Posting a family tree online is breaking Australian Law

Question

For those of you who do not listen to Melbourne radio, specifically ABC Melbourne Radio Station, the host Jon Faine was interviewing Prof. Janet McCalman about family history. Amongst Prof. McCalman's comments she said "people who post a family tree on the internet are breaking the Australian laws"...(she then said.something like "it's about privacy" (see below**)...."No-one is going to arrest you if you do." She then said that she had instructed her research staff who were involved in an Australian Convict History project to "disregard any information that had been posted by members of the public."

** She made no comments with regard to the age or the status of living/deceased of the individuals whose names and genealogical details had been published, so it is not possible to know whether the above remarks were intended to refer only to living people or not.

I fail to see why if it is breaking the Australian law to publish a family tree online, why it isn't also breaking the same law to publish a book containing the same genealogical information such as the Pioneers of the Riverina, and by the same token why it isn't also breaking the Australian law for an author to include details about the subject's wife and children and extended family in a biography, especially when such people are often living.

There is apparently some difference between a newspaper or a TV station having a guest in which they are asked questions about their life, such as where they were born, and which schools they went to, and what they did for their career and an individual republishing the same information in a publicly-accessible online space such as Wikipedia or Wikitree.

For anyone who is interested here is the audio recording, the discussion takes place about 90 minutes into the program and within the "Known Unknowns" segment.

http://www.abc.net.au/radio/melbourne/programs/mornings/mornings/9769364

but the audio will expire on Tuesday 29 May.

Comments

There is a tendency for academics to be quite dismissive of the research capacity of the general public. They feel threatened by other people taking over their patch.

---

What law specifically is being broken ?

---

As suspect her comment that "people who post a family tree on the internet are breaking the Australian laws" is only true in very limited circumstances - eg when you are posting info that is not in the public domain about living people.

---

The Privacy Act 1988 (Privacy Act) regulates how personal information is handled

---

The Act is under Civil Commercial jurisdiction and therefor void absent consent. The living retain the capacity to remain private, and no one can exercise any rights for another. Consent for personal information to be published publicly by third parties regardless of statutory instruments is self-evident. The dead cannot object, though copyright is to be respected.

Answer 1

My understanding is that Australia has quite tight privacy and data protection rules for living people which have an effect not too dissimilar from GDPR. Wikitree, prompted by GDPR, has substantially tightened up on the rules for how far information about living people can be added, and, if I interpret the Australian rules aright, then the new approach by Wikitree on living people is compatible with Australian law. There should, I believe, be no inhibitions about adding information about deceased Australians to Wikitree. Others more expert in Australian law (I live in the UK) can doubtless add to, or correct, what I have said in this answer.

Leaving the law aside, from an ethical point of view one should anyway never add information about living people other than oneself to a genealogical website without their explicit and fully evidenced permission, respecting their wishes - even if that information appears to be in the public domain. Some national genealogical associations - like the National Genealogical Society of the USA - have very firm guidance on this.

Comments

Michael, I have read your numerous posts in other questions relating to GDPR and elsewhere. Please tell me what is different about an unauthorised biography of a living person and/or a person publishing a family history that is available in the library containing the names and details of living people, and publishing the same information on Wikitree? Aren't they either all illegal or all permissible? Why does the method of publishing make any difference?

With regards to your other comments elsewhere on the subject, I respectfully disagree with your position, about living people being unlisted, and see nothing wrong with publishing the name and relationship of a family member, including a full date of birth which based on the former setting of "private but with public family tree" only actually showed a decade. Eg Andrew Hunter, born 1970s. I don't believe this contradicts the "we respect the privacy of others" in the Wikitree pledge because given the information that is presented to the (i) public and to (ii) other Wikitree members is very limited, I really don't believe that most people would mind this amount of information to be shared with others. Living people post all kinds of stuff about themselves on Facebook and LinkedIn etc., and yes, before you write back and say, that's them supplying their information, not a researcher entering information on their behalf, I get that there's a difference, I'm only saying this because there are a lot of people who do not seem all that concerned with having any of their personal details available for anyone who knows how to search for them.

Please explain why knowing there is someone called Andrew Hunter who was born in the 1970s is so personal, when I can find my entry in the Birth Index for Minor Returns in Scotland, by simpling creating a free account with Scotlands People, and I can find my cousins' birth entries on the Freebmd website in 1976 and 1978 respectively. I honestly fail to see what anyone could do with such information because it's incomplete and not sufficient to commit ID fraud, and why is it any different to a list like an electoral roll or a telephone directory?

---

And for the people who when I asked whether we should just ban the creation of new profiles for the living other than the entry for the member themselves, how would you respond to Deb who says "how can I connect myself to the global tree if I am not allowed to make an entries for earlier generations of my family?" as presented in this thread,

https://www.wikitree.com/g2g/615472/should-we-ban-the-creation-new-profiles-without-dates-death?show=615540#c615540

If your ethnical stance was enforced there would be no grounds to run the Notables Project, the Genealogy in the Media Project, or any other project where the focus was not solely on deceased individuals, and the number of profiles on Wikitree would be much smaller.

---

We must beg to differ on ethics. My approach on ethics is shared by the National Genealogical Society of the USA and, I think, virtually all associations of professional genealogists.

I believe extremely strongly that nobody, absolutely nobody, should publicise on the internet pesonal information about me like date of birth without my personal consent. What I choose to make public on eg social media is my own choice (and I am pretty tight on what I share). Yes, there is some information in the public domain but that does not mean I am happy about people publicly connecting information up on a genealogical website. I am afraid it seems to me not just discourteous but also immoral for anyone to create a Wikitree profile for me without my permission and without giving me control over what information is included.

You should never never assume that people are happy to have any information about them - even if it appears to be from public sources - put on Wikitree or any other genealogical site.

