Placeholder Content Image

Why do organisations still struggle to protect our data? We asked 50 professionals on the privacy front line

<div class="theconversation-article-body"> <p><em><a href="https://theconversation.com/profiles/jane-andrew-10314">Jane Andrew</a>, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a>; <a href="https://theconversation.com/profiles/dr-penelope-bowyer-pont-1550191">Dr Penelope Bowyer-Pont</a>, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a>, and <a href="https://theconversation.com/profiles/max-baker-25553">Max Baker</a>, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a></em></p> <p>More of our personal data is now collected and stored online than ever before in history. The rise of data breaches should unsettle us all.</p> <p>At an individual level, data breaches can compromise our privacy, cause harm to our finances and mental health, and even enable identity theft.</p> <p>For organisations, the repercussions can be equally severe, often resulting in major financial losses and brand damage.</p> <p>Despite the increasing importance of protecting our personal information, doing so remains fraught with challenges.</p> <p>As part of a <a href="http://www.doi.org/10.25910/psq3-q365">comprehensive study</a> of data breach notification practices, we interviewed 50 senior personnel working in information security and privacy. Here’s what they told us about the multifaceted challenges they face.</p> <h2>What does the law actually say?</h2> <p>Data breaches occur whenever personal information is accessed or disclosed without authorisation, or even lost altogether. <a href="https://www.abc.net.au/news/2024-06-20/optus-hack/104002682">Optus</a>, <a href="https://www.abc.net.au/news/2022-11-09/medibank-data-release-dark-web-hackers/101632088">Medibank</a> and <a href="https://www.afr.com/technology/canva-criticised-after-data-breach-exposed-139m-user-details-20190526-p51r8i">Canva</a> have all experienced high-profile incidents in recent years.</p> <p>Under Australia’s <a href="https://www8.austlii.edu.au/cgi-bin/viewdb/au/legis/cth/consol_act/pa1988108/">privacy laws</a>, organisations aren’t allowed to sweep major cyber attacks under the rug.</p> <p>They have to notify both the regulator – the Office of the Australian Information Commissioner (OAIC) – and any affected individuals of breaches that are likely to result in “<a href="https://www8.austlii.edu.au/cgi-bin/viewdb/au/legis/cth/consol_act/pa1988108/#:%7E:text=Whether%20access%20or%20disclosure%20would%20be%20likely%2C%20or%20would%20not%20be%20likely%2C%20to%20result%20in%20serious%20harm%2D%2Drelevant%20matters%20%C2%A0">serious harm</a>”.</p> <p>But according to the organisational leaders we interviewed, this poses a tricky question. How do you define serious harm?</p> <p>Interpretations of what “serious harm” actually means – and how likely it is to occur – vary significantly. This inconsistency can make it impossible to predict the specific impact of a data breach on an individual.</p> <p>Victims of domestic violence, for example, may be at increased risk when personal information is exposed, creating harms that are difficult to foresee or mitigate.</p> <h2>Enforcing the rules</h2> <p>Interviewees also had concerns about how well the regulator could provide guidance and enforce data protection measures.</p> <p>Many expressed a belief the OAIC is underfunded and lacks the authority to impose and enforce fines properly. The consensus was that the challenge of protecting our data has now outgrown the power and resources of the regulator.</p> <p>As one chief information security officer at a publicly listed company put it:</p> <blockquote> <p>What’s the point of having speeding signs and cameras if you don’t give anyone a ticket?</p> </blockquote> <p>A lack of enforcement can undermine the incentive for organisations to invest in robust data protection.</p> <h2>Only the tip of the iceberg</h2> <p>Data breaches are also underreported, particularly in the corporate sector.</p> <p>One senior cybersecurity consultant from a major multinational company told us there is a strong incentive for companies to minimise or cover up breaches, to avoid embarrassment.</p> <p>This culture means many breaches that should be reported simply aren’t. One senior public servant estimated only about 10% of reportable breaches end up actually being disclosed.</p> <p>Without this basic transparency, the regulator and affected individuals can’t take necessary steps to protect themselves.