Instagram’s privacy updates for kids are positive. But plans for an under-13s app means profits still take precedence

Facebook recently announced significant changes to Instagram for users aged under 16. New accounts will be private by default, and advertisers will be limited in how they can reach young people.
The new changes are long overdue and welcome. But Facebook’s commitment to childrens’ safety is still in question as it continues to develop a separate version of Instagram for kids aged under 13. Read More

Police debacle leaves the McGowan government battling to rebuild public trust in the SafeWA app

QR code contact-tracing apps are a crucial part of our defence against COVID-19. But their value depends on being widely used, which in turn means people using these apps need to be confident their data won’t be misused.
That’s why this week’s revelation that Western Australian police accessed data gathered using the SafeWA app are a serious concern. Read More

Commonwealth Health Department going for data grab under cover of COVID

While Australia is focussed on COVID, the government acts to quietly collect our personal health data. The Department of Health funded project, Primary Health Insights, has been uploading detailed health records from GP databases. While almost 10% of Australians opted out of My Health Record, most may be unaware they are giving consent to their default data upload, when they sign the patient registration form to see their own doctor. Read More

ACIC thinks there are no legitimate uses of encryption. They’re wrong, and here’s why it matters.

Australia’s parliament is considering legislation to give new powers to the Australian Criminal Intelligence Commission (ACIC) and the Australian Federal Police. These powers will allow them to modify online data, monitor network activity, and take over online accounts in some circumstances. Last week, in a submission to parliament regarding the proposed powers, ACIC made an inaccurate and concerning claim about privacy and information security. ACIC claimed “there is no legitimate reason for a law-abiding member of the community to own or use an encrypted communication platform”. Encrypted communication platforms, including WhatsApp, Signal, Facetime and iMessage, are in common use, allowing users to send messages that can only be read by the intended recipients. There are many legitimate reasons law-abiding people may use them. And surveillance systems, no matter how well-intentioned, may have negative effects and be used for different purposes or by different people than those they were designed for. Read More

APF Newsletter 7 May 2021

We regret the 10-month delay since the most recent Newsletter!
The Board has remained very busy throughout, with about 20 submissions made during that period.
These included a very substantial response to the Issues Paper published by the Attorney-General’s Department in relation to the (non-independent) review it is conducting of the Privacy Act. The scope was very broad, and it accordingly involved a team of contributors, led by Prof. Graham Greenleaf. Read More

NSW Police want access to Tinder’s sexual assault data. Cybersafety experts explain why it’s a date with disaster.

In a recent development, New South Wales Police announced they are in conversation with Tinder’s parent company Match Group (which also owns OKCupid, Plenty of Fish and Hinge) regarding a proposal to gain access to a portal of sexual assaults reported on Tinder. The police also suggested using artificial intelligence (AI) to scan users’ conversations for “red flags”. Tinder already uses automation to monitor users’ instant messages to identify harassment and verify personal photographs. However, increasing surveillance and automated systems doesn’t necessarily make dating apps safer to use. Read More

MEDIA RELEASE: Every 3 minutes Australian health services collect 400 data points of up to 25m patients’ medical records

Primary Health Networks (PHNs) have been collecting 400 data points of up to 25 million Australian patient health records since August 2019. The records are apparently deidentified, but as science has long demonstrated, can be later identified so that criminal agents may collect 400 pieces of information about you from this information. Your General Practice asks for your consent to do this by bundling the authority into imprecise packages of tick-box styled general statements. By consenting to be treated by your usual doctor, patients also consent to link information from their confidential medical consult to information stored by health authorities. Read More

ACCC ‘world first’: Australia’s Federal Court found Google misled users about personal location data

The Federal Court has found Google misled some users about personal location data collected through Android devices for two years, from January 2017 to December 2018. Other companies too should be warned that representations in their privacy policies and privacy settings could lead to similar liability under the ACL. But this won’t be a complete solution to the problem of many companies concealing what they do with data, including the way they share consumers’ personal information. Read More