The Law Council of Australia has recommended that a new bill that will allow the immigration department to collect biometric data to not be passed before it undergoes a proper assessment by the privacy commissioner regarding its impact, according to a report. The move comes a few weeks after the bill’s introduction, which will allow Australian authorities to collect biometric data from children as well as enable airport border control to perform mobile fingerprint checks on individuals suspected of being foreign fighters with fake passports,
Recently, representatives of the Law Council appeared before a Senate inquiry into the Migration Amendment (Strengthening Biometrics Integrity) Bill 2015, which is being conducted by the Senate Legal and Constitutional Affairs Legislation Committee. Olga Ganopolsky, the chair of the Law Council’s Privacy Law Committee, told a Sydney hearing of the Senate inquiry that the new biometric collection rules would negatively impact the travel and privacy of citizens who do not pose any threat to national security. “This has the potential to impact on the travel and privacy of citizens who might not be suspected of contravening any Australian law or pose a risk to national security,” Ganopolsky said.
In its written submission to the inquiry, the Law Council states that “the power to prescribe both a purpose for which personal identifiers may be collected and the collection of biometric data via regulation raises the potential for the scheme to go beyond the initial intention of the Bill and the Migration Act, without adequate parliamentary scrutiny.”
“Permitting the purposes and collection of biometric data to be increased by regulation is not sufficiently defined to allow people to know the extent of the restrictions on their rights and freedoms and for them to know their legal.”
The Law Council has made several recommendations for possible amendments to the bill, including providing “additional security measures reflecting the sensitivity of the information collected and expressly address the requirement to notify the individual and Privacy Commissioner for data breach notification in the event of a breach”.