Peter Clarke – Australian Privacy Foundation

Australian Competition and Consumer Commission releases 4th interim report as part of its Digital Platform Services Inquiry, raising privacy issues on collection of data

Peter Clarke — Thu, 28 Apr 2022 22:25:12 +0000

Yesterday the Australian Competition and Consumer Commission (“ACCC”) yesterday released Interim Report No s – General online retail marketplaces. The report necessarily deals with the issue of data collection and privacy. It does not contain any new insight or previously unknown fact or issue however it does synthesise and summarise the relevant issues. All too often these issues are not considered with this level of focus. Read More

Attorney General’s Department releases discussion paper on reform to the Privacy Act 1988

Peter Clarke — Wed, 27 Oct 2021 10:13:30 +0000

On 25 October the Attorney General’s Department released its long awaited Privacy Act Review Discussion paper (the “Paper”). It is far from comprehensive. It avoids making recommendations about a statutory tort of privacy. Rather it continues the continual policy loop as governments of every persuasion push this issue into further review, then consultation then bury it in a report and then hope it goes away until it is recommended or otherwise finds itself before the Government. It has been a hugely expensive, time intensive waste of time. Read More

Information Commissioner issues determination into 7-Eleven Stores for APP breaches through use of facial recognition technology of unsuspecting customers

Peter Clarke — Tue, 19 Oct 2021 07:20:30 +0000

The Australian Information Commissioner has issued a very significant determination resulting from a Commissioner initiated investigation into 7-Eleven, where she found that the company had breached Australian Privacy Principle (APP) 3 and 5 of the Privacy Act 1988. Read More

Today is data privacy day…a lot more work to do beyond reminding people of the need to keep data private and secure

Peter Clarke — Thu, 28 Jan 2021 02:00:54 +0000

Thursday 28 January 2021 is Data Privacy Day. It is also the 40th anniversary of Convention 108 and the 15th edition of the Data Protection Day. Read More

Significant data breach from Ambulance Tasmania through interception of its paging service with data of patients who contact ambulances published on line

Peter Clarke — Fri, 08 Jan 2021 02:00:35 +0000

Ambulance Tasmania has suffered a massive data breach. According to the ABC, personal information of every Tasmanian who called the Tasmanian Ambulance Service since November 2020 has been accessed and posted on line by a third party. The specific nature of the breach is unknown but it was to the paging system. What makes this breach so damaging is that the data accessed is sensitive information, relating to a person’s health status as well as that person/s age, gender and address. What is both surprising and disturbing is that the data hacked from Ambulance Tasmania has been publicly visible since November last year. Read More

Cyber attack at BlueScope Steel and MyBudget highlights a chronic problem facing businesses, particularly those with poor privacy protocols

Peter Clarke — Sat, 16 May 2020 11:20:53 +0000

This year has seen some major cyber attacks which have crippled businesses. The malware attacks affecting Toll Transport, Bluescope Steel and MyBudget were probably all preventable. It is highly likely that human error was responsible for each attack. That bespeaks a failure in training and operations. An investigation of a data breach often reveals significant problems with compliance with the Australian Privacy Principles and problems with either the quality or the ongoing nature of training. Read More

Australian Information Commission v Facebook Inc [2020] FCA 531 (22 April 2020): application for service outside of Australia, the Commissioner’s prima facie case. The opening round in the first civil proceeding for breach of the Privacy Act by the Commissioner

Peter Clarke — Sun, 26 Apr 2020 21:15:45 +0000

On 23 April 2020 in Australian Information Commission v Facebook Inc the Australian Information Commissioner successfully obtained interim suppression and non publication orders and orders to serve outside Australia and substituted service against Facebook Inc. This is the first of what is likely to be a number of interlocutory judgments as the civil penalty proceedings slowly move towards a hearing. Read More

Indian Supreme Court rules that individual privacy is a fundamental right. Another jurisdiction acknowledges a right to privacy… but still not Australia

Peter Clarke — Sun, 27 Aug 2017 07:11:39 +0000

The Indian Supreme Court, in a unanimous decision of Justice K S Puttaswamy (Retd) & anor v Union of India & ors, has today found that individual privacy is a fundamental right. It is a comprehensive decision running to 547 pages and 5 years in gestation. Even so India has recognised such a right ahead of Australia.

