Queensland government agencies1 are required to comply with the privacy principles in the Information Privacy Act 2009 (Qld) (IP Act). The privacy principles include the obligation to bind contracted service providers2, the limitation on transferring personal information overseas3, and either the Information Privacy Principles4 (IPPs) or the National Privacy Principles5 (NPPs).
The operational provisions of the Human Rights Act 2019 (Qld) (HR Act) commenced on 1 January 2020 and set out human rights in twenty-three sections. Subject to some exceptions, it will be unlawful for a public entity6 to make a decision or take an action that is not compatible with human rights, or to make a decision and fail to give proper consideration to relevant human rights.7
These exceptions include that the public entity could not reasonably have acted differently or made a different decision because of another law.8 Human rights may also be limited where that limit is justified and reasonable.9
Human rights complaints, including complaints about breaches of the human right to privacy, can be made to the Queensland Human Rights Commission10 (QHRC). However, the QHRC may, with the consent of the complainant11, refer any complaints that involve or include an alleged breach of the privacy principles to the OIC.
While there is a human right that relates to privacy12, neither the privacy principles nor the obligation to comply with them will change after the commencement of the HR Act. Agencies must continue to collect, manage, store, secure and deal with personal information in a way that does not breach the IP Act.
As noted above, the HR Act requires public entities to make decisions and take actions that are compatible with and consider human rights. While the introduction of the HR Act will not alter the privacy principles, the obligation to consider human rights, including the human right to privacy, will generally apply when dealing with processes or actions related to the privacy principles, for example, when making a decision to rely on section 28 of the IP Act or dealing with a privacy complaint.
For more information on the human rights obligations of public entities, refer to the QHRC's Public Entities Toolkit.
Current as at: November 16, 2021