This open letter from the Australian Privacy Foundation (APF) primarily responds to the recent Frontier software data breach, which rapidly followed on the heels of knowledge about the Ambulance SA data breach. As of yet, no publicly available response or remedial follow up has occurred in the context of the Ambulance breach, nor have affected individuals been contacted about the data loss. Read More
Privacy law reform in Australia – the good, the bad and the ugly
On 25 October 2021 the Australian government released a Discussion Paper crammed full of proposals to amend the national privacy law, as well as a Bill intended to progress certain reforms ahead of the rest. Here’s what you need to know, to help you prepare for what’s likely ahead, or to draft a submission in response to the proposals. Read More
Victorian information sharing Bill a threat to privacy
The Victorian Government’s Health Legislation Amendment (Information Sharing) Bill 2021 was rushed through its first parliamentary vote on 14 October 2021, raising many unanswered questions for patients and health care professionals in that state. Put plainly, this legislation allows agents of the Victorian Government a complete record of every Victorian person’s most sensitive and private information. The powers embodied in the Bill are unprecedented. Why does the Victorian Government need to harvest and store such a rich database of patient information? Read More
A new proposed privacy code promises tough rules and $10 million penalties for tech giants
This week the federal government announced proposed legislation to develop an online privacy code (or “OP Code”) setting tougher privacy standards for Facebook, Google, Amazon and many other online platforms. These companies collect and use vast amounts of consumers’ personal data, much of it without their knowledge or real consent, and the code is intended to guard against privacy harms from these practices. The higher standards would be backed by increased penalties for interference with privacy under the Privacy Act and greater enforcement powers for the federal privacy commissioner. However, relevant companies are likely to try to avoid obligations under the OP Code by drawing out the process for drafting and registering the code. They are also likely to try to exclude themselves from the code’s coverage, and argue about the definition of “personal information”. Read More
Attorney General’s Department releases discussion paper on reform to the Privacy Act 1988
On 25 October the Attorney General’s Department released its long awaited Privacy Act Review Discussion paper (the “Paper”). It is far from comprehensive. It avoids making recommendations about a statutory tort of privacy. Rather it continues the continual policy loop as governments of every persuasion push this issue into further review, then consultation then bury it in a report and then hope it goes away until it is recommended or otherwise finds itself before the Government. It has been a hugely expensive, time intensive waste of time. Read More
The government wants to expand the ‘digital identity’ system that lets Australians access services. There are many potential pitfalls
The federal government has been asking the public for feedback on proposed legislation to create a “trusted digital identity” system. The aim is for Australians to use it to prove their identity when accessing public services. But what will a national digital identity system actually involve, who will it serve, and if we need it, how should it be implemented? Read More
Information Commissioner issues determination into 7-Eleven Stores for APP breaches through use of facial recognition technology of unsuspecting customers
The Australian Information Commissioner has issued a very significant determination resulting from a Commissioner initiated investigation into 7-Eleven, where she found that the company had breached Australian Privacy Principle (APP) 3 and 5 of the Privacy Act 1988. Read More
Vaccination status – when your medical information is private and when it’s not
We value the idea that our medical information is private and subject to special protection and that our doctor can’t freely share it with others. Yet suddenly, it seems we might be asked to hand over information about our vaccination status in many different situations.
It might be so we can keep doing our job, go into shops and restaurants or travel. It might make us uneasy. But can we refuse to tell others our vaccination status on privacy grounds? What does the law in Australia say about who can ask for it, and why, and what they can do with it? Read More
I’d prefer an ankle tag: why home quarantine apps are a bad idea
South Australia has begun a trial of a new COVID app to monitor arrivals into the state. SA Premier Steven Marshall claimed “every South Australian should feel pretty proud that we are the national pilot for the home-based quarantine app”. But why are we developing such home-quarantine apps in the first place, when we already have a cheap technology to do this? If we want to monitor that people are at home (and that’s a big if), wouldn’t one of the ankle tags already used by our corrective services for home detention be much simpler, safer and more robust? There are many reasons to be concerned about home-quarantine apps. Read More
Police access to COVID check-in data is an affront to our privacy. We need stronger and more consistent rules in place
The Australian Information Commissioner this week called for a ban on police accessing QR code check-in data, unless for COVID-19 contact tracing purposes. State police have already accessed this data on at least six occasions for unrelated criminal investigations. We need cooperation and clarity regarding how COVID surveillance data is handled, to protect people’s privacy and maintain public trust in surveillance measures. We propose more detailed and consistent laws to be enacted throughout Australia, covering all COVID surveillance. Read More