In response to Australia’s biggest ever data breach, the federal government will temporarily suspend regulations that stop telcos sharing customer information with third parties. But it’s still only a remedial measure, intended to be in place for 12 months. More substantive reform is needed to tighten Australia’s loose approach to data privacy and protection. Read More
Optus says it needed to keep identity data for six years. But did it really?
Among the many questions raised by the Optus data leak is why the company was storing so much personal information for so long. Optus has said it is legally required to do so. But your name, address and account reference number should be all it needs for this, not your passport, driver’s licence or Medicare details. The only clear legal requirement for it to keep “information for identification purposes” comes from the Telecommunications (Interception and Access) Act 1979, which requires that identification information and metadata be kept for two years (to assist law enforcement and intelligence agencies). Read More
I’ve given out my Medicare number. How worried should I be about the latest Optus data breach?
Medicare card numbers are the latest personal details to be exposed as part of the Optus data breach. Optus has confirmed this affects 14,900 valid Medicare numbers that have not expired, and a further 22,000 expired card numbers. But this isn’t the first time Australians’ Medicare numbers have been exposed. And some privacy and cybersecurity experts have long been concerned about the security of our health data. Here’s what you can do if you’re concerned about the latest Medicare breach, and what needs to happen next. Read More
Optus customers, not the company, are the real victims of massive data breach
Optus executives are paid millions to ensure that, among other things, customer data is safe. These are the people who should be held accountable for the data breach. Straight after the breach, Optus made claims that it was “not currently aware of any customers having suffered harm”. This suggests that Optus doesn’t consider the widespread damage to people’s privacy harmful. This is wrong. Read More
This law makes it illegal for companies to collect third-party data to profile you. But they do anyway
A little-known provision of the Privacy Act makes it illegal for many companies in Australia to buy or exchange consumers’ personal data for profiling or targeting purposes. It’s almost never enforced. The burning question is: why is there not a single published case of this law being enforced against companies “enriching” customer data for profiling and targeting purposes? Read More
What do TikTok, Bunnings, eBay and Netflix have in common? They’re all hyper-collectors
You walk into a shopping centre to buy some groceries. Without your knowledge, an electronic scan of your face is taken by in-store surveillance cameras and stored in an online database. Each time you return to that store, your “faceprint” is compared with those of people wanted for shoplifting or violence. This might sound like science fiction but it’s the reality for many of us. By failing to take our digital privacy seriously – as former human rights commissioner Ed Santow has warned – Australia is “sleepwalking” its way into mass surveillance. Read More
Even if TikTok and other apps are collecting your data, what are the actual consequences?
By now, most of us are aware social media companies collect vast amounts of our information. By doing this, they can target us with ads and monetise our attention. The latest chapter in the data-privacy debate concerns one of the world’s most popular apps among young people – TikTok. Yet anecdotally it seems the potential risks aren’t really something young people care about. Some were interviewed by The Project this week regarding the risk of their TikTok data being accessed from China. They said it wouldn’t stop them using the app. “Everyone at the moment has access to everything,” one person said. Another said they didn’t “have much to hide from the Chinese government”. Are these fair assessments? Or should Australians actually be worried about yet another social media company taking their data? Read More
Facial recognition is on the rise – but the law is lagging a long way behind
Private companies and public authorities are quietly using facial recognition systems around Australia. Despite the growing use of this controversial technology, there is little in the way of specific regulations and guidelines to govern its use. Read More
Insurance firms can skim your online data to price your insurance — and there’s little in the law to stop this
What if your insurer was tracking your online data to price your car insurance? Seems far-fetched, right? Yet there is predictive value in the digital traces we leave online. And insurers may use data collection and analytics tools to find our data and use it to price insurance services. Looking at several examples from customer loyalty schemes and social media, we found insurers can access vast amounts of consumer data under Australia’s weak privacy laws. Read More
ACCC says consumers need more choices about what online marketplaces are doing with their data
Consumers using online retail marketplaces such as eBay and Amazon “have little effective choice in the amount of data they share”, according to the latest report of the Australian Competition & Consumer Commission (ACCC) Digital Platform Services Inquiry. The report reiterates the ACCC’s earlier calls for amendments to the Australian Consumer Law to address unfair data terms and practices. However, none of these proposals is likely to come into effect in the near future. In the meantime, we should also consider whether practices such as obtaining information about users from third-party data brokers are fully compliant with existing privacy law. Read More