</p> <h2>Third-party breaches</h2> <p>Sometimes, when we give our personal information to one organisation, it can end up in the hands of another one we might not expect. This is because key tasks – especially managing databases – are often outsourced to third parties.</p> <p>Outsourcing tasks might be a more efficient option for an organisation, but it can make protecting personal data even more complicated.</p> <p>Interviewees told us breaches were more likely when engaging third-party providers, because it limited the control they had over security measures.</p> <p>Between July and December 2023 in Australia, there was an increase of <a href="https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-publications/notifiable-data-breaches-report-july-to-december-2023">more than 300%</a> in third-party data breaches compared to the six months prior.</p> <p>There have been some highly publicised examples.</p> <p>In May this year, many Clubs NSW customers had their personal information potentially <a href="https://www.rimpa.com.au/resource/more-than-a-million-australian-data-records-potentially-exposed-in-nsw-club-and-pub-data-breach.html#:%7E:text=Outabox%2C%20the%20IT%20services%20provider,and%20has%20notified%20law%20enforcement">breached</a> through an attack on third-party software provider Outabox.</p> <p>Bunnings suffered a <a href="https://australiancybersecuritymagazine.com.au/bunnings-customer-data-compromised/">similar breach</a> in late 2021, via an attack on scheduling software provider FlexBooker.</p> <h2>Getting the basics right</h2> <p>Some organisations are still struggling with the basics. Our research found many data breaches occur because outdated or “legacy” data systems are still in use.</p> <p>These systems are old or inactive databases, often containing huge amounts of personal information about all the individuals who’ve previously interacted with them.</p> <p>Organisations tend to hold onto personal data longer than is legally required. This can come down to confusion about data-retention requirements, but also the high cost and complexity of safely decommissioning old systems.</p> <p>One chief privacy officer of a large financial services institution told us:</p> <blockquote> <p>In an organisation like ours where we have over 2,000 legacy systems […] the systems don’t speak to each other. They don’t come with big red delete buttons.</p> </blockquote> <p>Other interviewees flagged that risky data testing practices are widespread.</p> <p>Software developers and tech teams often use “production data” – real customer data – to test new products. This is often quicker and cheaper than creating test datasets.</p> <p>However, this practice exposes real customer information to insecure testing environments, making it more vulnerable. A senior cybersecurity specialist told us:</p> <blockquote> <p>I’ve seen it so much in every industry […] It’s literally live, real information going into systems that are not live and real and have low security.</p> </blockquote> <h2>What needs to be done?</h2> <p>Drawing insights from professionals at the coalface, our study highlights just how complex data protection has become in Australia, and how quickly the landscape is evolving.</p> <p>Addressing these issues will require a multi-pronged approach, including clearer legislative guidelines, better enforcement, greater transparency and robust security practices for the use of third-party providers.</p> <p>As the digital world continues to evolve, so too must our strategies for protecting ourselves and our data.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/236681/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/jane-andrew-10314">Jane Andrew</a>, Professor, Head of the Discipline of Accounting, Governance and Regulation, University of Sydney Business School, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a>; <a href="https://theconversation.com/profiles/dr-penelope-bowyer-pont-1550191">Dr Penelope Bowyer-Pont</a>, Researcher, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a>, and <a href="https://theconversation.com/profiles/max-baker-25553">Max Baker</a>, Associate professor, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a></em></p> <p><em>Image credits: Shutterstock </em></p> <p><em>This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/why-do-organisations-still-struggle-to-protect-our-data-we-asked-50-professionals-on-the-privacy-front-line-236681">original article</a>.</em></p> </div>

