Listen to Australian and world news, and follow trending topics with SBS News Podcasts.
TRANSCRIPT
Samantha Floreani's e-mail is on her local member of parliament mailing list.
It wasn't added by signing up.
Instead, it was added after she emailed her representative.
“I think a lot of people have been persuaded to get in touch with their representatives about all kinds of issues that they care about. That's a normal part of democratic participation.”
Despite attempting to unsubscribe multiple times, this has not worked.
She is not alone.
Unlike businesses or other organisations, your local member doesn't need to include an option to unsubscribe in their emails.
This is because of a political exception in the Spam Act.
A similar rule also exists in the laws that govern privacy and the Do Not Call Register.
The exemption covers registered political parties, politicians and candidates, as well as contractors and volunteers.
The use of data by the major parties has provoked discussion, with the launch of partisan postal vote application sites, and physical mailouts leading to claims of data harvesting.
Under the political exemption, politicians are not subject to the same rules as everyone else.
Almost three-quarters of Australians incorrectly think that political parties are subject to the Privacy Act, according to the Office of the Australian Information Commissioner's most recent community survey.
82 per cent of respondents believe they should be.
Ms Floreani, who is also a digital rights advocate, agrees they should be, too.
“Politicians should be included in the rules that we expect the public and private sectors to abide by. I think it's unacceptable for politicians to lead and represent Australians when they don't they themselves adhere to the rules that they've made for the rest of us.”
She says there are significant risks of data breaches resulting from the collection of personal data in these political contexts.
“We should also consider that the more information that an organisation collects increases the risk or the potential consequence should there be a security breach. If there's a data breach, for example, if they are collecting and storing not just your, say your contact details, for example, but also things like your interest in particular political topics or your political beliefs, then that is extremely valuable and rich data that would be pretty devastating if it was to end up in the wrong hands.”
Dr Tegan Cohen is a postdoctoral research fellow at the Queensland University of Technology, who has studied voter privacy.
“The lack of visibility about what exactly, what that data is something which makes the risk even harder to assess. But certainly it is very likely that political parties do hold quite a bit of sensitive information about us, about their constituents, about their prospective voters not knowing what that information is and the party's not having obligations, legislative obligations to make sure that data is secure is pretty troubling."
This sensitive data can be used to target messages to small groups, or even individual voters.
Dr Cohen says this takes political messaging out of the public sphere, making it harder to scrutinise its content.
She says there is a strong link between privacy and free and informed voting.
“We don't have to look very far or very hard for examples of how invasions of privacy, surveillance, is used as a tool to suppress political dissent and chill political speech.”
While vague privacy policies and repeated data breaches have contributed to privacy fatigue, Dr Cohen says there is hope for change in the potential introduction of a fair and reasonable test.
“And that's really important because they can't contract out of that obligation. They can't get our consent to use or disclose data unfairly. And it sort of puts the onus on them to think about whether or not their uses are proportionate, if the benefits outweigh the risks, the harms that they might do, the sensitivity of the information.”
The test was recommended in the recent privacy review, but has been left to a second stage of reforms.
Dr Cohen says that there is a misunderstanding about what removing the exemption would do, based on an overestimation of the current scope and limits of the Act.
She says applying the Privacy Act to political parties and candidates would lead to more open and transparent use of voter data.
“It would make sure that when they collect it, they use it for the purpose that they originally collected it for or the purpose that's related, not purposes that are way outside the scope of our expectations.”
It would also require them to protect the public's information from unauthorised use.
Samantha Floreani says politicians could still use data to inform their communication with voters, while being subject to the Act.
“This is not a matter of saying that political parties shouldn't be able to collect any data or do any form of analytics to assist their campaign processes. It could be considered reasonable and fair for political parties to be using the personal information of voters for these purposes, but these practices should be subject to the limitations and the protections contained in the privacy Act to ensure that they are lawful and transparent and fair and reasonable.”
Dr Cohen says we are holding elections in an entirely different technological environment to when the exemptions were introduced, as it is now much easier to collect data and target voters.
“The exemptions were introduced in 2001, and at that time political parties did have voter databases, but a lot of messaging to voters was done through TV, through letter boxing. I think email might've been sort of on the up and coming, but it was certainly before we had the kind advent of large digital platforms."
When the government first passed the Privacy Act at the end of 1988, it only applied to government agencies.
Just over ten years later, it was extended to include private organisations, and exclude political ones.
At the time, the Attorney-General said he was confident that it would not unduly limit the effective operation of the legislation.
He said the exemption was included to protect freedom of political communication, and to enhance the operation of the electoral and political process in Australia.
The Privacy Commissioner did not agree that it was appropriate, saying political institutions should follow the same rules they ask others to.
“Being no objection, I call Senator Stott Despoja." "Thank you Mr President and I move that the following bill be introduced. A bill for an act to amend the Privacy Act 1988 to remove the exemption provided by the Act for political acts and practices and for related purposes.”
Six years after the exemption was introduced, Senator Natasha Stott Despoja, from the Australian Democrats, introduced a private members bill to remove the exception.
Her bill lapsed at the end of the parliamentary term in 2008, before being restored and later lapsing again.
In the meantime, the Australian Law Reform Commission recommended in 2007 and 2010 that the exemption should be removed.
The same recommendation was made more recently by the Attorney-General's department in 2022.
The Department said almost all submissions supported narrowing or removing the exemption, with only two calling for it to remain.
Through advocacy work, Samantha Floreani has been involved in discussions for the recent review.
“It always ends up being pushed aside. It just hasn't gotten through and I have no confidence that it will, because it ultimately does serve their interests to be able to have a bit of a free for all with our personal information.”
Despite it's 24-year long persistence, Dr Cohen isn't convinced that the political exemption is necessary.
“I don't think the political exemption was ever really justified, and I think the case for removal gets stronger every election cycle.”
