega-data. At the same time, as Information Commissioner, he has a role in promoting the overall value of information for open and effective government. He is thus ideally placed to develop and articulate a set of standards and principles that balance the competing demands of privacy and open information. He has explored these issues in several recent speeches.
Combination of roles can lead to tensions
The combination of roles, however, can also lead to tensions. Some will see the role of a privacy commissioner as the champion of individual privacy against all invasions from government institutions. On this view, the privacy commissioner should be a one-eyed advocate for individual privacy and not the supporter of compromises between individuals and the state. In the aftermath of the census, for instance, Pilgrim was criticised for his willingness to vet and approve the ABS’s plans to extend the retention of census data. Opponents of the policy clearly expected him to resist any change towards greater access of individual information.
Certainly, as Privacy Commissioner, Pilgrim has a statutory obligation to defend and speak up for privacy concerns. The basic justification for the position derives from a well-founded fear that privacy will be overlooked unless some public official is charged with its protection.
The government has plenty of other advocates for more open access, including the public data branch in the Department of the Prime Minister and Cabinet. From this perspective, Pilgrim’s primary duty is to keep privacy considerations on the agenda.
On the other hand, as Information Commissioner, Pilgrim cannot lose sight of the government’s demand for policy-relevant data and the need to break down bureaucratic resistance to sharing personal information. Moreover, political prudence would advise against dealing himself out of the policy debate by unbending insistence on personal privacy at the expense of government’s broader interest in using big data.
Like other government watchdogs, he must tread a fine line between resistance and cooperation.
* Richard Mulgan is an emeritus professor at the ANU’s Crawford School of Public Policy. richard.mulgan@anu.edu.au This article appeared first in The Public Sector Informant, a section of the Canberra Times, on 4 April 2017, and is republished with permission.