Queensland government agencies1 are required to comply with the privacy principles in the Information Privacy Act 2009 (Qld) (IP Act). The privacy principles include the obligation to bind contracted service providers2, the limitation on transferring personal information overseas3, and either the Information Privacy Principles4 (IPPs) or the National Privacy Principles5 (NPPs).
The Human Rights Act 2019 (Qld)
The operational provisions of the Human Rights Act 2019 (Qld) (HR Act) commence on 1 January 2020 and set out human rights in twenty-three sections. Subject to some exceptions, it will be unlawful for a public entity6 to make a decision or take an action that is not compatible with human rights, or to make a decision and fail to give proper consideration to relevant human rights.7
These exceptions include that the public entity could not reasonably have acted differently or made a different decision because of another law.8 Human rights may also be limited where that limit is justified and reasonable.9
Human rights complaints
Human rights complaints, including complaints about breaches of the human right to privacy, can be made to the Queensland Human Rights Commission10 (QHRC). However, the QHRC may, with the consent of the complainant11, refer any complaints that involve or include an alleged breach of the privacy principles to the OIC.
Privacy principle compliance post-1 January 2020
While there is a human right that relates to privacy12, neither the privacy principles nor the obligation to comply with them will change after the commencement of the HR Act. Agencies must continue to collect, manage, store, secure and deal with personal information in a way that does not breach the IP Act.
Related processes and actions
As noted above, the HR Act requires public entities to make decisions and take actions that are compatible with and consider human rights. While the introduction of the HR Act will not alter the privacy principles, the obligation to consider human rights, including the human right to privacy, will generally apply when dealing with processes or actions related to the privacy principles, for example, when making a decision to rely on section 28 of the IP Act or dealing with a privacy complaint.
For more information on the human rights obligations of public entities, refer to the QHRC's Public Entities Toolkit.
- 1 In this guideline, agency includes a Minister.
- 2 Contained in chapter 2, part 4 of the IP Act.
- 3 Contained in section 33.
- 4 Which apply to all agencies that are not health agencies.
- 5 Which apply to health agencies.
- 6 The definition of public entity in section 9 of the HR Act encompasses agencies under the RTI Act, and includes Ministers, public service employees and local government employees. Entities performing functions of a public nature for the State or a public entity, for example under a contract, are also a public entity for the HR Act.
- 7 Section 58(1) of the HR Act.
- 8 Section 58(2) of the HR Act.
- 9 Section 13 of the HR Act; see section 13(2) for the factors to consider when deciding whether a limitation is justified and reasonable.
- 10 After first complaining to the relevant agency.
- 11 The OIC must attempt to conciliate privacy complaints prior to any compensation claim being referred to the Queensland Consumer and Administrative Tribunal.
- 12 Section 25 of the HR Act, the right to privacy and reputation.
Current as at: November 29, 2019