Law making meets technology

The first parable: law making meets technology

I want to start by acknowledging the remarkable age of technology with which we live. Where you would you have been in your lives if there hadn’t been the development of the Internet? What would you be doing with your lives? If we think of the extraordinary developments that have occurred in our lifetimes, what are the amazing developments that will grow out of these? Everything is happening very quickly, exponentially.

I first came into contact with this technology when I was serving in the Australian Law Reform Commission. I was its first chairman from 1975 until 1984.

The incoming Fraser Government had a commitment to act on the protection of privacy. Its new Attorney General, Bob Ellicott QC, was a man of intelligence, energy, imagination and gifts. He was determined to get Australians into the action on protecting privacy.

He gave the Law Reform Commission the project on privacy protection. During the project, the OECD set up an expert group to draw on the work already done on privacy protection in the Nordic Council; the Common Market; and the Council of Europe. The OECD wanted to develop principles for laws on privacy which would span continents.

The group had to marry some very diverse attitudes towards privacy protection: the very strong desire for protection in Europe, because they had been through the horrors of the Nazi occupation where the use of ordinary manila folders with intimate, private information could mean life or death.

Then, on the other side were the Americans with the First Amendment: believing that there should be very little regulation. The world would get better by simply leaving things alone.

We ultimately developed privacy principles that were widely accepted by countries around the world.

In the work of the OECD we had formulated one principle for the protection of privacy in automated data systems. It was accepted in the Australian Privacy Act 1988. It is one of the privacy principles in that statute. The principle effectively was that, in order to protect a person’s privacy, if that person gave personal data to the collector, the collector could not use that data for any other purpose than what the person had given it for, except by specific authority of law or by the approval of the data subject.

It was effectively a moral and ethical principle, designed to keep people’s control over the use that was made of their private information. It was put into law.

Then along came Google and Yahoo! with a massive capacity to range through vast amounts of data. The notion that you could control this penumbrum of information about yourself, the zone of privacy around yourself was very quickly overtaken by technology.

Because the technology was so manifestly useful for users of automated systems, the notion of saying “halt” was like the notion of King Canute who went to the sea to stop the waves coming in.

And so this is the first parable which I derived from my experience at the OECD group. You can do what you can do and you can try to do the moral and ethical thing, but in the end, with technology so vibrant, energetic, dynamic and changing there will ultimately be limits. The technology will outpace in its capacity, the imagination of even the most clever law makers.