This event has been reported by Reuters with India’s top court rules privacy a fundamental right in blow to government, the Hindustantimes with Supreme Court verdict on right to privacy: All you need to know about the case, arguments and what’s next and Indian Supreme Court in landmark ruling on privacy (among others).

The BBC article provides:

India’s Supreme Court has ruled that citizens have a fundamental right to privacy, in a landmark judgement.

The judges ruled the right to privacy was “an intrinsic part of Article 21 that protects life and liberty”.

The ruling has implications for the government’s vast biometric ID scheme, covering access to benefits, bank accounts and payment of taxes.

Rights groups are concerned personal data could be misused. The authorities want registration to be compulsory.

The verdict overturns two previous rulings by the top court which said that privacy was not a fundamental right.

The nine-judge bench, comprising all the sitting judges in the Supreme Court was necessary because one of the earlier rulings made in 1954, was delivered by an eight-judge bench.

Analysis by Geeta Pandey, BBC News, Delhi

The Supreme Court verdict is a huge setback for the government which has insisted that privacy is not an inalienable fundamental right guaranteed under the constitution.

When the Aadhaar database was launched, the authorities said it would be a voluntary scheme which would help them weed out corruption while passing on welfare benefits to the most needy citizens.

But in the past couple of years, it has been made mandatory for filing tax returns, opening bank accounts, securing loans, buying and selling property or even making purchases of 50,000 rupees ($780; £610) and above.

The petitioners had said this would help the authorities create a comprehensive profile of a person’s spending habits and expressed apprehension that this data could be misused by a government which does not believe in people’s right to privacy.

During the hearing of the case, the government’s lawyers had told the court that citizens did not have absolute right over their bodies which meant that people could be forced to give their biometrics.

Alarmed citizens can now breathe a sigh of relief – as one legal expert said, Thursday’s order recognises the right of a citizen to be the master of his body and mind.

As of today India has better privacy protections from the courts than Australia.

The development of the common law regarding privacy in Australia has been slow and, in the main, excruciating. In the 2001 decision of ABC v Lenah Game Meats Pty Ltd the High Court left open the possibility, only, of a possible common law right to privacy though more likely a development of an equitable claim of misuse of private information. The Victorian Court of Appeal in Giller v Procopets recognised both an equitable claim for misuse of private information and that it is not necessary to prove psychological damage. Distress was sufficient. That was where the United Kingdom Law was 10 years plus ago. It is a complicated cause of action which is not well suited to the issues thrown up by privacy breaches.

In 2015 the United Kingdom moved away from an equitable claim of misuse of private information to a fully functioning tort in the Court of Appeal decision of Google Inc v Vidal – Hall & ors. That made sense and allowed the court to set out elements of the cause of action that are more fair to both plaintiffs and defendants. Unfortunately it is unlikely that superior courts in Australia will adopt this course.

At a state level in Victoria the consideration by the Victorian Civil and Administrative Tribunal (“VCAT”) of claims under the Information Privacy Act and later Privacy and Data Protection Act, for interference with a person’s privacy by government agencies or related service providers, has focused on and generally descended into a morass of administrative law arcana. The analysis adopted in these cases often defies easy understanding if one has a background in privacy law and understanding of the privacy legislation. Cases seem to become swamped by minutiae of process, the preferred implement from the administrative tool box as invariably advocated by government agencies. This is not what the privacy legislation should be about. It is little wonder that there are so few successful claims before VCAT. And that will likely to remain so if this privacy litigation remains in the maw of administrative law.

This piece was first published at Illigitimi non carborundum, the personal blog of APF Board Member Peter Clarke. Read the original here: https://www.policyforum.net/privacy-postal-plebiscite/