Margarita Vladimirova, PhD in Privacy Law and Facial Recognition Technology, Deakin University The morning started with a message from a friend: “I used your photos to train my local version of Midjourney. I hope you don’t mind”, followed up with generated pictures of me wearing a flirty steampunk costume. I did in fact mind. I… Read More

Fertility apps collect deeply sensitive data about consumers’ sex lives, health, emotional states and menstrual cycles. And many of them are intended for use by children as young as 13. An analysis by UNSW’s Katharine Kemp has uncovered a number of concerning practices by these apps including: confusing and misleading privacy messages, a lack of choice in how data are used, inadequate de-identification measures when data are shared with other organisations, and retention of data for years even after a consumer stops using the app, exposing them to unnecessary risk from potential data breaches. Read More

In the recently released Privacy Act Review Report, the Attorney-General’s Department makes numerous important proposals that could see the legislation, enacted in 1988, begin to catch up to leading privacy laws globally. However, the report’s proposals on targeted advertising don’t properly address the power imbalance between companies and consumers. Instead, they largely accept a status quo that sacrifices consumer privacy to the demands of online targeted ad businesses. Read More

Ausma Bernot, PhD Candidate, School of Criminology and Criminal Justice, Griffith University A group of researchers studied 15 months of human mobility movement data taken from 1.5 million people and concluded that just four points in space and time were sufficient to identify 95% of them, even when the data weren’t of excellent quality. That… Read More

Among the many questions raised by the Optus data leak is why the company was storing so much personal information for so long. Optus has said it is legally required to do so. But your name, address and account reference number should be all it needs for this, not your passport, driver’s licence or Medicare details. The only clear legal requirement for it to keep “information for identification purposes” comes from the Telecommunications (Interception and Access) Act 1979, which requires that identification information and metadata be kept for two years (to assist law enforcement and intelligence agencies). Read More

A little-known provision of the Privacy Act makes it illegal for many companies in Australia to buy or exchange consumers’ personal data for profiling or targeting purposes. It’s almost never enforced. The burning question is: why is there not a single published case of this law being enforced against companies “enriching” customer data for profiling and targeting purposes? Read More

You walk into a shopping centre to buy some groceries. Without your knowledge, an electronic scan of your face is taken by in-store surveillance cameras and stored in an online database. Each time you return to that store, your “faceprint” is compared with those of people wanted for shoplifting or violence. This might sound like science fiction but it’s the reality for many of us. By failing to take our digital privacy seriously – as former human rights commissioner Ed Santow has warned – Australia is “sleepwalking” its way into mass surveillance. Read More

Private companies and public authorities are quietly using facial recognition systems around Australia. Despite the growing use of this controversial technology, there is little in the way of specific regulations and guidelines to govern its use. Read More