Victorian FOI reform

The Victorian Parliamentary Integrity and Oversight Committee report on its Inquiry into the operation of the Freedom of Information Act 1982 (Vic) comments 

 Victoria’s 40-year-old Freedom of Information (FOI) regime is struggling to meet the needs of our modern democracy. More than two-thirds of the requests made under our FOI system come from individuals seeking information about themselves held by nearly a thousand government agencies. They often wait many months, sometimes over a year, to get the information they need. Others seek information for transparency; they may want to understand the reasons for a policy decision or they may be concerned about integrity. Often the information they seek is declared exempt from disclosure under FOI and is either redacted or the entire document withheld. These days our FOI system too often fails to live up to the democratic ideals it was created to serve in the early years of the Cain Government. ... 

With more than 48,000 requests for information annually, and often onerous requirements for agencies to consult third parties before releasing information, the sheer volume of the work is a significant burden for some public agencies. The lack of alternative pathways to obtain information is a major reason for the large number of requests that clog Victoria’s system. 

The submissions and witnesses in public hearings also explained that many State agencies take a defensive approach to FOI, relying heavily on legal exemptions to release as little information as possible, contrary to the spirit of the Victorian FOI law. Delays, high fees, complexity, the poor state of public records, unhelpful culture, and refusals to release information are all cited as reasons for our current system’s reputation for being impenetrable. At least one witness used the term ‘Freedom from Information’ to describe Victoria’s regime. The best practices in access to information regimes in other parts of the world that the Committee identified included: maximum disclosure; proactive publication; commitment to open government; limited ‘exceptions’ to the presumption of disclosure (noting that the human right to information is not absolute); and processes to ensure fair, easy, timely and affordable access to information. 

After comparing these best practices with Victoria’s current situation, the Committee recommended: • a new third-generation ‘push’ FOI Right to Information Act to replace the existing Victorian first-generation Act, which requires users to ‘pull’ information out of agencies through formal requests; • a new definition of information (rather than ‘documents’) suitable for the digital age; and • a new three-part test to apply to almost all exemptions to disclosure of information, underpinned by a presumption favouring disclosure of information: so that, if refusal of access to information is contemplated by an agency, it must demonstrate (1) that they are protecting a legitimate interest (e.g., privacy), (2) that disclosure will cause substantial harm to that interest, and (3) that this harm is not outweighed by any public interest in disclosure (known as the ‘public interest override’). 

The Committee heard from experts recommending that a greater proportion of Cabinet documents should be proactively released, when in the public interest, as is now the case in New Zealand and Queensland. This proved to be one of the more difficult decisions faced by the Committee and the majority of members favoured retaining a similar Cabinet document exception to the current one, to preserve the Westminster principles of Cabinet confidentiality and solidarity. However, the Committee has narrowed the exemption, by requiring certain documents to be prepared for the dominant purpose of submission to Cabinet in order to be exempt. The Committee further emphasised that the Cabinet exemption should not be used in an overly defensive fashion and that agencies should use it as it was intended. Votes are recorded in the extract of proceedings in this report. 

The model recommended by the Committee will ‘push’ information out to Victorians via four release mechanisms: a mandatory proactive-release mechanism; an additional proactive-release mechanism; an informal-release mechanism; and a formal-release mechanism. Under proactive-release mechanisms agencies will be required to publish a range of prescribed information, including information of significant public interest and will be supported to publish additional information. Much of the burden of formal FOI requests will be replaced by information pushed out proactively or informally released to individuals upon request. Simply legislating a new FOI system will not be sufficient to improve access to information in Victoria. The Committee heard repeatedly from experts that the Victorian public sector needs a new culture of transparency favouring the proactive release of information. This will require political leadership and will be enhanced by adequate resourcing, plain-language drafting of legislation, a whole-of-government information framework and greater regulatory powers for the Office of the Victorian Information Commissioner (OVIC). 

The Committee recommends abolishing application fees and limiting access charges to the costs of copying and delivering information. These and other recommendations are designed to foster this new culture, but will require support at senior levels of all government departments and agencies to really bring about the needed change. Importantly, the Committee has also recommended that the Victorian public not be charged for accessing their personal and health information. 

 The Committee makes the following recommendations

 Effectiveness of current policy model 

RECOMMENDATION 1: That the Victorian Government introduce in the State a third-generation ‘push’ FOI system, which prioritises the proactive and informal release of government and public sector information. 

RECOMMENDATION 2: That the Victorian Government seek to replace the Freedom of Information Act 1982 (Vic) with a third-generation ‘push’ FOI system Act (named the Right to Information Act), drafted in plain language and appropriate for the digital age. 

RECOMMENDATION 3: That the new, third-generation ‘push’ FOI Act in Victoria include an objects or purposes section that: • identifies the key rationales for, and advantages of, the new Act in enhancing representative democracy, responsible government and public administration • recognises a person’s right to access public sector information, in particular about themselves • contains a presumption favouring maximum disclosure of information • prioritises proactive disclosure and informal information-release mechanisms over the formal information-release mechanism • requires restrictions on access to information to be narrowly drawn and interpreted • expresses Parliament’s intention that the new Act ‘facilitate and promote, promptly and at the lowest reasonable cost, the disclosure of information’ (Freedom of Information Act 1982 (Vic) s 3(2)).  

RECOMMENDATION 4: That the new, third-generation ‘push’ FOI Act in Victoria include a broad, technologically neutral, definition of recorded ‘information’, rather than ‘document’, to encompass information in the digital age. 

RECOMMENDATION 5: That official documents of ministers and former ministers be subject to the new third-generation ‘push’ FOI Act in Victoria. 

RECOMMENDATION 6: That, under the new Victorian ‘push’ FOI Act, there be no formal right to request access to publicly available information. 

RECOMMENDATION 7: That the new third-generation ‘push’ FOI Act in Victoria include, in accordance with best practice principles: • a Part entitled ‘Limited exceptions’, or similar, to encompass the limited reasons an agency or minister can refuse access to information; and • a clear presumption in favour of disclosure of information; and • a statement that Parliament intends the limited exceptions be interpreted narrowly. 

RECOMMENDATION 8: That the new third-generation ‘push’ Act in Victoria include a three-part test in accordance with best practice principles that incorporates: • a list of legitimate protected interests; and • a substantial harm test; and • a public interest override. 

RECOMMENDATION 9: That the new third-generation ‘push’ Act in Victoria incorporate a list of irrelevant considerations that can never justify a refusal to disclose information, including: • that disclosing the information might cause embarrassment to, or a loss of confidence in, the Government • that disclosing the information might be misinterpreted or misunderstood by any person • that access to the information could result in confusion or unnecessary debate • the seniority of the person who created the information. 

RECOMMENDATION 10: That the Cabinet exemption provision in Victoria’s new, ‘push’ FOI Act include reference to a document having been prepared for the ‘dominant’ purpose of submission for consideration by Cabinet or prepared for the ‘dominant’ purpose of briefing a minister in relation to issues to be considered by Cabinet, whether or not these kinds of documents are actually submitted to Cabinet. 

RECOMMENDATION 11: That there be a new limited internal information exception, subject to the recommended three-part test, to protect the integrity and effectiveness of internal decision-making processes. 

RECOMMENDATION 12: That, in a new ‘push’ FOI Act in Victoria, there be equivalent provisions to the Freedom of Information Act 1982 (Vic) s 31(3)–(4), and that they not be subject to the three-part test. 

RECOMMENDATION 13: That a provision be included in the new ‘push’ FOI Act for Victoria that adequately protects information created or held by Victoria Police for law-enforcement intelligence purposes. 

RECOMMENDATION 14: That the new ‘push’ FOI Act in Victoria retain protections for the work of integrity agencies comparable to those presently found in the Freedom of Information Act 1982 (Vic) ss 6AA and 31A, Independent Broad‐based Anti‐corruption Act 2011 (Vic) s 194, Ombudsman Act 1973 (Vic) s 29A and Victorian Inspectorate Act 2011 (Vic) s 102. 

RECOMMENDATION 15: That the Victorian Government seek to amend s 194 of the Independent Broad‐based Anti‐Corruption Act 2011 (Vic) to make clear that a Victoria Police investigation following a referral from the Independent Broad-based Anti- Corruption Commission (IBAC) is not an investigation ‘conducted under the IBAC Act’, so that documents collected by Victoria Police during such an investigation are not exempt under s 194 from the operation of the Freedom of Information Act 1982 (Vic). 

RECOMMENDATION 16: That, under the new, third-generation ‘push’ FOI Act in Victoria, agencies and ministers must consider waiving legal professional privilege before refusing access to a document on this ground. 