Legal

Placeholder Content Image

Australia to introduce new "gold standard" in ID verification

<p>The Australian government is set to introduce a new "gold standard" in ID verification that will protect valuable information from potential data leaks. </p> <p>Government Services Minister Bill Shorten will is set to use his address to the National Press Club on Tuesday to announce the national Trust Exchange, or TEx program, which is currently at the “proof-of-concept stage”, and is slated to be rolled out at the end of the year. </p> <p>The program will connect to a user's MyGov Wallet or digital ID without the need to hand over any documents, allowing businesses to verify your identity using a government-issued QR code.</p> <p>The QR codes could be used for job applications, hotel bookings, or entry into a pub or RSL clubs, eliminating the need to hand over physical driver's licenses or passports.</p> <p>The technology will store information such as someone’s date-of-birth, address, citizenship, visa status, qualifications, occupational licences or working with children check, and other information already held by the government.</p> <p>"Services Australia is partnering with other government systems to develop TEx which would give Australians the ability to verify their identity and credentials based on official information already held by the Australian Government," Shorten is set to say in his National Press Club speech.</p> <p>"That means sharing only the personal information to get the job done, and in some cases, not handing over any personal information at all."</p> <p>“You control what details are exchanged. You then have in your wallet a record of sharing, say, your passport and trade certificate with your employer.”</p> <p>Shorten will say codes "digitally shake hands with your myGov wallet," leaving you with a record in your account of what you shared, and who you shared it with.</p> <p>"All that has been exchanged has been a digital 'thumbs up' from the Government that you are who you say you are," Shorten will say.</p> <p><em>Image credits: Shutterstock </em></p>

Legal

Placeholder Content Image

Worried your address, birth date or health data is being sold? You should be – and the law isn’t protecting you

