> Independent Review of the Privacy Code
ABOUT THE PRIVACY (MARKET AND SOCIAL RESEARCH) CODE 2014
Launched on 1 December 2014, AMSRO’s Privacy (Market and Social Research) Code 2014, is the first and only non-mandatory industry privacy code under the Australian Privacy Principles (APP) registered on the Federal Register of Legislative Instruments (FRLI). A copy of the Privacy (Market and Social) Code 2014 is available here.
View the Privacy (Market and Social Research) Code 2014 Consultation drafts here
THE INDEPENDENT CODE REVIEW OF THE PRIVACY (MARKET AND SOCIAL RESEARCH CODE) 2014
In accordance with the provisions of Part G of the Code, the Code is subject to independent review by the Independent Code Reviewer Panel at least every five years.
Professor Peter Leonard, Principal, Data Synergies Law Pty. Ltd., was commissioned to undertake the independent review of the Privacy (Market and Social Research) Code 2014 (the Code). A full copy of Professor Leonard’s explanatory notes is here and summarised below.
The responsibilities of the Independent Code Reviewer are:
- to seek the views of the Commissioner, government agencies, industry representatives, consumer representatives, the general public and other persons or bodies as appropriate in Australia and internationally, regarding the operation of this Code and in relation to suitable revisions and amendments;
- by January 31, 2020, to produce a report including recommendations for any amendments to this Code that are considered necessary or desirable for the effective operation of the Code.
As Independent Code Reviewer, and in consultation with the AMSRO Secretariat and AMSRO Privacy Compliance Committee, Professor Leonard prepared a consultation review draft revision of the Code. A copy is attached below, as a mark-up (and clean version) to the Code as currently in operation so that changes made are readily seen.
Amendments proposed by the independent reviewer include:
- to bring the Code up to date, including by addressing changes in the law;
- to clarify certain aspects of operation of the Code that were not as clearly expressed as would be ideal,
- to reference relevant guidance and explanatory material that had been released by the OAIC since the Code was registered in 2014.
View The Privacy (Market and Social Research) Code 2014 consultation drafts here –
Proposed changes include:
- references to the Notifiable Data Breach Scheme, to ensure good practice in mitigation of risk of data breaches and sector awareness of the requirements of this Scheme;
- clarification as to alternatives available to consumers in raising concerns as to operation of the Code and complaints as to compliance with provisions of the Code;
- improved coverage of obligations of Code members to ensure compliance with data privacy law in relation to use of cloud services, outsourcing and other data handling practices conducted outside Australia, including relevant foreign laws such as the General Data Protection Regulation of the European Union;
- removal of references to the AMSRS Code of Professional Behaviour, which is not controlled by the Code Administrator and which therefore could be changed by AMSRS in a manner that conflicts with the findings of this review or the approval requirements of the Code;
- stronger monitoring, stronger compliance and reporting mechanisms, to heighten sector-wide awareness of issues or concerns which arise in relation to an individual Code member but which have wider sector relevance.
Terms of Reference