RECOMMENDATION 17: That, with regard to the limited exception for privacy in Victoria’s new third-generation ‘push’ FOI Act, • the three-part test apply to it • agencies use best practice ‘access-by-design’ tools to minimise the recording of personal information, and segregate it where necessary so information can more readily be disclosed while protecting privacy • the Office of the Victorian Information Commissioner issue tailored guidelines to help agencies using the three-part test more accurately and consistently determine whether, in a particular case, it is in the public interest to disclose personal information. 

RECOMMENDATION 18: That a new ‘push’ FOI Act in Victoria use the definition of ‘personal information’ that is in the Privacy and Data Protection Act 2014 (Vic). 

RECOMMENDATION 19: That, under the new ‘push’ FOI Act in Victoria, government agencies be required to include, in their procurement contracts with private organisations, a clause prescribing that these agreements are subject to public scrutiny. 

RECOMMENDATION 20: That, when a minister or agency has engaged legal advisers, consultants and independent contractors, that the minister or agency is not allowed to deny access to information which merely demonstrates that the minister or agency is performing a statutory function or providing a governmental service. 

RECOMMENDATION 21: That, as part of its consideration of law reforms relating to FOI in Victoria, the Victorian Government review the appropriateness of secrecy, and related, legislative provisions in the State, taking into account the 12 secrecy-offence principles identified in the Commonwealth Attorney-General’s Review of secrecy provisions: final report (2023). 

3 Proactive and informal release of information 

RECOMMENDATION 22: That legislation establishing Victoria’s new third-generation ‘push’ FOI system authorise the release of government-held information via the following four distinct mechanisms: (1) a mandatory proactive release mechanism (2) an additional proactive release mechanism (3) an informal release mechanism (4) a formal release mechanism with disclosure log requirements. 

RECOMMENDATION 23: That legislation establishing Victoria’s new third-generation ‘push’ FOI system emphasise the primacy of the mandatory proactive, additional proactive and informal release mechanisms. 

RECOMMENDATION 24: That legislation establishing Victoria’s new third-generation ‘push’ FOI system protect agencies and ministers (and their staff) from civil and criminal liability where information is released in good faith under the mandatory proactive, additional proactive, informal and formal release mechanisms. 

RECOMMENDATION 25: That legislation establishing Victoria’s new third-generation ‘push’ FOI system protect the Information Commissioner and Public Access Deputy Commissioner from civil and criminal liability in respect of their performance of their statutory functions. Additionally, that these protections be extended to other persons employed by the regulator in respect of their performance of statutory functions on behalf of the Information Commissioner and Public Access Deputy Commissioner. 

RECOMMENDATION 26: That legislation establishing the mandatory proactive release mechanism in Victoria’s new third-generation ‘push’ FOI system require agencies and ministers to release information of significant public interest, as statutorily defined, as well as information about: • the kinds of information they hold, including what information they publish and are prepared to release (and whether it will be released free or for a fee) • their organisational structure • their functions and how their functions impact the public • arrangements that facilitate public participation in the development of their policies and exercise of their functions • their operations, strategic priorities, performance, financial affairs and related information published in tabled reports • the kinds of information they routinely release under the formal release mechanism • how the public can request information from them under the informal and formal release mechanisms • a register of information determined to be unsuitable for release under the additional proactive release mechanism • a register of information released under the informal and formal release mechanisms that has been considered for release to the broader public under the additional proactive release mechanism. 

RECOMMENDATION 27: That legislation establishing the mandatory and additional proactive release mechanisms in Victoria’s new third-generation ‘push’ FOI system contain guiding principles on how agencies and ministers are expected to release information under the mechanisms. These principles should emphasise the responsibility of agencies and ministers to: • make the public aware of the availability of the information they hold • publish information in a timely manner and in a way that is practical, easily found, clear, capable of being understood and accessible. 

RECOMMENDATION 28: That legislation establishing the mandatory proactive release mechanism in Victoria’s new third-generation ‘push’ FOI system require agencies and ministers to: • publish free on their website, or other digital platform, information captured by the mechanism, except where the cost of publishing particular information online would be unreasonable • release information that cannot be published online due to the exception via an alternative free method that is practical, timely, and accessible. Where the exception applies, and the alternative methods available to provide public access to the information are not practical, timely or easily accessible, that agencies and ministers be empowered to charge reasonable costs associated with copying the information to comply with their obligations under the mechanism. 

RECOMMENDATION 29: That legislation establishing the mandatory and additional proactive release mechanisms in Victoria’s new third-generation ‘push’ FOI system require agencies and ministers to take reasonable steps to provide an alternative method of access to information captured by the mechanism to persons who cannot access the information through the primary method due to disability, incarceration or other impediment to access. 

RECOMMENDATION 30: That legislation establishing the additional proactive release mechanism in Victoria’s new third-generation ‘push’ FOI system require agencies and ministers to review annually their approach to releasing information under the mechanism. 

RECOMMENDATION 31: That legislation establishing the informal release mechanism in Victoria’s new third-generation ‘push’ FOI system require agencies and ministers to: • provide reasonable advice and assistance to persons requesting information informally • release information under the mechanism without charge or for the lowest reasonable cost. 

RECOMMENDATION 32: That legislation establishing the informal release mechanism in Victoria’s new third-generation ‘push’ FOI system require agencies and ministers to: • consider releasing to the broader public, under the additional proactive release mechanism, information that has been released to requesters under the informal release mechanism • record all decisions to proactively release information which has been previously released under the informal release mechanism. 

RECOMMENDATION 33: That legislation establishing the formal release mechanism in Victoria’s new third-generation ‘push’ FOI system require agencies and ministers to consider whether formal requests can be dealt with under the informal release mechanism. 

RECOMMENDATION 34: That legislation establishing the formal release mechanism in Victoria’s new third-generation ‘push’ FOI system require agencies and ministers to: • record, in the form of a disclosure log, all information released under the formal release mechanism in response to FOI requests for non-personal information • update their disclosure log within 10 business days of releasing information to a requester under the formal release mechanism • publish their disclosure log on their website • release to the broader public all information recorded in their disclosure log, except: – requesters’ names – personal information or information that would unreasonably infringe personal privacy – confidential information or information communicated in confidence – information the publication of which is potentially defamatory – information prohibited under law from being disclosed or published – information that would cause substantial harm to an entity • consider releasing, under the additional proactive release mechanism, all information released to applicants in response to FOI requests for non-personal information, and record and publish all such decisions. 

RECOMMENDATION 35: That legislation establishing Victoria’s new third-generation ‘push’ FOI system ensure the Information Commissioner is granted appropriate regulatory functions and powers to regulate agency and ministerial compliance with the requirements relating to the proactive and informal release mechanisms, including with respect to disclosure logs. This should include reporting, complaint-handling, investigation, examination and audit powers, as well as the ability to take enforceable action with respect to non-compliance. 

RECOMMENDATION 36: That legislation establishing the formal release mechanism in Victoria’s new third-generation ‘push’ FOI system contain guiding principles on how agencies and ministers are expected to meet their obligations with respect to disclosure logs. These principles should: • emphasise the responsibility of agencies and ministers to ensure that their disclosure log is easy to find, search and use, and up-to-date and useful • set minimum requirements for the format of disclosure logs (for example, the type of document released and a description of its content) • permit agencies and ministers to provide additional contextual information with respect to a document recorded in a disclosure log, if they consider that it will help the public to understand it • set out how documents recorded in a disclosure log are to be released to the public (for example, online via an active electronic link in the log) • permit agencies and ministers to publish information in a different form and format from that provided to the requester if publishing it in its original format would be impractical or unreasonably burdensome. 

RECOMMENDATION 37: That legislation establishing the formal release mechanism in Victoria’s new third-generation ‘push’ FOI system require agencies and ministers to: • consider releasing to the broader public, under the additional proactive release mechanism, information which has previously been released to requesters under the formal release mechanism • record all decisions to proactively release information that has been previously released under the informal release mechanism. 

RECOMMENDATION 38: That legislation establishing Victoria’s new third-generation ‘push’ FOI system require agencies and ministers to develop, implement and publish a policy setting out, among other matters, their compliance with the guiding principles for the proactive release mechanisms; their processes for releasing information under the proactive, informal and formal release mechanisms; and their compliance with disclosure log requirements (including the kinds of information released under the informal and formal release mechanisms that will not be released to the broader public). 