<div class="theconversation-article-body"><em><a href="https://theconversation.com/profiles/katharine-kemp-402096">Katharine Kemp</a>, <a href="https://theconversation.com/institutions/unsw-sydney-1414">UNSW Sydney</a></em></p> <p>Australians don’t know and can’t control how data brokers are spreading their personal information. This is the core finding of a newly <a href="https://www.accc.gov.au/system/files/Digital-platform-services-inquiry-March-2024-interim-report.pdf">released report</a> from the Australian Competition and Consumer Commission (ACCC).</p> <p>Consumers wanting to rent a property, get an insurance quote or shop online are not given real choices about whether their personal data is shared for other purposes. This exposes Australians to scams, fraud, manipulation and discrimination.</p> <p>In fact, <a href="https://www.accc.gov.au/media-release/consumers-lack-visibility-and-choice-over-data-collection-practices">many don’t even know</a> what kind of data has been collected about them and shared or sold by data firms and other third parties.</p> <p>Our privacy laws are due for reform. But Australia’s privacy commissioner <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4224653">should also enforce</a> an existing rule: with very limited exceptions, businesses must not collect information about you from third parties.</p> <h2>What are data brokers?</h2> <p><a href="https://cprc.org.au/wp-content/uploads/2024/02/CPRC-Singled-Out-Final-Feb-2024.pdf">Data brokers</a> generally make their profits by collecting information about individuals from various sources and sharing this personal data with their many business clients. This can include detailed profiles of a person’s family, health, finances and movements.</p> <p>Data brokers often have no connection with the individual – you may not even recognise the name of a firm that holds vast amounts of information on you. Some of these data brokers are large multinational companies with billions of dollars in revenue.</p> <p>Consumer and privacy advocates provided the ACCC with evidence of highly concerning data broker practices. <a href="https://www.accc.gov.au/system/files/Salinger%20Privacy.pdf">One woman</a> tried to find out how data brokers had got hold of her information after receiving targeted medical advertising.</p> <p>Although she never discovered how they obtained her data, she found out it included her name, date of birth and contact details. It also included inferences about her, such as her retiree status, having no children, not having “high affluence” and being likely to donate to a charity.</p> <p>ACCC found another data broker was reportedly creating lists of individuals who may be experiencing vulnerability. The categories included:</p> <ul> <li>children, teenage girls and teenage boys</li> <li>“financially unsavvy” people</li> <li>elderly people living alone</li> <li>new migrants</li> <li>religious minorities</li> <li>unemployed people</li> <li>people in financial distress</li> <li>new migrants</li> <li>people experiencing pain or who have visited certain medical facilities.</li> </ul> <p>These are all potential vulnerabilities that could be exploited, for example, by scammers or unscrupulous advertisers.</p> <h2>How do they get this information?</h2> <p>The ACCC notes <a href="https://cprc.org.au/wp-content/uploads/2023/03/CPRC-working-paper-Not-a-fair-trade-March-2025.pdf">74% of Australians are uncomfortable</a> with their personal information being shared or sold.</p> <p>Nonetheless, data brokers sell and share Australian consumers’ personal information every day. Businesses we deal with – for example, when we buy a car or search for natural remedies on an online marketplace – both buy data about us from data brokers and provide them with more.</p> <p>The ACCC acknowledges consumers haven’t been given a choice about this.</p> <p>Attempting to read every privacy term is near impossible. The ACCC referred to a recent study which found it would take consumers <a href="https://www.mi-3.com.au/06-11-2023/aussies-face-10-hour-privacy-policy-marathon-finds-study">over 46 hours a month</a> to read every privacy policy they encounter.</p> <figure class="align-center zoomable"><a href="https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&amp;q=45&amp;auto=format&amp;w=1000&amp;fit=clip"><img src="https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px" srcset="https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&amp;q=45&amp;auto=format&amp;w=600&amp;h=131&amp;fit=crop&amp;dpr=1 600w, https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&amp;q=30&amp;auto=format&amp;w=600&amp;h=131&amp;fit=crop&amp;dpr=2 1200w, https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&amp;q=15&amp;auto=format&amp;w=600&amp;h=131&amp;fit=crop&amp;dpr=3 1800w, https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;h=165&amp;fit=crop&amp;dpr=1 754w, https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&amp;q=30&amp;auto=format&amp;w=754&amp;h=165&amp;fit=crop&amp;dpr=2 1508w, https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&amp;q=15&amp;auto=format&amp;w=754&amp;h=165&amp;fit=crop&amp;dpr=3 2262w" alt="" /></a><figcaption><span class="caption">The approximate length and time it would take to read an average privacy policy in Australia per month.