There are of course widespread warnings about not making personal information available on the internet. Some people are more concerned than others about increasing the risks of eg identity theft. That is another reason why I believe nobody, but nobody, should add personal information about someone else to a genealogical website without explicit evidenced permission.

The GDPR principle that each living individual should have full control is absolutely right. Giving them that control was actually part of the Wikitree honor code before GDPR.

Here on Wikitree we share enthusiasm for genealogy. But that enthusiasm should not stop us doing what is right and decent and going out of our way to make sure we respect others’ wishes on information about them. As the honor code makes clear, it is those wishes that must be paramount, whether or not there are also legal concerns.

As far as Australia goes - subject to correction by Australians who will know more than I do - I think I am right that people’s birth dates are protected by the Australian rules on privacy and data protection.

---

Michael, I've just re-read the Honor Code and I cannot see anywhere where it says or suggests that "each living individual should have full control (of their profile)".

The only bit that is relevant is,

"We respect privacy. We privacy-protect anything we think our family members might not want public. If that's not enough for someone, we delete their personal information."

The latter statement to me does not equate with each person only managing their own profile. It would not be possible to build a tree because not everybody in the tree would consent to their information being shared. You'd just have a bunch of single profiles that could never be connected until everyone was deceased.

Can other people please share their thoughts?

---

Andrew, think. How can you give people an opportunity to say they want their information deleted without making sure they know what is being put on Wikitree? Unless you ask them, how do they know anything about them is going on Wikitree? Making that part of the honor code effective MUST mean consulting them and giving them control over what if any information about them goes on Wikitree. Otherwise it is meaningless. This is of course different from the technical question of who is profile manager.

And, above all, for me this is about trying to be a decent moral person. I know you take a different stance, as will some others, and that we will never agree. But my own views are absolutely firm. I have said my piece on this more than once, and there has been loads of discussion in the main GDPR thread, and I will not be prolonging this debate between us.

---

I agree with Michael, I do not think it ethical to share genealogical information on anyone living  without their explicit consent. I would have objected if I had found that I was on this site without my permission. (we occasionally see that others also object when they find that they or their parents have already had profiles created by unknown strangers) I don't appear in the public edition of the electoral roll or the  telephone directory either,  the right not to be in the telephone directory in the UK goes back at least 50 years.  

It doesn't prevent a family tree being created, I have home software that includes my living family but my ancestry trees start with my grandparents not me.  On here, my husband was private with virtually no information on his profile, he  is now unlisted.  It doesn't stop  connections with other branches, they just start from his parents. I was able to discover a 2nd cousin and a couple of  more distant ones through DNA and a knowledge of my ancestry but I  certainly didn't feel it right to create their profiles or their parent's profile on here.

Public figures are different  and I believe (not a lawyer) that information that public figures have released (or has been released ) into the public domain is not subject to the privacy laws. The Queen still has her website and indeed the order of inheritance is necessarily public knowledge, her public life is very visible. I cannot see that there is any necessity to make these  very public persona profiles unlisted.Wikipedia, though has very many less 'public' personas, perhaps people only famous in a very specific field. I do not see why they should not also the right to protect personal data that is irrelevant to their 'notability'  (I also admit that I don't 'get' the interest in making 'connections' with them or in finding extremely distant relationships with them)

---

It's not really about whether somebody can start with your identity and find information about you.  It's more about whether they can start with a category and obtain a list of people in that category.

---

Helen, thanks. I agree with what you say about basic information about Notables. Where they have published information themselves or clearly consented to it being public, GDPR allows such information to be published further - and I think it likely that Wikitree will be reviewing policy on that in due course. But there are rights to privacy for Notables even for information from the past that was in the public domain at the time, as some high profile court cases have shown.

As an aside, one part of the background to my strong stance is that I have close family members keen to keep their internet traces to a minimum, including in relation to information that is publicly available. I have not asked them, but am sure they would not want anything about them on Wikitree, and I respect their wishes. I think it very likely that there are slightly more distant family members who would have the same attitude. I would never think it right to presume on anyone’s wishes.

Answer 2

Anyone can access Australia's Privacy Principles here https://www.oaic.gov.au/privacy-law/privacy-act/australian-privacy-principles. These have been around in one form or another since 1988 and applies to all living people. In short, under Australian law, private information is defined as ‘Information or an opinion about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not.'

The Australian Privacy Act gives individuals the right to 'know why your personal information is being collected, how it will be used and who it will be disclosed to'. In the case of Wikitree, the "who it will be disclosed to" is everyone on the internet, unless the profile is unlisted. 

Technically, individuals acting in their own capacity are not covered by Australian privacy laws, so collecting personal information and storing it in a private tree is OK for genealogists. Wikitree however is not an individual, it is a business entity, so Australian Privacy Laws would almost certainly apply where Australian living people are concerned. Australian's would therefore have the right to request any information held about them, be not only made unlisted, but be removed. The same would be true of all other family history sites.

As the wikitree honor code includes a requirement for privacy to be respected and in a way makes us agents of Wikitree, then it is reasonable to assume that we have no legal right to publish information about living people without their express consent. A lawyer would need to provide a definitive recommendation on this last point to be sure, but caution should be taken until proven otherwise.

Re the questions here about university researchers and journalists, they are currently excluded from the Australian Privacy Act, which is why they are able to publish information about living people.

​In Australia we love to use the term "will it pass the pub test?" or "BBQ test". Ask yourself honestly, if you asked a friend or relative "do you mind if I put your full Name, place and decade of birth on the internet for anyone to see?" would they say "yes, sure" or look at you in horror? What about if you added "oh and can I also create an online association between you and that shady relative you don't like to tell people about? Does it really pass the pub test to publish someone else's personal information online without their express permission, legally or not?