RECOMMENDATION 39: That legislation establishing Victoria’s new third-generation ‘push’ FOI system include agency and ministerial reporting requirements with respect to the cost of administering the FOI scheme; compliance with their obligations under the proactive release mechanisms; the public’s use of the informal release mechanisms; and the operational efficiency of those mechanisms. 

RECOMMENDATION 40: That the Victorian Government develop and implement a whole-of-government information-management framework (‘framework’)—applicable to all agencies, ministers and government-held information subject to the FOI scheme— to support Victoria’s new third-generation ‘push’ FOI system. That the framework: • embed the purposes and benefits of a third-generation FOI system, including: – specifying, as a primary aim, improving the accountability and transparency of government and public participation in government affairs and decision-making – supporting the maximum disclosure of government-held information. • embedding e-governance and access-by-design principles into the information- and data-management processes and practices of all agencies and ministers • requiring agencies and ministers to record and publish information relating to the use of Artificial Intelligence and automated decision-making • requiring agencies and ministers to use technology to facilitate the efficient release of information under the FOI scheme. 

RECOMMENDATION 41: That legislation establishing Victoria’s new third-generation ‘push’ FOI system give effect to the key recommendations of the Information and Privacy Commission New South Wales in its report Scan of the Artificial Intelligence regulatory landscape—information access and privacy with respect to the government’s use of Artificial Intelligence (AI), namely that government: • ensure mandatory proactive disclosure of the use of AI • ensure that open access information includes a statement of use, and a description of the operation of the AI • expand information access rights under government contracted services to AI used for government decision-making • include the use of AI as a factor in favour of disclosure of information. 

RECOMMENDATION 42: That legislation establishing Victoria’s new third-generation ‘push’ FOI system require agencies and ministers to: • maintain an Information Asset Register (IAR) • record in their IAR whether information can be, or has been, released to the public (and under which statutory release mechanism) • publish a public version of their IAR on their website. 

RECOMMENDATION 43: That legislation establishing Victoria’s new third-generation ‘push’ FOI system ensure that information created by or in the possession of third-party government contractors and sub-contractors is accessible under the FOI scheme. This should be facilitated by giving agencies and ministers an immediate right of access to such information. 

RECOMMENDATION 44: That legislation establishing Victoria’s new third-generation ‘push’ FOI system ensure that private entities that receive public funding to perform public functions or provide public services are subject to the FOI scheme. 

RECOMMENDATION 45: That the Victorian Government explore the feasibility of implementing a mandatory training and education program for all public sector employees or FOI practitioners on Victoria’s new third-generation ‘push’ FOI system. 154 RECOMMENDATION 46: That the Victorian Government explore the feasibility of implementing a mandatory records-management and data-governance training and education program for all Victorian FOI practitioners. 

RECOMMENDATION 47: That the Victorian Government, in consultation with the Public Record Office of Victoria (PROV), review record-keeping and information-management requirements under the Public Records Act 1973 (Vic), as well as the PROV’s compliance monitoring and enforcement powers under the Act, to ensure their adequacy to support Victoria’s new third-generation ‘push’ FOI system. 

RECOMMENDATION 48: That legislation establishing Victoria’s new third-generation ‘push’ FOI system include specific reference to its interrelatedness with the Public Records Act 1973 (Vic), and require agency and ministerial compliance with record-keeping and information-management obligations under the Public Records Act 1973 (Vic). 

RECOMMENDATION 49: That the Victorian Government explore the feasibility of implementing a centralised whole-of-government FOI portal, supported by new and emerging technology, to centralise the making of requests and the publication of agency and ministerial disclosure logs and Information Asset Registers under Victoria’s new third-generation ‘push’ FOI system, as well as information released through proactive and informal release mechanisms. 

RECOMMENDATION 50: That the Victorian Government explore the feasibility of: • using technology, including Artificial Intelligence and automated decision-making, to facilitate the efficient administration of a third-generation FOI system. • using technology to assist with embedding access-by-design principles into information-management processes and practices across the public sector. In making this recommendation, the Committee recognises the importance of human supervision and oversight of any use of such technology, including the involvement of human decision-makers. 

RECOMMENDATION 51: That the Victorian Government—in consultation with Aboriginal Community Controlled Organisations, Aboriginal leaders, practitioners and community Members (including the Yoorook Justice Commission, Victorian Aboriginal Community Controlled Health Organisation and Victorian Aboriginal Legal Service)— explore the feasibility of recognising and embedding Indigenous Data Sovereignty and Indigenous Data Governance principles into a whole-of-government information management framework and in legislation establishing Victoria’s new third-generation ‘push’ FOI system. 

4 Efficiency 

RECOMMENDATION 52: That legislation establishing Victoria’s new third-generation ‘push’ FOI system retain the existing functions and powers of the Information Commissioner and Public Access Deputy Commissioner in the Freedom of Information Act 1982 (Vic), including their powers to undertake reviews and handle complaints; provide advice, education and guidance to agencies, ministers and the public; issue professional standards; and conduct investigations. Additionally, the Committee recommends that their delegation powers be retained. 

RECOMMENDATION 53: That legislation establishing the formal-release mechanism in Victoria’s new third-generation ‘push’ FOI system retain the following features of the Freedom of Information Act 1982 (Vic) with respect to requests: (i) legal persons can make a request, are not required to identify themselves (except when applying for personal or health information) or provide reasons for the request, and are not limited in their use of information released in response to a request (ii) there is no prescribed form for requests but they must be in writing and contain sufficient information to enable agencies and ministers to identify the information sought (iii) agencies and ministers must assist applicants to make a valid request, consult with them to make a request valid, and refer them to another agency or Minister that may hold the information requested (iv) agencies and ministers must decide FOI requests within 30 days, with extensions of time permitted in certain circumstances (v) agencies and ministers must take reasonable steps to provide access to information in a form or format requested by, or accessible to, an applicant, limited by clear and reasonable objections (for example, protection of the record, infringement of copyright and unreasonable interference with the operations of the agency). 

RECOMMENDATION 54: That legislation establishing the formal-release mechanism in Victoria’s new third-generation ‘push’ FOI system empower the Information Commissioner and Public Access Deputy Commissioner to give an enforceable direction to an agency (or minister) to release information to an applicant in a particular format or by a particular method. 

RECOMMENDATION 55: That legislation establishing Victoria’s new third-generation ‘push’ FOI system retain agency and ministerial reporting requirements in the Freedom of Information Act 1982 (Vic) subject to any needed amendments to remove outdated items. 

RECOMMENDATION 56: That legislation establishing Victoria’s new third-generation ‘push’ FOI system simplify and streamline the definition of the entities subject to the FOI scheme. 

RECOMMENDATION 57: That legislation establishing the formal-release mechanism in Victoria’s new third-generation ‘push’ FOI system require agencies and ministers to assist a prospective applicant to make a written request if they are unable to do so due to disability or disadvantage (for example, illiteracy). 

RECOMMENDATION 58: That legislation establishing the formal-release mechanism in Victoria’s new third-generation ‘push’ FOI system require agencies and ministers to acknowledge receipt of a valid FOI request in writing within five business days and that the content of the written acknowledgement be prescribed. 

RECOMMENDATION 59: That legislation establishing the formal-release mechanism in Victoria’s new third-generation ‘push’ FOI system include a provision, modelled on s 44(2) of the Government Information (Public Access) Act 2009 (NSW), permitting partial transfer of a request to another agency or minister. 

RECOMMENDATION 60: That legislation establishing the formal-release mechanism in Victoria’s new third-generation ‘push’ FOI system provide exceptions to the strict transfer and notification requirements under s 18 of the Freedom of Information Act 1982 (Vic) for agencies with complex organisational structures. 

RECOMMENDATION 61: That all statutory time frames in legislation establishing the formal release mechanism in Victoria’s new third-generation ‘push’ FOI system refer to business days rather than calendar days. 

RECOMMENDATION 62: That legislation establishing the formal-release mechanism in Victoria’s new third-generation ‘push’ FOI system include a repeat requests exception, modelled on s 60(1) of the Government Information (Public Access) Act 2009 (NSW), empowering an agency (or minister) to refuse to deal with a request (in whole or in part) if: (i) the agency decided a previous request for information substantially the same as the information sought in the request and there are no reasonable grounds for believing that the agency would make a different decision on the request to the previous decision; or (ii) the applicant has previously been provided with access to the information under the FOI scheme. 

