Australia is a country that prides itself on the importance of fairness, but unlike the UK and most European countries we are yet to embed the concept across the law that protects our personal data.
Subscribe now for unlimited access.
$0/
(min cost $0)
or signup to continue reading
Our personal information goes to the essence of who we are. And in an age when personal data knows no borders, and malicious and criminal cyber attacks on data stores are on the rise, it is more important than ever to protect our citizens' information privacy.
This fundamental but not absolute human right is upheld in Australia's Privacy Act 1988. The Act covers businesses with a turnover of more than $3 million, private health service providers, Australian government agencies and some other sectors. It requires these organisations to take reasonable steps to secure the personal information they collect.
But it only specifies that it must be collected by fair and lawful means. There is no broader obligation for organisations to then use and disclose our personal information fairly.
The advanced technology and complex data practices we experience daily could not have been foreseen when the Privacy Act was introduced three decades ago. So the Australian government's current review of the Privacy Act is an opportunity to make our national privacy framework fit for purpose in the digital era, and embed fairness and accountability at its centre.
We can no longer rely just on notice and consent, putting the burden on individuals to decipher complex practices, absorb long and technical privacy policies, and give their meaningful agreement. This is unrealistic, when recent research shows social media privacy policies run to an average of more than 6000 words.
It's a point well made by the Federal Court's ruling that Google engaged in misleading and deceptive conduct when collecting location data from Android phones. While the ACCC took the case under consumer law it has implications for privacy practice. It also supports our call for greater simplicity and clarity in privacy policies and notices.
Often the privacy debate gets sidetracked by questions over notice and consent. If we give the green light to provide our personal information to an organisation, and that organisation has told us what they will use the information for, then isn't that a solution?
Not always. In the age of high privacy impact technologies and data flows, we need more.
That is why the privacy regulator, the Office of the Australian Information Commissioner (OAIC), is recommending the introduction of a new obligation for all personal information handling to be fair and reasonable. This would go some way to preventing activities that do not meet community expectations.
MORE OPINION:
Take the case of a retailer using AI to scan your face to assess your emotional state for commercial purposes. Even if they tell you they are using your data in this way, is it fair and reasonable?
Consideration should also be given to prohibiting data practices that we, as a society, cannot tolerate. For example, profiling and tracking children online and targeting them with advertising. Such a "no-go zone" is supported by 84 per cent of parents polled for our Australian Community Attitudes to Privacy Survey 2020.
The way we protect personal information in this country has already shifted. The community has sought stronger safeguards for personal information handling considered higher risk, such as My Health Record or COVIDSafe data. These changes can be mutually beneficial.
When Australians have clear privacy rights and trust that their personal information is protected wherever it flows, they will feel confident to engage in the data-driven economy. When organisations have a clear framework that sets out their responsibilities for handling personal information, they will be able to operate and innovate with confidence that they are doing the right thing.
We have also asked for stronger powers for the OAIC to protect Australians' privacy, including the discretion to identify and address the most serious situations before greater harm occurs.
This Privacy Awareness Week, from May 3 to 9, we are calling for privacy to be a priority. Reform of the Privacy Act is a landmark opportunity to do just that, as we stand at the crossroads of determining the future privacy framework and data economy we want for Australia.
- Angelene Falk is the Australian Information Commissioner and Privacy Commissioner. She heads the Office of the Australian Information Commissioner.