</span> <span class="attribution"><a class="source" href="https://www.accc.gov.au/about-us/publications/serial-publications/digital-platform-services-inquiry-2020-25-reports/digital-platform-services-inquiry-interim-report-march-2024">ACCC Digital Platform Services Inquiry interim report</a></span></figcaption></figure> <p>Even if you could read every term, you still wouldn’t get a clear picture. Businesses use <a href="https://cprc.org.au/wp-content/uploads/2024/02/CPRC-Singled-Out-Final-Feb-2024.pdf">vague wording</a> and data descriptions which <a href="https://theconversation.com/70-of-australians-dont-feel-in-control-of-their-data-as-companies-hide-behind-meaningless-privacy-terms-224072">confuse consumers</a> and have no fixed meaning. These include “pseudonymised information”, “hashed email addresses”, “aggregated information” and “advertising ID”.</p> <p>Privacy terms are also presented on a “take it or leave it” basis, even for transactions like applying for a rental property or buying insurance.</p> <p>The ACCC pointed out 41% of Australians feel they have been <a href="https://www.choice.com.au/consumers-and-data/data-collection-and-use/how-your-data-is-used/articles/choice-renttech-report-release">pressured to use “rent tech” platforms</a>. These platforms collect an increasing range of information with questionable connection to renting.</p> <h2>A first for Australian consumers</h2> <p>This is the first time an Australian regulator has made an in-depth report on the consumer data practices of data brokers, which are generally hidden from consumers. It comes <a href="https://www.ftc.gov/system/files/documents/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014/140527databrokerreport.pdf">ten years after</a> the United States Federal Trade Commission (FTC) conducted a similar inquiry into data brokers in the US.</p> <p>The ACCC report examined the data practices of nine data brokers and other “data firms” operating in Australia. (It added the term “data firms” because some companies sharing data about people argue that they are not data brokers.)</p> <p>A big difference between the Australian and the US reports is that the FTC is both the consumer watchdog and the <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2312913">privacy regulator</a>. As our competition and consumer watchdog, the ACCC is meant to focus on competition and consumer issues.</p> <p>We also need our privacy regulator, the Office of the Australian Information Commissioner (OAIC), to pay attention to these findings.</p> <h2>There’s a law against that</h2> <p>The ACCC report shows many examples of businesses collecting personal information about us from third parties. For example, you may be a customer of a business that only has your name and email address. But that business can purchase “<a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4224653">data enrichment</a>” services from a data broker to find out your age range, income range and family situation.</p> <p>The <a href="https://www.legislation.gov.au/C2004A03712/latest/text">current Privacy Act</a> includes <a href="https://www.oaic.gov.au/privacy/australian-privacy-principles/read-the-australian-privacy-principles">a principle</a> that organisations must collect personal information only from the individual (you) unless it is unreasonable or impracticable to do so. “Impracticable” means practically impossible. This is the direct collection rule.</p> <p>Yet there is no reported case of the privacy commissioner enforcing the direct collection rule against a data broker or its business customers. Nor has the OAIC issued any specific guidance in this respect. It should do both.</p> <h2>Time to update our privacy laws</h2> <p>Our privacy law was drafted in 1988, long before this complex web of digital data practices emerged. Privacy laws in places such as California and the European Union provide much stronger protections.</p> <p>The government has <a href="https://ministers.ag.gov.au/media-centre/speeches/privacy-design-awards-2024-02-05-2024">announced</a> it plans to introduce a privacy law reform bill this August.</p> <p>The ACCC report reinforces the need for vital amendments, including a direct right of action for individuals and a rule requiring dealings in personal information to be “fair and reasonable”.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/230540/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/katharine-kemp-402096">Katharine Kemp</a>, Associate Professor, Faculty of Law &amp; Justice, <a href="https://theconversation.com/institutions/unsw-sydney-1414">UNSW Sydney</a></em></p> <p><em>Image credits: Shutterstock</em></p> <p><em>This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/worried-your-address-birth-date-or-health-data-is-being-sold-you-should-be-and-the-law-isnt-protecting-you-230540">original article</a>.</em></p> </div>