RECOMMENDATION 63: That legislation establishing the formal-release mechanism in Victoria’s new third-generation ‘push’ FOI system include a voluminous requests exception that: (i) empowers agencies (and ministers) to refuse to deal with a request if doing so would substantially and unreasonably divert an agency’s resources from the performance of its other operations, or substantially and unreasonably interfere with the performance of the minister’s functions, and there is no overriding public interest to process the request (ii) contains a presumption in favour of processing the request (iii) prescribes the factors that agencies (and ministers) must take into account in determining whether the exception applies, by codifying the Information Commissioner’s and the Victorian Civil and Administrative Tribunal’s existing guidance on determining what is ‘substantial’ and ‘unreasonable’ (iv) prescribes a statutory threshold definition of ‘substantial and unreasonable’ diversion or interference (v) prohibits reliance on the exception on grounds that third-party consultation would likely be too onerous and provides flexibility for agencies not to consult in those circumstances (vi) permits agencies to rely on the exception where the cumulative impact of processing multiple requests received from the same applicant would constitute a ‘substantial and unreasonable’ diversion or interference (vii) prescribes the matters that must be contained in a ‘refusal to process’ decision relying on the voluminous requests exception. 

RECOMMENDATION 64: That legislation establishing Victoria’s new third-generation ‘push’ FOI system require agencies to adequately resource their FOI function and empower the Information Commissioner to direct agencies (and ministers) to review the adequacy of their FOI resourcing if their capacity to process requests is frequently constrained by the resourcing of their FOI function. 

RECOMMENDATION 65: That the s 25A(5) exception in the Freedom of Information Act 1982 (Vic) not be retained in legislation establishing the formal-release mechanism in Victoria’s new third-generation ‘push’ FOI system. 

RECOMMENDATION 66: That legislation establishing the formal-release mechanism in Victoria’s new third-generation ‘push’ FOI system apply the same threshold for consultation across all third-party consultation provisions, modelled on s 54 of the Government Information (Public Access) Act 2009 (NSW). 

RECOMMENDATION 67: That—for the purpose of facilitating partial access to information—legislation establishing the formal-release mechanism in Victoria’s new third-generation ‘push’ FOI system include a provision, modelled in part on s 22(1)(d), (2) of the Freedom of Information Act 1982 (Cth) and s 73(2) of the Right to Information Act 2009 (Qld): (i) requiring agencies (and ministers) to provide an edited copy of a document if reasonably practicable, unless the applicant has indicated that they do not want to receive it (ii) requiring agencies to provide partial access without disclosing exempt information, rather than authorising them to make such deletions as are necessary to provide partial access (iii) permitting, but not requiring, agencies to delete irrelevant information. 

RECOMMENDATION 68: That legislation establishing the review regime in Victoria’s new third-generation ‘push’ FOI system retain the Information Commissioner’s power to decide an FOI review application under s 49P of the Freedom of Information Act 1982 (Vic) and: (i) extend that power to the Public Access Deputy Commissioner without the need for an instrument of delegation; and (ii) empower the Information Commissioner and Public Access Deputy Commissioner to delegate, to senior staff, their power to decide an FOI review application, including the power to make a fresh decision on the original request. 

RECOMMENDATION 69: That legislation establishing the review regime in Victoria’s new third-generation ‘push’ FOI system empower the Information Commissioner to ensure that agencies (and ministers) take appropriate action to give effect to the Office of the Victorian Information Commissioner’s FOI review decisions, subject to their Victorian Civil and Administrative Tribunal review rights. 

RECOMMENDATION 70: That legislation establishing the formal-release mechanism in Victoria’s new third-generation ‘push’ FOI system extend the time frame specified in ss 49P(4)(b) and 52(9) of the Freedom of Information Act 1982 (Vic) from 14 days to 30 days. 

RECOMMENDATION 71: That legislation establishing the formal-release mechanism in Victoria’s new third-generation ‘push’ FOI system include a vexatious applicant provision, modelled on ss 89K–89N of the Freedom of Information Act 1982 (Cth) and s 114 of the Right to Information Act 2009 (Qld), empowering the Information Commissioner to make a vexatious FOI applicant declaration on the application of an agency or minister, or on the Commissioner’s own initiative, with a right of review to the Victorian Civil and Administrative Tribunal. 

RECOMMENDATION 72: That legislation establishing Victoria’s new third-generation ‘push’ FOI system address Recommendations 4 and 5 in the Integrity and Oversight Committee’s Performance of the Victorian integrity agencies 2021/22 report. 

RECOMMENDATION 73: That legislation establishing Victoria’s new third-generation ‘push’ FOI system protect the Information Commissioner, Public Access Deputy Commissioner and Office of the Victorian Information Commissioner staff from civil and criminal liability with respect to their good-faith performance of their statutory functions and the exercise of their statutory powers. 

RECOMMENDATION 74: That legislation establishing Victoria’s new third-generation ‘push’ FOI system retain the legal protections afforded to agencies (and ministers) in s 62 of the Freedom of Information Act 1982 (Vic), and extend those protections to the Information Commissioner and Public Access Deputy Commissioner with respect to their power to decide an FOI review application, as well as to persons with delegated authority to decide FOI review applications. 

RECOMMENDATION 75: That legislation establishing Victoria’s new third-generation ‘push’ FOI system empower the Information Commissioner to make binding recommendations in connection with an FOI complaint. 

RECOMMENDATION 76: That legislation establishing Victoria’s new third-generation ‘push’ FOI system empower the Information Commissioner to issue binding professional standards and guidelines on FOI legislation—including on how provisions should be interpreted—and require agencies (and ministers) to have regard to them when administering the FOI scheme. 

RECOMMENDATION 77: That legislation establishing Victoria’s new third-generation ‘push’ FOI system ensure the Information Commissioner is granted appropriate powers to regulate compliance with the legislation, and professional standards and guidelines issued under it, including empowering the Information Commissioner to impose sanctions for serious or serial agency and ministerial non-compliance with their statutory obligations under the FOI scheme. 

RECOMMENDATION 78: That legislation establishing the formal-release mechanism in Victoria’s new third-generation ‘push’ FOI system: (i) empower the Information Commissioner to make, vary and revoke a vexatious applicant declaration on the application of an affected agency (or minister) or on the Commissioner’s own initiative (ii) prescribe the grounds for making a vexatious applicant declaration—namely, repeat requests for information by the same applicant or applicants acting in concert which are manifestly unreasonable or an abuse of process (iii) establish a right of review to the Victorian Civil and Administrative Tribunal in respect of a vexatious applicant declaration of the Information Commissioner. 

RECOMMENDATION 79: That legislation establishing Victoria’s new third-generation ‘push’ FOI system introduce offence provisions for: (i) destroy, conceal or alter any record of government information for the purpose of preventing disclosure under FOI legislation (ii) wilfully obstruct access to information under FOI legislation, including directing or improperly influencing an FOI decision-maker to decide a request contrary to the requirements of the Act (iii) wilfully obstruct, hinder or resist the Information Commissioner, Public Access Deputy Commissioner or member of staff of the Office of the Victorian Information Commissioner, modelled on s 63F of the Freedom of Information Act 1982 (Vic). 

RECOMMENDATION 80: That the Victorian Government review the desirability and feasibility of making the position of Information Commissioner an independent officer of Parliament. 

RECOMMENDATION 81: That the Victorian Government review the desirability and feasibility of the Victorian Independent Remuneration Tribunal setting and reviewing the remuneration of the Information Commissioner and Public Access Deputy Commissioner. 

RECOMMENDATION 82: That the Victorian Government review the desirability and feasibility of directly funding the Office of the Victorian Information Commissioner through Parliament’s appropriation, similar to the funding arrangements of the Independent Broad-based Anti-corruption Commission, Victorian Ombudsman and Victorian Inspectorate. 

RECOMMENDATION 83: That legislation establishing the review regime in Victoria’s new third-generation ‘push’ FOI system preserve the review rights in s 50(1)(b) and (c) of the Freedom of Information Act 1982 (Vic) and clarify that the respondent to the proceeding is the relevant agency. 

RECOMMENDATION 84: That legislation establishing the review regime in Victoria’s new third-generation ‘push’ FOI system preserve the review rights in s 50(3D) of the Freedom of Information Act 1982 (Vic) and clarify that the respondent to the proceeding is the original FOI applicant. 

RECOMMENDATION 85: That legislation establishing the review regime in Victoria’s new third-generation ‘push’ FOI system preserve the review rights in s 50(3)–(3A) of the Freedom of Information Act 1982 (Vic) and clarify that, where, as a result of machinery of government changes, (i) a primary agency has possession and control of information of a legacy agency the subject of a review decision of the Information Commissioner; and (ii) the primary agency would have a right to apply to the Victorian Civil and Administrative Tribunal (VCAT) for a review of the Information Commissioner’s decision under s 50 of the Freedom of Information Act 1982 (Vic), the legacy agency has standing to apply to VCAT as an affected third party. 

