Privacy protection should mean notification in advance, before confidential information is sent willy-nilly out of Australia, Dr Terry Dwyer writes, countering Privacy Commissioner Tim Pilgrim’s arguments.
Privacy demands prior notification
For background, see: It cant…, it won’t…, and it shouldn’t work
To: Australian Privacy Commissioner, Mr Timothy Pilgrim
From: Dr Terry Dwyer *, lawyer and economist, of Dwyer Lawyers, chartered tax advisers
2 April 2014
Dear Mr Pilgrim
I am not really that much comforted by your reply. I am as much, if not more, concerned by government bodies sending personal information overseas as well as by companies giving information to the ATO which then sends it offshore automatically without any judicial oversight or right of appeal.
If there is to be a statutory right to privacy surely it should mean that individuals ought be notified before their confidential financial or other information is sent offshore by either a company or by a government agency in a form readable by others and individuals should have the right to seek a Court order to block that information breach. (I have no problems with encrypted cloud storage of data where control of access remains here).
As for your submission to the Treasury, it seemed to me remarkably mild, given the mass invasion of privacy involved. There are 1 million Australians living overseas whose financial asset details back here will automatically be given to foreign governments. The ATO has never, ever, before had asset details en masses. This FATCA/OECD automatic asset and income information distribution is a wide open invitation for criminals to bribe or corrupt foreign or local tax officials to carry out kidnapping or extortion or identity theft. These things have already happened here and overseas.
Incidentally, I do not like the idea that any company can disclose my personal information if “required or authorised under law”.
The test for any ethical company should be “if required under law” – “authorised” is a weasel word mutually satisfactory to governments and large corporations.
The more I learn about how much weaker our privacy protections have become since we had a Federal privacy law, the more I wish I were back in the 1960s when some things were just not done by either companies or governments.
I assume you have no objection to my continuing to publicize my concerns.
Kind regards
Terry Dwyer
B.A. (Hons) B.Ec. (Hons) (Syd.) M.A. Ph.D. (Harvard), Dip. Law (Syd.), CT, and member of Civil Liberties Australia
To: Dr Terry Dwyer
From: Timothy Pilgrim, Privacy Commissioner
Subject: Disclosure of Personal Information Overseas [SEC=UNCLASSIFIED]
21 March 2014
Dear Mr Dwyer
I am writing in response to your emails to Tim Wilson in which you have raised concerns about how privacy protections apply to personal information disclosed by certain companies overseas. Your emails also refer to the US Foreign Account Tax Compliance Act (FATCA).
Cross-border disclosures
I am aware that there has been, and continues to be significant community concern about the cross-border disclosure of personal information (see for example, the results from the Office of the Australian Information Commissioner’s (OAIC) recent survey on Community Attitudes to Privacy). As more organisations enter into business arrangements that require the international disclosure of personal information or make use of the ‘cloud’ to store information people are becoming more aware of the risks as well as the benefits associated with these practices. I am hopeful that recent changes to the Privacy Act which enhance the openness and transparency of, and accountability for, cross-border disclosures, may go some way in addressing such concerns.
As you may be aware, the Privacy Act now includes a set of 13 new Australian Privacy Principles (APPs) that regulate the handling of personal information by Australian and Norfolk Island Government agencies and some private sector organisations (referred to as APP entities). These principles commenced on 12 March 2014. These changes include a new principle that regulates the cross border disclosure of personal information by Australian entities (see APP 8). Before entities disclose personal information overseas, they must take reasonable steps to ensure that the overseas recipient does not breach the APPs and they will remain accountable for the actions of the overseas recipient, unless an exception applies. This approach allows for cross-border disclosure in a way that ensures privacy protections are in place in accordance with the Privacy Act and that individuals will be able to seek redress if their information is mishandled.
The changes to the Privacy Act also require an APP entity to include information in their privacy policy about whether the entity is likely to disclose personal information to overseas recipients, and where practicable, the countries in which such recipients are likely to be located (see APP 1). An entity also generally needs to include information about these matters when notifying an individual about the collection of their personal information (see APP 5). For more information on the APPs see Australian Privacy Principles Guidelines published by the OAIC.
The OAIC has a range of regulatory and enforcement powers to ensure compliance with the APPs. In that regard, we have recently released for public exposure a draft policy outlining the OAIC’s approach to using those powers draft Privacy Regulatory Action Policy.
In terms of seeking enforcement in jurisdictions outside of Australia, the OAIC works closely with its counterparts in a number of regions through forums such as APEC and the OECD as part of cross border privacy enforcement arrangements.
US Foreign Account Tax Compliance Act (FATCA)
As you may be aware, the Department of the Treasury is leading the Australian Government’s negotiation of a bilateral intergovernmental agreement with the USA in relation to the US Foreign Account Tax Compliance Act (FATCA), and we suggest that you contact that Department in relation to any concerns you have. You may be interested in the OAIC’s submission made in September 2012, to the Treasury on its consultation on the Intergovernmental agreement to implement FATCA.
Yours sincerely
Timothy Pilgrim
Timothy Pilgrim | Privacy Commissioner
From my own personal research, this comes down to one thing. The government has in fact, tricked all of us into contracting with them. As such, they have “presumed” (which is rebuttable) that we are therefore under their “Administration”. To pay your tax you provide them with several pieces of “government issued” ID. Your TFN, Your Birth Certificate (not your live birth certificate, but the one that creates your corporate straw man – with name all in caps – capitus diminutia maxima. Now you are a “trustee” working/contracting for them, and they can do whatever they like with your information because as a “trustee” under the Trusts Act you must be accountable for all of your fiduciary dealings (hence why they can audit you at any point and it is YOU that must prove innocence, not they who must prove a claim). In a Trust situation, the trustee always has the burden of proof. The Government of Australia has inverted the situation to make us (and not them) the trustees. If you do not think this is possible, read trusts law, and just see if what I am saying makes any sense at all – it is undeniable.
The best part is, that trust law is based on rebuttable presumption, therefore you can change your relationship status with them, simply by notifying them that you are not the corporation of YOUR NAME, but you are the living person, and it is they who are trustee.