Privacy (International Money Transfers) Temporary Public Interest Determination 2014 (No. 2)
I, Timothy Pilgrim, Privacy Commissioner, make the following temporary public interest determination under subsection 80A(2) of the Privacy Act 1988 (Privacy Act).
Dated: 13 May 2014
1 Name of temporary public interest determination
This temporary public interest determination (TPID) is the Privacy (International Money Transfers) Temporary Public Interest Determination 2014 (No. 2).
This TPID is made under subsection 80A(2) of the Privacy Act 1988 (Privacy Act).
This TPID takes effect on the day following the day of its registration in the Federal Register of Legislative Instruments maintained under section 20 of the Legislative Instruments Act 2003.
This TPID expires at the end of 12 months from the day it commences as if it had been repealed by another instrument unless ceased earlier because of subsection 80D(2) of the Privacy Act.
Terms defined in the Privacy Act have the same meanings in this TPID.
6 Application for a public interest determination
(1) The Reserve Bank of Australia (RBA) is an APP entity under subsection 6(1) of the Privacy Act.
(2) The RBA has applied under section 73 of the Privacy Act for a public interest determination in relation to the acts and practices set out in section 7 below.
7 International money transfer processing
(1) The disclosure of the personal information about an individual to an overseas recipient by the RBA breaches or may breach Australian Privacy Principle (APP) 8.1 where:
(a) the RBA, in conduction its banking business under the Banking Act 1959 (section 8(1)), and under the Reserve Bank Act 1959 (sections 26 and 27), processes an international money transfer (IMT) on behalf of one of its customers, and
(b) in order to process the IMT, the RBA discloses personal information of the individual who is the beneficiary of the IMT (beneficiary) to another financial institution that is not in Australia or an external Territory (overseas financial institution) for the purpose of remitting the relevant funds, to the beneficiary’s financial institution for payment.
(2) The acts and practices set out in subsection (1) above may also lead to the RBA breaching other APPs (other than APP 1) by reason of the application of subsection 16C(2) of the Privacy Act if the overseas financial institution does an act, or engages in a practice, in relation to the information that would be a breach of an APP (other than APP 1) if the APPs applied to that act or practice.
8 Public Interest
(1) The public interest in the RBA carrying out the acts and practices set out in section 7 above outweighs to a substantial degree the public interest in adhering to APP 8.1 or the RBA being taken to have breached an APP (other than APP 1) as a result of the acts of practices of the overseas financial institution where:
(a) It is not practical for the RBA to rely on the exceptions set out at APP 8.2(a) or APP 8.2(b) when disclosing the personal information
(b) the other exceptions in APP 8.2 are not relevant to the disclosure of the personal information
(c) the RBA takes a number of steps to ensure the security and confidentiality of the personal information disclosed, and
(d) the nature of the arrangements that support and facilitate the processing of IMTs means that the RBA is not in a position to take additional steps to comply with APP 8.1 before disclosing the personal information.
(2) For the purpose of paragraph 8(1)(a) above, it may not be practical for the RBA to rely on the exception at APP 8.2(a) when engaging in the acts and practices set out in section 7 due to:
(a) the potentially large number of overseas locations to which the personal information may be disclosed, and
(b) the RBA not having any relationship with the beneficiary, or the means to establish that relationship, in order to gain the beneficiary’s consent to the disclosure of the personal information.
9 Temporary public interest determination
(1) The RBA’s application raises issues that require an urgent decision.
(2) Accordingly, by operation of subsection 80B(1) of the Privacy Act the RBA is taken not to breach section 15 of the Privacy Act if:
(a) the RBA breaches APP 8.1 when engaging in the acts and practices set out in section 7 above, or
(b) an overseas financial institution does an act, or engages in a practice, in relation to the personal information disclosed to it by the RBA in the course of the RBA doing the acts or engaging in the practices set out in section 7 above, that would be a breach of an APP (other than APP 1) if the APPs applied to that act or practice
while this TPID is in effect.