RECOMMENDATION 86: That legislation establishing the review regime in Victoria’s new third-generation ‘push’ FOI system clarify that, in a review conducted by the Victorian Civil and Administrative Tribunal of a deemed refusal decision of an agency, the Tribunal will, for the purpose of deciding the review, consider the actual decision of the agency. 

RECOMMENDATION 87: That legislation establishing the review regime in Victoria’s new third-generation ‘push’ FOI system clarify that the Victorian Civil and Administrative Tribunal cannot consider the adequacy of an agency’s search for documents in connection with a request, except in respect of the Tribunal’s review of a deemed refusal decision where a ‘documents do not exist or cannot be located’ decision is made by an agency before the review is heard or decided. 

RECOMMENDATION 88: That legislation establishing Victoria’s new third-generation ‘push’ FOI system include a statutory requirement for the Act to be reviewed four years after its commencement, and every five years thereafter. 

RECOMMENDATION 89: That legislation establishing the formal-release mechanism in Victoria’s new third-generation ‘push’ FOI system ensure that there is no application fee. 

RECOMMENDATION 90: That legislation establishing the formal-release mechanism in Victoria’s new third-generation ‘push’ FOI system ensure that no access charges are imposed for requests for personal or health information. 

RECOMMENDATION 91: That legislation establishing the formal-release mechanism in Victoria’s new third-generation ‘push’ FOI system limit access charges for non-personal and non-health-related requests to the cost of copying and delivering the information sought, and ensure that the first 20 pages can be accessed free of charge. 

RECOMMENDATION 92: That legislation establishing the formal-release mechanism in Victoria’s new third-generation ‘push’ FOI system contain a general discretion to waive, reduce or refund any access charges payable under the Act, supported by binding FOI Guidelines issued by the Information Commissioner on decision-making with respect to the fee-waiver provision (including a straightforward standardised threshold for qualifying for the waiver that includes legal aid clients). 

RECOMMENDATION 93: That the Victorian Government, as part of the Treaty negotiations, consider how structural barriers to Aboriginal people and Aboriginal Community Controlled Organisations (ACCOs) accessing government-held information under the FOI scheme are best overcome. 

RECOMMENDATION 94: That legislation establishing the formal-release mechanism in Victoria’s new third-generation ‘push’ FOI system empower the Information Commissioner to review agency (and ministerial) decisions to impose an access charge and the quantum of such charges. 

RECOMMENDATION 95: That the public’s right to request a correction or amendment of personal information under the Freedom of Information Act 1982 (Vic), Health Records Act 2001 (Vic) and Privacy and Data Protection Act 2014 (Vic) be consolidated in the Privacy and Data Protection Act 2014 (Vic). 230 Inquiry into the operation of the Freedom of Information Act 1982 (Vic) 

RECOMMENDATION 96: That the Victorian Government consolidate the Health Privacy Principles in the Health Records Act 2001 (Vic) and the Information Privacy Principles in the Privacy and Data Protection Act 2014 (Vic) in the Privacy and Data Protection Act 2014 (Vic), under the regulation of the Office of the Victorian Information Commissioner. 

RECOMMENDATION 97: That access to personal and health information be regulated under Victoria’s new third-generation push FOI system, and that this access arrangement replace the existing fragmented access arrangements under FOI and health and privacy legislation. 

RECOMMENDATION 98: That the public’s enforceable access and review rights under the Freedom of Information Act 1982 (Vic), with respect to personal and health information, be retained in legislation establishing the formal mechanism in Victoria’s new third-generation ‘push’ FOI system, but positioned as a last resort for obtaining access to such information. 

RECOMMENDATION 99: That legislation establishing Victoria’s new third-‘push’ FOI system authorise, strongly encourage and support agencies (and ministers) to release personal and health information through the informal-release mechanism as a first port of call, and establish, for that purpose, administrative access schemes for frequently requested information. 

RECOMMENDATION 100: That legislation establishing Victoria’s new third-generation ‘push’ FOI system protect FOI decision-makers from civil and criminal liability with respect to their good-faith release of information under the informal and formal release mechanisms. 

RECOMMENDATION 101: That legislation establishing Victoria’s new third-generation ‘push’ FOI system exempt from the FOI scheme information that can be accessed under the access to information regime established by s 9 of the Workplace Injury Rehabilitation and Compensation Act 2013 (Vic). 231

Social Media Surveillance Practice

The US Federal Trade Commission 'A Look Behind the Screens Examining the Data Practices of Social Media and Video Streaming Services' report comments 

Social Media and Video Streaming Services (“SMVSSs”) have become a ubiquitous part of our daily lives and culture. Various types of SMVSSs provide places where people can connect, create, share, or stream everything from media content like videos, music, photos, and games; comment on or react to content; connect with and send messages to other users; join, participate in, or subscribe to groups, message boards, or content channels; read or watch news; and consume advertisements for consumer products. Unsurprisingly, this ease of accessing information and connecting others has transformed our society in many ways. 

These types of services let you connect with the world from the palm of your hand. At the same time, many of these services have been at the forefront of building the infrastructure for mass commercial surveillance. Some firms have unique access to information about our likes and dislikes, our relationships, our religious faiths, our medical conditions, and every other facet of our behavior, at all times and across multiple devices. This vast surveillance has come with serious costs to our privacy. It also has harmed our competitive landscape and affected the way we communicate and our well-being, especially the well-being of children and teens. Moreover, certain large SMVSSs may enjoy significant market power and therefore face fewer competitive constraints on their privacy practices and other dimensions of quality. 

In December 2020, the Federal Trade Commission (“Commission” or “FTC”) issued identical Orders to File Special Reports under Section 6(b) of the FTC Act to a cross-section of nine companies in the United States in order to gain a better understanding of how their SMVSSs affect American consumers. Appendix A to this report (hereinafter “Appendix A”) is a copy of the text of the Order that the Commission issued to these nine Companies. 

This report is a culmination of that effort. Based on the information provided in response to the Commission’s Orders, publicly available materials, and the Commission’s long experience with SMVSSs, this report highlights the practices of the Companies’ SMVSSs, which include social networking, messaging, or video streaming services, or photo, video, or other content sharing applications available as mobile applications or websites. The report contains five sections relating to the following topics: (1) data practices, such as collection, use, disclosure, minimization, retention, and deletion; (2) advertising and targeted advertising; (3) the use of automated decision-making technologies; (4) practices relating to children and teens; and (5) concerns relating to competition. 

1. Summary of Key Findings 

This report makes the following general findings, although each finding may not be applicable to every one of the Companies in every instance: 

• Many Companies collected and could indefinitely retain troves of data from and about users and non-users, and they did so in ways consumers might not expect. This included information about activities both on and off of the SMVSSs, and included things such as personal information, demographic information, interests, behaviors, and activities elsewhere on the Internet. The collection included information input by users themselves, information gathered passively or inferred, and information that some Companies purchased about users from data brokers and others, including data relating to things such as household income, location, and interests. Moreover, many Companies’ data practices posed risks to users’ and non-users’ data privacy, and their data collection, minimization, and retention practices were woefully inadequate. For instance, minimization policies were often vague or undocumented, and many Companies lacked written retention or deletion policies. Some of the Companies’ SMVSSs did not delete data in response to user requests—they just de-identified it. Even those Companies that actually deleted data would only delete some data, but not all. 

• Many Companies relied on selling advertising services to other businesses based largely on using the personal information of their users. The technology powering this ecosystem took place behind the scenes and out of view to consumers, posing significant privacy risks. For instance, some Companies made available privacy-invasive tracking technologies such as pixels, which have the ability to transmit sensitive information about users’ actions to the SMVSSs that use them. Because the advertising ecosystem is complex and occurs beneath the surface, it is challenging for users to decipher how the information collected from and about them is used for ad targeting—in fact, many users may not be aware of this at all. Some Companies’ ad targeting practices based on sensitive categories also raise serious privacy concerns. 

• There was a widespread application of Algorithms, Data Analytics, or artificial intelligence (“AI”), to users’ and non-users’ personal information. These technologies powered the SMVSSs—everything from content recommendation to search, advertising, and inferring personal details about users. Users lacked any meaningful control over how personal information was used for AI-fueled systems. This was especially true for personal information that these systems infer, that was purchased from third parties, or that was derived from users’ and non-users’ activities off of the platform. This also held true for non-users who did not have an account and who may have never used the relevant service. Nor were users and non-users empowered to review the information used by these systems or their outcomes, to correct incorrect data or determinations, or to understand how decisions were made, raising the potential of further harms when systems may be unreliable or infer sensitive information about individuals. Overall, there was a lack of access, choice, control, transparency, explainability, and interpretability relating to the Companies’ use of automated systems. There also were differing, inconsistent, and inadequate approaches relating to monitoring and testing the use of automated systems. Other harms noted included Algorithms that may prioritize certain forms of harmful content, such as dangerous online challenges, and negative mental health consequences for children and teens. 

