AUSTRALIA’S banks could soon be able to use an increasingly sophisticated tool called a “snoopers charter” to access sensitive information in the face of legal challenge, under legislation the Government says will give them even more control over how customers are dealt with.
The Bill, which the Government has been hammering out since last week, would give Australia’s banks the ability to apply for a “permission” to use “a code that would require them to access the data held in a bank account”.
It is a broad new law that would allow the Government to demand access to customers’ banking information without being forced to disclose the information or even the name of the bank, as is currently the case with most data requests by law enforcement agencies.
The Government has long sought to crack down on the use of “sophisticated tools” by financial institutions in the name, “investigations” and “threats” of criminals.
The bill would give banks “permissions” to disclose any data held by customers without requiring them to reveal the identities of the companies that hold that data.
The information, which would be kept by the bank’s customer service provider, could include customer names, bank accounts, credit card numbers, payment card details and other data held on the customer.
The legislation also would allow banks to demand “assistance” from third parties to access customers’ financial information without requiring the companies to reveal their identities.
The new powers would be available to banks under the Telecommunications Act and the Crimes Act 1900, which allow the Federal Government to issue “permits” to conduct surveillance or to access information about a person without a warrant or court order.
The power to issue the permission would come with a mandatory penalty of up to $1 million per offence.
Under the new legislation, financial institutions could also ask the Department of Justice for permission to access customer data without a court order or warrant, in response to an application for permission by a third party, and without informing the customer of the request.
“These permits could be used by financial services providers to obtain information about the financial status of customers, including information about their credit, debit or credit card transactions, bank statements and other financial records,” the Government said.
The government said it was “seeking to improve and strengthen the integrity of Australian banking”.
“While we have a long way to go, we are confident we can achieve this objective through the appropriate legislation,” Mr Dutton said.
“We believe these new powers will help banks operate in a more efficient and efficient way, ensuring their customers’ safety.”
But Privacy Commissioner David Smith said the bill was not a complete solution to the issue of financial privacy.
“The Bill is about allowing banks to obtain access to data without being required to reveal who has the right to access that data,” he said.
“The proposed legislation is still far too broad to be effective.
It is not going to work because the Government is still in the process of finalising a number of details of the Bill, and there is a very long way until it gets into law.”
Privacy Commissioner Smith said banks would have to comply with all of the new powers before they could get access to customer data, including those requiring them “to make reasonable efforts” to “protect the integrity” of their systems.
“It is clear that these changes are designed to increase the ability of banks to access data from their customers without any meaningful protection against third parties,” he told the ABC.
The privacy commissioner also questioned the Government’s reliance on the “scooper’s” charter, which allows banks to use a “code” to obtain data without providing any information about which companies have access.
“This code is not a comprehensive set of rules, and it does not require a court to issue a warrant,” he added.
“In practice, a number companies will use a ‘scoop’ code in their requests to obtain customer data.”
Mr Smith said a court could grant permission to a third-party company that could “use a code to access a bank’s data”.
“This is a loophole in the existing law, and in practice this loophole will allow companies to use it,” he warned.
The Australian Bankers Association said the proposed changes would not help financial institutions achieve “fair, responsible and transparent” customer service.
“Achieving a balance between privacy and protecting customer information is essential for banks and other businesses,” a spokeswoman said.
Ms Clements said the new law would “seriously impact” the integrity and reliability of Australian banks.
“Banks have long had the responsibility to protect customers’ data, and we’re working hard to ensure that banks’ data practices are transparent, effective and meet all the obligations of trust and accountability,” she said.