Legal

Placeholder Content Image

How Samantha Murphy's digital data could be a crucial clue

<p>Last Friday, Victoria Police revisited the Mount Clear area after extracting information from her mobile phone data, as they continue to investigate the Ballarat mum's disappearance. </p> <p>Now, Former Australia Federal Police officer and professor of cybersecurity, Nigel Phair believes an "anomaly" or "change in the behaviour" of Murphy's data pattern may have prompted authorities to return to the area. </p> <p>Detectives have previously said that Murphy departed her residence and ran approximately 7km through Woowookarung Regional Park with data tracking her last location as Mount Clear. </p> <p>Phair who formerly headed investigations at the Australian High Tech Crime Centre (AHTCC), said that data from her iPhone and Apple Watch is particularly important as both devices constantly log her GPS coordinates, heart rate, altitude and can even detect falls among other biometric information. </p> <p>"From the second that she walked out of her door, when out on the street, they would be able to see where she was moving and how she was moving," Phair told told Liz Hayes on Channel 9's series <em>Under Investigation</em>. </p> <p>Additionally, her iPhone can be precisely located using triangulation from nearby cell phone towers. </p> <p>Phair said that this type of data is extremely reliable and accurate, and he believes that the disturbance in this data the 7km mark, where it stopped tracking the information, reveals some form of sophistication. </p> <p>"That means someone's done something active against those two devices and you have to know what you are doing to think I'm going to completely take these out," he said. </p> <p>"It's not just turning them off, it's destroying them and then getting rid of that piece of evidence."</p> <p>He added that tampering with these devices are particularly hard, because even if they may attempt to change SIM cards, mobile phones that are still on can still be traced. </p> <p>"A device has two signifiers. It has a phone number, which you can change, call that the software signifier," he said.</p> <p>"Then it has a hardware identifier, which is the IMEI number." </p> <p>He said that police would be notified if the IMEI number was still operational. </p> <p>"Regardless if you swap SIMs or don't use a SIM at all and just use it as a Wi-Fi-only device in a Wi-Fi area, it will always broadcast that IME number onto the network," he said. </p> <p>Phair said that it is "highly likely" that police have the data on potential predators and are tracking them, as they can see whether someone else was using a device in the Mount Clear area the day Murphy disappeared. </p> <p>Former Victorian detective Damian Marrett told Hayes the he believes Murphy's disappearance is the result of foul play, as changes in her digital data could suggest it was a "targeted attack". </p> <p>He also added that if anyone else had access to her Find My iPhone app or any of her other data, they could easily track her using this information. </p> <p>"Somebody who intimately knew the tracks that she takes or had access to be able to track her runs," he said.</p> <p>"So she could have been tracked without those people having to physically surveil her."</p> <p><em>Images: Under Investigation/ Facebook</em></p> <p> </p>