• The trend among the Companies was that they failed to adequately protect children and teens—this was especially true of teens, who are not covered by the Children’s Online Privacy Protection Rule (“COPPA Rule”). Many Companies said they protected children by complying with the COPPA Rule but did not go further. Moreover, in an apparent attempt to avoid liability under the COPPA Rule, most SMVSSs asserted that there are no child users on their platforms because children cannot create accounts. Yet we know that children are using SMVSSs. The SMVSSs should not ignore this reality. When it comes to teens, SMVSSs often treat them as if they were traditional adult users. Almost all of the Companies allowed teens on their SMVSSs and placed no restrictions on their accounts, and collected personal information from teens just like they do from adults. 

The past can teach powerful lessons. By snapshotting the Companies’ practices at a recent moment in time (specifically, the Orders focused on the period of 2019–2020) and highlighting the implications and potential consequences that flowed from those practices, this report seeks to be a resource and key reference point for policymakers and the public. 

2. Summary of Competition Implications 

• Data abuses can fuel market dominance, and market dominance can, in turn, further enable data abuses and practices that harm consumers. In digital markets, acquiring and maintaining access to significant user data can be a path to achieving market dominance and building competitive moats that lock out rivals and create barriers to market entry. The competitive value of user data can incentivize firms to prioritize acquiring it, even at the expense of user privacy. Moreover, a company’s practices with respect to privacy, data collection, data use, and automated systems can comprise an important part of the quality of the company’s product offering. A lack of competition in the marketplace can mean that users lack real choice among services and must surrender to the data practices of a dominant company, and that companies do not have to compete over these dimensions—depriving consumers of additional choice and autonomy. In sum, limited competition can exacerbate the consumers harms described in this report. 

3. Summary of Staff Recommendations 

• Companies can and should do more to protect consumers’ privacy, and Congress should enact comprehensive federal privacy legislation that limits surveillance and grants consumers data rights. Baseline protections that Companies should implement include minimizing data collection to only that data which is necessary for their services and implementing concrete data retention and data deletion policies; limiting data sharing with affiliates, other company-branded entities, and third parties; and adopting clear, transparent, and consumer-friendly privacy policies. 

• Companies should implement more safeguards when it comes to advertising, especially surrounding the receipt or use of sensitive personal information. Baseline safeguards that Companies should implement include preventing the receipt, use, and onward disclosure of sensitive data that can be made available for use by advertisers for targeted ad campaigns. 

• Companies should put users in control of—and be transparent about—the data that powers automated decision-making systems, and should implement more robust safeguards that protect users. Changing this would require addressing the lack of access, choice, control, transparency, explainability, and interpretability relating to their use of automated systems; and implementing more stringent testing and monitoring standards. 

• Companies should implement policies that would ensure greater protection of children and teens. This would include, for instance, treating the COPPA Rule as representing the minimum requirements and providing additional safety measures for children as appropriate; recognizing that teen users are not adult users and, by default, afford them more protections as they continue to navigate the digital world; providing parents/legal guardians a uniform, easy, and straightforward way to access and delete their child’s personal information. 

• Firms must compete on the merits to avoid running afoul of the antitrust laws. Given the serious consumer harms risked by lackluster competition, antitrust enforcers must carefully scrutinize potential anticompetitive acquisitions and conduct and must be vigilant to anticompetitive harms that may manifest in non-price terms like diminished privacy.

The FTC notes

The SMVSSs in our study demonstrate the many ways in which consumers of all ages may interact with or create content online, communicate with other users, obtain news and information, and foster social relationships. For example:

• Amazon.com, Inc. is the parent company of the Twitch SMVSS, wherein users can watch streamers play video games in real time. In 2022, Twitch reported an average of 31 million daily visitors to its service, most of whom were between 18 and 34 years old.  

• ByteDance Ltd. is the ultimate parent company of TikTok LLC, the entity that operates the TikTok SMVSS. TikTok enables users to watch and create short-form videos.  TikTok reported having 150 million monthly active users in the United States in 2023, up from 100 million monthly active users in 2020. 

• Discord Inc. operates the Discord SMVSS that provides voice, video, and text communication capabilities to users, by means of community chat rooms known as “servers.”  In 2023, Discord reported having 150 million monthly active users, with 19 million active community chat rooms per week. 

• Meta Platforms, Inc., formerly known as Facebook, Inc., operates multiple SMVSSs. In 2023, Meta reported having 3 billion users across its services. WhatsApp Inc. is part of the Meta Platforms, Inc. corporate family. WhatsApp Inc. received a separate Order, and is therefore treated as a separate Company for purposes of this report. 

 o The Facebook SMVSS provides users with a communal space to connect to a network of other users by sharing, among other things, text posts, photos, and videos.  In March 2023, Meta reported an average of more than 2 billion daily active users and almost 3 billion monthly active users. 

o The Messenger SMVSS is a messaging application that allows users to communicate via text, audio calls, and video calls. Users of Messenger must have a Facebook account to use Messenger’s services. 

o The Messenger Kids SMVSS is a children’s messaging application that allows users to communicate via text, audio calls, and video calls.Parents of Messenger Kids users create accounts for their children through a parent’s Facebook account. 

o The Instagram SMVSS, acquired by Meta Platforms, Inc. in 2012,72 allows users to share photos and videos with their networks. News reports estimated that as of 2021 there were 1.3 billion users on Instagram. 

o The WhatsApp SMVSS, acquired in 2014 by Meta Platforms, Inc.,   is a messaging platform.WhatsApp reportedly had more than 2 billion users in 2023. 

• Reddit, Inc. operates the Reddit SMVSS, which provides communities wherein users can discuss their specific interests.News outlets reported that, as of April 2023, approximately 57 million people visit the Reddit platform every day. 

• Snap Inc. operates the Snapchat SMVSS, which it describes in part as a “visual messaging application that enhances your relationships with friends, family, and the world.”  Snapchat also includes “Stories,” which provides users the ability to “express themselves in narrative form through photos and videos, shown in chronological order, to their friends.”  Snap Inc. reported having 375 million average daily active users in Q4 2022. 

• Twitter, Inc. was a publicly traded company until October 2022, at which time it became a privately held corporation called X Corp. Since that time, X Corp. has operated X, formerly known as the Twitter SMVSS, which provides users with the ability to share short posts.  Twitter, Inc. reported having 217 million average daily users in Q4 2021. 

• YouTube, LLC is wholly owned by Google LLC, with Alphabet Inc. as the ultimate parent. Google LLC operates YouTube’s two SMVSSs. 

o The YouTube SMVSS is a video sharing product. As of February 2021, YouTube, LLC reported that “over two billion logged in users [come] to YouTube every month . . . . ” 

o The YouTube Kids SMVSS, first introduced in 2015, is a children’s video product with family-friendly videos and parental controls.88 As of February 2021, YouTube, LLC reported that YouTube Kids had more than 35 million weekly viewers.

 While the SMVSSs in this report are generally “zero price” (or have free versions available) for the end user – meaning they require no money from consumers to sign up, or to create an account, for the basic version of the product – firms monetize (or profit off of) these accounts through data and information collection. 

Workplace Drug Testing

The report by the Victorian Legislative Council Legal and Social Issues Committee on its inquiry into 'workplace drug testing in Victoria' features the following findings and recommendations 

Workplace drug testing: its effectiveness and impact on employees 

FINDING 1: The current workplace drug testing approach focuses on drug presence. The methods used do not test for impairment. 

RECOMMENDATION 1: That the Victorian Government support the principle that in non‐mandated industries, drug testing should only occur where employers have a well‐founded belief that an employee may be impaired at work and should only then occur in the context of a comprehensive, alcohol and other drug policy and accompanying support framework as agreed by employers and employees within a workplace relations context. 

FINDING 2: Employees may consider prescription medication such as benzodiazepines and opioids a safer option than medicinal cannabis, despite the fact they may cause greater impairment and be more addictive. 

Reform to legislation and alcohol and other drugs policies 

RECOMMENDATION 2: That the Victorian Government amend the Occupational Health and Safety Act 2004 and/or regulations to state key principles around alcohol and other drugs testing, including prescription medication. These principles should include, but not be limited to, the rights of workers to privacy and dignity, a commitment to workplace education, appropriate support measures and when and how alcohol and other drugs testing can or should be carried out. 

