FOIREQ19/00187 001
Amanda Nowland
From:
Cate Cloudsdale
Sent:
Friday, 26 July 2019 3:18 PM
To:
xxxxxxxxx@xxxxxxxx.xxx
Cc:
Caren Whip
Subject:
AR19/00029 - Reasons for finding in PRIV COMP 19/00001 [SEC=UNCLASSIFIED]
Security Classification:
UNCLASSIFIED
Dear O Wendell
Thank you for your patience in awaiting my response to your query. I have treated this is a request for
administrative access to information held by the OAIC.
You have asked for me to provide reasoning to support my statement in my letter of 18 April 2019 that I considered
there to be no breach of s 95B in the OAIC agreeing to the terms of service with Hotjar.
My reasoning is:
1) the terms of the agreement with Hotjar did not authorise Hotjar to engage in an act or practice that would
breach the Australian Privacy Principles, if it were the OAIC that had engaged in the act/practice.
2) the terms of the agreement contained a provision which ensured that a subcontractor of Hotjar would not
be authorised by a subcontract (with Hotjar) to engage in an act or practice that would breach the Australian
Privacy Principles, if it were the OAIC that had engaged in the act/practice. The terms included
confidentiality provisions and stated that information the OAIC provided to Hotjar would only be disclosed
in accordance with its Privacy Policy. The Privacy Policy includes a provision stating that Hotjar's contractors
are contractually bound to process personal data only in accordance with Hotjar's instructions.
Regards
Cate Cloudsdale | Senior Lawyer
Legal Services
Office of the Australian Information Commissioner
GPO Box 5218 Sydney NSW 2001 | oaic.gov.au
+61 2 8231 4249 | xxxx.xxxxxxxxxx@xxxx.xxx.xx
|
|
|
Subscribe to Information Matters
From: xxxxxxxxx@xxxxxxxx.xxx <xxxxxxxxx@xxxxxxxx.xxx>
Sent: Thursday, 18 April 2019 7:31 PM
To: Cate Cloudsdale <xxxx.xxxxxxxxxx@xxxx.xxx.xx>
Subject: Re: RE: Privacy complaint - OAIC and Hotjar [SEC=UNCLASSIFIED]
Thanks for this - are you able to provide reasoning for your statement that "I do not consider that the OAIC has
breached s 95B in this instance"? The terms of s.95B seem pretty clear, as are the terms of the OAIC's agreement
with Hotjar?
--
Securely sent with Tutanota. Get your own encrypted, ad-free mailbox:
https://tutanota.com
1
FOIREQ19/00187 002
Apr 18, 2019, 5:49 PM by xxxx.xxxxxxxxxx@xxxx.xxx.xx:
Dear O Wendell
Please see attached correspondence in response to your privacy complaint.
Regards
To help protect you r priv acy, Microsoft Office prevented automatic
download of this pictu re from the Internet.
Cate Cloudsdale | A/g Principal Lawyer
O A I C logo
Legal Services
Office of the Australian Information Commissioner
GPO Box 5218 Sydney NSW 2001 | oaic.gov.au
+61 2 8231 4249 | xxxx.xxxxxxxxxx@xxxx.xxx.xx
From: xxxxxxxxx@xxxxxxxx.xxx <xxxxxxxxx@xxxxxxxx.xxx>
Sent: Wednesday, 20 March 2019 8:01 PM
To: Enquiries <xxxxxxxxx@xxxx.xxx.xx>
Subject: Privacy complaint - OAIC and Hotjar
Hi OAIC
On March 19 2019 I lodged a privacy complaint under the privayc Act about the OAIC and Hotjar - see here:
https://www.righttoknow.org.au/request/oaic_and_hotjar
Today, Megan McKenna responded that I can't make a privacy complaint through the rightoknow website
and I need to do it via email. So that's what I'm doing. My complaint and all the relevant info is at the link
above but let me know if you need anything further.
2
FOIREQ19/00187 003
***********************************************************************
WARNING: The information contained in this email may be confidential.
If you are not the intended recipient, any use or copying of any part
of this information is unauthorised. If you have received this email in
error, we apologise for any inconvenience and request that you notify
the sender immediately and delete all copies of this email, together
with any attachments.
***********************************************************************
3