Legal

Placeholder Content Image

Are Australia’s roads becoming more dangerous? Here’s what the data says

<p><a href="https://theconversation.com/profiles/mark-stevenson-330220">Mark Stevenson</a>, <em><a href="https://theconversation.com/institutions/the-university-of-melbourne-722">The University of Melbourne</a></em> and <a href="https://theconversation.com/profiles/jason-thompson-96100">Jason Thompson</a>, <em><a href="https://theconversation.com/institutions/the-university-of-melbourne-722">The University of Melbourne</a></em></p> <p>In 2022, there were nearly <a href="https://www.bitre.gov.au/sites/default/files/documents/road_trauma_2022.pdf">1,200 road crash deaths</a> in Australia – a figure that has remained largely the same over the past decade. However, some states and territories have seen dramatic increases in just the last five years, such as the ACT (100%), Tasmania (59.4%) and Queensland (21.2%).</p> <p>Serious injuries from road crashes have also been <a href="https://app.powerbi.com/view?r=eyJrIjoiMGVlZDM0YzQtNWI3Mi00YzAyLWI5YjUtZGQyYzc3YjJmMmY3IiwidCI6ImFhMjFiNjQwLWJhYzItNDU2ZC04NTA1LWYyY2MwN2Y1MTc4NCJ9">on the rise</a>, from 35,000 in 2013 to 39,866 in 2019.</p> <p>These statistics highlight the need for an urgent rethink of road safety policies if we are to achieve Australia’s <a href="https://www.sbs.com.au/news/article/australias-road-deaths-rise-despite-push-to-halve-fatalities-by-2030/vcl7yj50g">target</a> of a 50% decrease in fatalities and a 30% decrease in serious injuries by 2030. We are clearly not on track to meet these targets.</p> <p>People are worth more than statistics, though. And it is not surprising we haven’t seen decreases in road deaths when we rely on strategies first implemented three to four decades ago. Change is needed to prevent the ongoing trauma caused by road crashes to Australian families.</p> <p><iframe id="DTp1X" class="tc-infographic-datawrapper" style="border: none;" src="https://datawrapper.dwcdn.net/DTp1X/1/" width="100%" height="400px" frameborder="0"></iframe></p> <h2>Why have road trauma rates not declined?</h2> <p>Australia has long had an international reputation for pioneering road safety measures, such as seat belt restraints, speed management strategies (including speed cameras) and drink-driving laws, among others. In fact, Australia was the <a href="https://link.springer.com/article/10.1007/BF00137361">first country</a> in the world to introduce laws for compulsory seat belt use.</p> <p>These initiatives have been highly successful in reducing road deaths from their peak in 1970, when <a href="https://www.abs.gov.au/ausstats/abs@.nsf/Previousproducts/1301.0Feature%20Article412001?opendocument&amp;tabname=Summary&amp;prodno=1301.0&amp;issue=2001&amp;num=&amp;view=">3,798</a> were recorded. But in the past two decades, further progress has stalled. We must ask ourselves why.</p> <p>One theory to explain why road deaths may have increased in many states in the past couple of years is the pandemic. The previously empty roads are now congested again, which may have led to impatience and speeding. Or perhaps, some people have seemingly forgotten how to drive safely. However, there is another, perhaps simpler explanation.</p> <p>This chart shows how closely road deaths have tracked with domestic fuel sales in Australia – measured in millions of litres of fuel – since 2019. In simple terms, when driving rates decreased at the beginning of the pandemic, deaths and injuries went down. When driving rates increased again in early 2021, deaths and injuries went up.</p> <p>In fact, there is scant evidence to suggest people’s driving behaviours changed during this time. Our recent unpublished research followed approximately 800 drivers from January 2020 to March 2023 using monitoring systems inside their cars to measure their behaviour. We found no differences in driver behaviours during this time.</p> <p>Rather, there’s a more likely reason why road deaths and injuries continue to be so high: the amount of time we spend driving continues to increase, while our strategies to target the risks associated with driving haven’t changed.</p> <p>Unfortunately, government agencies continue to rely on strategies implemented over the past 20-30 years, which were effective when they were first introduced, but are now subject to the law of diminishing marginal returns. This means continually throwing more resources at existing speed management strategies, for example, will likely only see marginal benefits.</p> <h2>A new approach not focused on cars</h2> <p>There is increasing urgency to investigate and implement new road safety strategies based on emerging technologies and a redesign of our cities instead.</p> <p>For example, a <a href="https://www.sciencedirect.com/science/article/abs/pii/S0001457521003092">recent Australian trial</a> using new driving monitoring technology showed promise in reducing risky driving behaviours that could cause crashes. The monitoring systems provided feedback to the driver (via a smartphone app) and encouraged safer driving using financial incentives akin to insurance premiums. This new strategy is being explored further in three states: New South Wales, Queensland and Western Australia.</p> <p>Encouraging people to transition from private car trips to public transport is another road safety strategy that has seldom been considered by governments. Rather, the driver, car and road remain the focus.</p> <p>This <a href="https://www.roadsafety.gov.au/nrss/fact-sheets/vision-zero-safe-system">“safe system” approach</a> puts an emphasis on building safe road infrastructure for cars, while ignoring urban design changes that de-emphasise the need for cars. We should be encouraging more people to commute by rail, tram and bus (all lower-risk modes per kilometre travelled), while at the same time delivering safe infrastructure for sustainable transport such as bicycles/e-bicycles or walking.</p> <p>If we continue to tinker with strategies implemented many decades ago, we will never get close to achieving the lofty government targets on road deaths and injuries by 2030.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/213240/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><a href="https://theconversation.com/profiles/mark-stevenson-330220"><em>Mark Stevenson</em></a><em>, Professor of Urban Transport and Public Health, <a href="https://theconversation.com/institutions/the-university-of-melbourne-722">The University of Melbourne</a> and <a href="https://theconversation.com/profiles/jason-thompson-96100">Jason Thompson</a>, Associate Professor, Faculty of Medicine and Melbourne School of Design, <a href="https://theconversation.com/institutions/the-university-of-melbourne-722">The University of Melbourne</a></em></p> <p><em>Image credits: Getty Images</em></p> <p><em>This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/are-australias-roads-becoming-more-dangerous-heres-what-the-data-says-213240">original article</a>.</em></p>