RECOMMENDATION 3: That the Victorian Government amend the definition of discrimination in Section 7 of the Equal Opportunity Act 2010 to clarify that where a person uses prescription medication or requires medical treatment for a disability, this is a characteristic that a person with that disability generally has. 

FINDING 3: Alcohol and other drugs policies vary because they depend on the workplace and the nature of work in each workplace. However, the absence of specific guidance from WorkSafe on some issues – including medicinal cannabis – has resulted in uncertainty and therefore inconsistencies in the approach taken by different workplaces. 

RECOMMENDATION 4: That WorkSafe update its advice on alcohol and other drugs policies with information on medicinal cannabis, in particular that it should be considered in the same way as all medications that cause impairment. The advice should include but not be limited to: • The legal status of prescribed medicinal cannabis • The difference between CBD and THC • The relationship between the presence of THC and impairment • When employees should be required to disclose that they are taking medicinal cannabis. 

RECOMMENDATION 5: That WorkSafe convene a working group consisting of industry stakeholders including employees and employers’ representatives, government departments, and public sector Alcohol and Other Drug (AOD) providers to: a. Update the ‘Guide for developing a workplace alcohol and other drugs policy’ which is no longer it‐for‐purpose. b. Develop a Compliance Code covering, but not limited to: • Obligations of employers and workers in relation to impairment and safety at work, including the right to privacy and dignity, • General awareness training of impairment, • Appropriate policies and procedures, • Obligations and rights of HSRs to provide a health led response to impairment, • Reasonable workplace adjustments in the workplace for impairment, and • Advice on available alcohol, drug and gambling support. The Compliance Code should be accompanied by a complementary and comprehensive education campaign, emphasising a health‐based approach to AOD in the workplace, and the development of a Health and Safety Representative refresher training program. 

RECOMMENDATION 6: That WorkSafe establish a framework to ensure that workplace drug policies are communicated in a clear and easily understandable manner which is visible and accessible to all employees. 

RECOMMENDATION 7: That WorkSafe investigate impairment testing methodologies, including the results of the current medicinal cannabis closed track driving trial, and publicly advise on their applicability to workplace drug testing.

Intel, law and flourishing

'The Intelligence Community as a Normative Actor under International Law' by Sophie Duroy in Russell Buchan and Iñaki Navarette (eds) Research Handbook on Intelligence and International Law (Elgar, forthcoming 2025) comments 

 Although the exact parameters remain debated, it is now undisputed that international law applies to intelligence activities. A more difficult - and still unanswered - question is how international law and the intelligence community influence one another. In this chapter, I demonstrate that the relationship between international law and the intelligence community is bidirectional and mutually constitutive. International law first constitutes a strong permissive tool for the intelligence community. The intelligence community invokes international law to explain, justify, and legitimate its activities, while international law itself provides legitimation to the intelligence community for many of its activities. At the same time, international law also constrains the intelligence community through the risk of accountability, which matches the increase in exposures. In turn, the intelligence community shapes international law when it uses it for political legitimation. Whereas, in the past, the intelligence community remained silent on its practices, at best uttering 'neither confirm nor deny', the situation has changed. Forced exposure has triggered a matching need to legitimise intelligence activities through law. The intelligence community is now openly engaging with and interpreting international law, putting forward interpretations that will legitimise its preferred outcomes and empower it to pursue its choices of policies. In doing so, the intelligence community changes the meaning ascribed to international norms. In addition, when the intelligence community refuses to abide by the rules of the legalism game by not providing a legal justification for its activities, it undermines the status of international legal norms, which may be perceived as less binding by the rest of the international community. For these reasons, the intelligence community has truly become a normative actor under international law and should be considered an occasional norm-shaper, if not yet a norm-setter.

'Making Tangible the Long-Term Harm Linked to the Chilling Effects of AI-enabled Surveillance: Can Human Flourishing Inform Human Rights?' by Niclas Rautenberg & Daragh Murray in (2024) Human Rights Review comments 

The digital era, and the development of AI-enhanced analytical tools in particular, has brought about a step change in State surveillance capabilities. Previously States could only monitor a relatively small number of individuals and gain relatively limited insights into their activities. Today, however, we are moving towards a pervasive surveillance society wherein States can monitor nearly everyone within their jurisdiction, develop detailed individual profiles, predict likely future behaviors, and make individually focused decisions. Digitalization and AI also mean that States can deploy this surveillance capability at virtually no cost (e.g., Lyon 2001, Buckley and Mozur, 2019; Shakir and Wang, 2021; Amnesty International, 2023). This is a new and unprecedented development. The precise impact of this surveillance capability is as yet unknown but it is likely to exert chilling effects, whereby individuals modify their behavior due to concern as to the consequences that may follow if that behavior is observed (Penney 2022; Murray et al. 2024; Stevens et al. 2023). Externally imposed changes to behavior will inevitably affect the process by which individuals develop and express their identity, potentially discouraging new or unconventional ideas, encouraging adherence to the status quo, and undermining the well-being and evolution of democratic society (Richards 2013; Cohen 2000). 

Typically, we would turn to international human rights law to regulate State surveillance. As it stands, however, it is not clear that human rights law is suited to this task. Human rights law was developed for an analogue world, when States’ surveillance capability was limited to individuals or groups of individuals, not all of society. As such, while human rights law is relatively adept at protecting specific threats to individuals’ identity caused by chilling effects – if, for instance, their activities are recorded in public, peaceful assemblies are inappropriately interfered with, or a political opponent is subject to sanction as a warning – it is not set up to protect against the society-wide chilling effects linked to pervasive surveillance. The difficulty of course is that pervasive surveillance is one of, if not the, defining features of the AI age. This presents a significant challenge, particularly because underestimating harms associated with chilling effects risks inappropriately biasing human rights compliance tests in favor of surveillance, exacerbating the problem. Accordingly, if human rights law is to remain relevant it must acknowledge the transition from an analogue to a digital society and evolve. Doing so requires a better understanding of the social institutions that facilitate individuals’ ability to freely develop their identity, to become their ‘true selves’, and to emerge – if they so choose – as political actors capable of contributing to the evolution of democratic society. Or, put differently, it requires a better understanding of how harm to social institutions may be conceptualized so that this harm may be incorporated into human rights compliance tests. 

The notion of a ‘true self’ is closely linked to the work of Friedrich Nietzsche who famously wrote that the ultimate goal in life is to become who one is (2001: §270). This somewhat paradoxical formula for developing one’s identity amounts to finding and living in one’s own ‘style’. By gaining an understanding of one’s strengths and weaknesses, an understanding of who one currently is and can potentially be in the future, one can construct an ideal version of oneself as a guiding idea. Thus striving, we are bound by our style, ‘but also perfected under [our] own law’, promising the attaining of ‘satisfaction with’ ourselves (Nietzsche 2001: §290). Irene McMullin (2018) argues that this dynamic process of self-becoming is an integral part of living a good life, i.e., of human flourishing. The link between human flourishing and the free development of an individual’s identity are clear. McMullin also notes that a life well-lived involves deliberating about and considering the norms regulating society (2018: 64). Importantly, these two dimensions are interwoven: developing one’s true self, and the social institutions enabling such development, mutually inform one another (ibid.). The notion of flourishing therefore reflects both dimensions negatively affected by surveillance-related chilling effects. A closer look at this concept may provide insight into how chilling effects interfere with flourishing (or identity development) at a societal level, thus providing a lens through which to conceptualize and assess the (long-term) harms associated with AI-enhanced State surveillance. 

This paper begins by discussing the chilling effects surveillance technologies exert on individuals and their identity development, as well as relevant human rights protections, namely: the right to private life, freedom of expression, and freedom of assembly (Section 2). Section 3 evaluates contemporary objective and subjective approaches to flourishing in light of this paper’s purposes. Broadly speaking, objective theories hold that flourishing is determined by the fulfilment, or not, of certain objective criteria, irrespective of an individual’s own perception, while subjective theories put a high emphasis on the autonomy of the individual in determining what constitutes flourishing. This examination is not intended to be comprehensive. Instead, for the purposes of this paper, paradigmatic examples are introduced: Aristotelian naturalism provides an example of an objective approach (3.1.); L.W. Sumner’s life-satisfaction approach provides an example of a subjective theory (3.2.). We engage with both approaches to raise some important critiques, specifically regarding their suitability as conceptual tools for human rights analyses. Relevant is the role of personal autonomy and choice, as well as the establishment of a clear story explaining how flourishing can be facilitated. Accordingly, Section 4 introduces Nussbaum’s iteration of the capabilities approach. While her account is still objectivist, it safeguards an individual’s autonomy to a degree that Aristotelian naturalism does not. It therefore incorporates an important subjective dimension into the concept of flourishing, while not falling prey to the critiques raised with respect to the life-satisfaction approach. Section 5 discusses how the capabilities approach can offer a useful framework through which to conceptualize the harm linked to surveillance chilling effects. In essence, in order to preserve individual identity development and democratic processes, individuals must be free to flourish. AI should not, therefore, inappropriately interfere with the development and exercise of the capabilities, and so the capabilities can act as a frame of reference against which to evaluate proposed AI deployments. However, in order to indicate when and to what extent harm occurs – requirements central to any human rights law analysis – the capabilities must be operationalized. This is a far from trivial task, and this paper concludes by raising two key challenges that are likely to arise.

Rights and Professional Regulation

'Historicizing the Historical Turn in Human Rights Studies: Origins, Inequality, and Neoliberalism in the Modern Epoch' by Tomas Wedin and Carl Wilén in (2024) Nordic Journal of Human Rights comments 

The historical turn in human rights studies is characterized by a deep cleavage between scholars who locate the origins of human rights in the Atlantic Revolutions of the late 18th century, and scholars who instead focus on the post-WWII period in general, and on the 1970s in particular as a breakthrough decade for international human rights. Against the background of what has been described as the threatened status of human rights today, we contend that the problem of origins remains as crucial as ever before, but that the way in which it is conceived is outdated and in need of reconceptualization in three ways. First, the historical turn should be seen as one body of literature with two distinct phases: one focused on origins and historical continuity and rupture, and a more recent, ongoing phase addressing the relationship between human rights and the concomitant neoliberalization of society and increasing economic inequality. We contend, secondly, that the debate itself needs to be historicized, and that the two thematic phases are rooted in two specific political, ideological, and economic contexts. The debate about origins relate to a pre-2007-2008 financial crisis era, marked by near-universal acceptance of human rights. Meanwhile, the issues of inequality and neoliberalism predominantly emerged in the post-crisis period as human rights faced more and more challenges. Thirdly, we present a theoretical argument for why the distinct issues constituting the two thematic phases should not be separated from each other. Indeed, in this setting, we demonstrate that the question regarding the relation between neoliberalism and human rights presupposes an account of the origins of human rights.

'Demystifying Legal Personhood for Non-Human Entities: A Kelsenian Approach' by Thomas Buocz and Iris Eisenberger in (2023) 43(1) Oxford Journal of Legal Studies 32–53 comments 

This article aims to show that minimalist theories of legal personhood are particularly well suited to evaluating legal personhood proposals for non-humans. It adopts the perspective of Hans Kelsen’s theory of legal personhood, which reduces legal persons to bundles of legal norms. Through the lens of Kelsen’s theory, the article discusses two case studies: legal personhood for natural features in New Zealand and legal personhood for robots in the EU. While the New Zealand case was an acclaimed success, the EU’s proposal was heavily criticised and eventually abandoned. The article explains these widely differing outcomes by highlighting the relevant legal norms and their addressees rather than legal personhood itself. It does so by specifying the rights and obligations that constitute the legal persons, by preventing the attribution of any other rights and obligations to these persons and, finally, by tracing who is ultimately addressed by the relevant rights and obligations.

Steward J In the matter of an application by Mark Hobart, Valerie Peers and Denise Borsos for leave to issue or file [2024] HCASJ 30 has dismissed the application for leave to issue or file the proposed writ of summons dated 14 May 2024 in relation to three former health practitioners. 

His Honour states 

 The facts and legal claims underlying the applicants' proposed writ of summons are as follows. 

The applicants, who are self-represented, seek to commence proceedings in the original jurisdiction of this Court against the Chief Executive Officer of the Australian Health Practitioner Regulation Agency ("AHPRA") and the Chair of the Medical Board of Australia ("the Board"). 

Each of the applicants formerly practised as a registered health practitioner in Victoria. In November 2021, the Medical Board of Australia suspended the registration of each of the applicants pursuant to s 156 of the Health Practitioner Regulation National Law ("the National Law"); namely on the basis that the Board reasonably believed that, because of each applicant's conduct, each applicant posed a serious risk to persons and it was necessary to take immediate action to protect public health and safety. Pursuant to s 159(2) of the National Law, the suspension of each applicant will remain in place until, relevantly, the decision to suspend it is set aside on appeal or the suspension is revoked by the Board. The affidavit evidence before me indicates that the applicants' suspensions are continuing. 

The Board's stated reasons for the applicants' suspensions were substantially similar in respect of each of the applicants. In short, the Board alleged that each applicant had: issued COVID-19 vaccine exemption certificates to patients who did not meet the requisite criteria to receive such certificates; and/or promoted, in consultation with patients, "unjustifiable, misleading and/or non-factual claims" in accordance with the applicant's medical and/or personal opinions. With respect to the first and second applicants, the Board alleged that they failed to comply with public health directives in the conduct of each applicant's respective medical practice. With respect to the first applicant, the Board further alleged that the first applicant had participated in the online publication or dissemination of information relating to COVID-19 that contravened "the position of local, state and federal government and health authorities". 

The Board informed each applicant that their conduct reflected a "complete disregard" for the Board's position on COVID-19 vaccination and further contravened "the position of local, state and federal government and health authorities". The Board considered that, by reason of the alleged conduct, each applicant posed a serious risk to public safety and public confidence in the medical profession and brought into question each applicant's "ability to behave in accordance with the standards of the profession and broader health system", including the Board's Code of Conduct. 

The Board's position on COVID-19 vaccination was communicated in a joint position statement dated 9 March 2021, issued by the Board and AHPRA, as well as State, Territory, and other medical boards. The position statement encouraged registered health practitioners to be vaccinated against COVID-19. It further stated that registered health practitioners were expected to be appropriately qualified and trained to administer COVID-19 vaccines if authorised, and to provide accurate information and advice about COVID-19 vaccination, including in social media and advertising. The position statement also acknowledged the possibility of conscientious objection by practitioners with respect to receiving, authorising, prescribing or administering the COVID-19 vaccination, and provided guidance to practitioners as to the appropriate steps to be taken in relation to such objections. 

By the proposed writ of summons, the applicants contend, in substance, that each suspension decision made by the Board in respect of the applicants amounted to an improper use of the suspension power contained in s 156 of the National Law, and constituted an act of misfeasance in a public office by the defendants that was "calculated to cause damage" to the applicants. The applicants further contend that the power of suspension contained in s 156 of the National Law, together with the joint position statement, was used to "interfere" in the doctor-patient relationship and to replace it with "government enforced and controlled medical services". The position statement and the National Law (either as a whole, as enacted in the States and Territories, or in respect of s 156) are therefore said to amount to "civil conscription" contrary to s 51(xxiiiA) of the Constitution, which empowers the Commonwealth Parliament to make laws with respect to, relevantly, "medical and dental services (but not so as to authorize any form of civil conscription)". 

The applicants seek damages and various declarations, including declarations regarding the operation of s 51(xxiiiA) of the Constitution both generally and with respect to the National Law and the Commonwealth's "funding [of] the medical service of Covid-19 vaccination". 

As noted above, Gordon A-CJ directed the Registrar to refuse to issue or file the writ of summons without the leave of a Justice of the Court first had and obtained. The grounds of the application for leave to issue or file are stated in affidavits sworn or affirmed by each of the applicants. The grounds stated largely repeat or supplement the substance of the proposed writ of summons. The applicants do not advance any further argument as to why leave to issue or file should be granted. The discretion conferred by r 6.07.3 of the High Court Rules to refuse leave to issue or file a document will ordinarily be exercised where the document appears "on its face" to be "an abuse of the process of the Court, to be frivolous or vexatious or to fall outside the jurisdiction of the Court". The concept of abuse of process, which cannot be confined within closed categories, encompasses "an attempt to invoke the original or appellate jurisdiction of the High Court on a basis that is confused or manifestly untenable". Exercise of the discretion to refuse leave to issue or file a document is appropriate "only in the clearest of cases". 

It is plain on the face of the proposed writ of summons that the applicants seek to invoke this Court's jurisdiction on a basis that is "confused or manifestly untenable". Neither the proposed writ of summons, nor the affidavits filed in support of the application for leave to issue or file, disclose an arguable basis for the relief sought. The claims described in the proposed writ of summons would be an abuse of process if the document was filed. Accordingly, it should not be issued or filed.