Domestic Travel

Placeholder Content Image

The $500 million ATO fraud highlights flaws in the myGov ID system. Here’s how to keep your data safe

<p><em><a href="https://theconversation.com/profiles/rob-nicholls-91073">Rob Nicholls</a>, <a href="https://theconversation.com/institutions/unsw-sydney-1414">UNSW Sydney</a></em></p> <p>The Australian Tax Office (ATO) paid out more than half a billion dollars to cyber criminals between July 2021 and February 2023, according to an <a href="https://www.abc.net.au/news/2023-07-26/ato-reveals-cost-of-mygov-tax-identity-crime-fraud/102632572">ABC report</a>.</p> <p>Most of the payments were for small amounts (less than A$5,000) and were not flagged by the ATO’s own monitoring systems.</p> <p>The fraudsters exploited a weakness in the identification system used by the myGov online portal to redirect other people’s tax refunds to their own bank accounts.</p> <p>The good news is there’s plenty the federal government can do to crack down on this kind of fraud – and that you can do to keep your own payments secure.</p> <h2>How these scams work</h2> <p>Setting up a myGov account or a myGov ID requires proof of identity in the form of “<a href="https://www.afp.gov.au/sites/default/files/PDF/NPC-100PointChecklist-18042019.pdf">100 points of ID</a>”. It usually means either a passport and a driver’s licence or a driver’s licence, a Medicare card, and a bank statement.</p> <p>Once a myGov account is created, linking it to your tax records requires two of the following: an ATO assessment, bank account details, a payslip, a Centrelink payment, or a super account.</p> <p>These documents were precisely the ones targeted in three large data breaches in the past year: at <a href="https://theconversation.com/what-does-the-optus-data-breach-mean-for-you-and-how-can-you-protect-yourself-a-step-by-step-guide-191332">Optus</a>, at <a href="https://theconversation.com/medibank-hackers-are-now-releasing-stolen-data-on-the-dark-web-if-youre-affected-heres-what-you-need-to-know-194340">Medibank</a>, and at <a href="https://asic.gov.au/about-asic/news-centre/news-items/guidance-for-consumers-impacted-by-the-latitude-financial-services-data-breach/">Latitude Financial</a>.</p> <p>In this scam, the cyber criminal creates a fake myGov account using the stolen documents. If they can also get enough information to link to the ATO or your Tax File Number, they can then change bank account details to have your tax rebate paid to their account.</p> <p>It is a sadly simple scam.</p> <h2>How government can improve</h2> <p>One of the issues here is quite astounding. The ATO knows where salaries are paid, via the “<a href="https://www.ato.gov.au/business/single-touch-payroll/what-is-stp-/">single touch</a>” payroll system. This ensures salaries, tax and superannuation contributions are all paid at once.</p> <p>Most people who have received a tax refund will have provided bank account details where that payment can be made. Indeed, many people use precisely those bank account details to identify themselves to myGov.</p> <p>At present, those bank details can be changed within myGov without any further ado. If the ATO simply checked with the individual via another channel when bank account details are changed, this fraud could be prevented. It might be sensible to check with the individual’s employer as well.</p> <p>Part of the problem is the ATO has not been very transparent about the risks. If these risks were clearly set out, then calls for changes to ATO procedures would have been loud and clear from the cyber security community.</p> <p>The ATO is usually good at identifying when a cyber security incident may lead to fraud. For example, when the recruitment software company <a href="https://www.abc.net.au/news/2018-06-06/australian-data-may-be-compromised-in-pageup-security-breach/9840048?itm_campaign=newsapp">PageUp was hacked in 2018</a>, the ATO required people who may have been affected to reconfirm their identities. This was done without public commentary and represents sound practice.</p> <p>Sadly, the millions of records stolen in the Optus, Medibank and Latitude Financial breaches have not led to a similar level of vigilance.</p> <p>Another action the ATO could take would be to check when a single set of bank account details is associated with more than one myGov account.</p> <p>A national digital identity would also help. However, this system has been in development for years, is not universally popular, and may well be <a href="https://www.themandarin.com.au/226280-gallagher-warns-community-support-for-digital-identity-not-ubiquitous/">delayed</a> until after the federal election due in 2024.</p> <h2>Protecting yourself</h2> <p>The most important thing to do is make sure the ATO does not use a bank account number other than yours. As long as the ATO only has your bank account number to transfer your tax rebate, this scam does not work.</p> <p>It also helps to protect your Tax File Number. There are only four groups that ever need this number.</p> <p>The first is the ATO itself. The second is your employer. However, remember you do not need to give your TFN to a prospective employer, and your employer only needs your TFN <em>after</em> you have started work.</p> <p>Your super fund and your bank may ask for your TFN. However, providing your TFN to your super fund or bank is optional – it just makes things easier, as otherwise they will withhold tax which you will need to claim back later.</p> <p>Of course, all the usual data safety issues still apply. Don’t share your driver’s licence details without good reason. Take similar care with your passport. Your Medicare card is for health services and does not need to be shared widely.</p> <p>Don’t open emails from people you do not know. Never click links in messages unless you are sure they are safe. Most importantly, know your bank will not send you emails containing links, nor will the ATO.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/210459/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/rob-nicholls-91073">Rob Nicholls</a>, Associate professor of regulation and governance, <a href="https://theconversation.com/institutions/unsw-sydney-1414">UNSW Sydney</a></em></p> <p><em>Image </em><em>credits: Shutterstock</em></p> <p><em>This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/the-500-million-ato-fraud-highlights-flaws-in-the-mygov-id-system-heres-how-to-keep-your-data-safe-210459">original article</a>.</em></p>

Technology

Placeholder Content Image

Australia's most trusted brands revealed for 2023

<p>When it comes to big brands, there are certain names that Aussies go back to time and time again for their reliability and trustworthy reputations. </p> <p>This year, according to recent data collated by <a href="https://www.trustedbrands.com.au" target="_blank" rel="noopener">Reader's Digest</a>, consumers are interacting differently with big name brands after recovering from the pandemic, but now being faced with the cost of living crisis. </p> <p>The survey, now in its 24th year, was carried out by independent market research company Catalyst Consultancy & Research and asked thousands of consumers of a mixed demographic to name the brands they trusted across more than 70 categories. </p> <p>The data suggests that our most trusted brands have "not only changed the way they interact with us during the past three years of the pandemic", but current "cost-of-living pressures mean the most successful organisations are making even further refinements".</p> <p>"With inflation putting price pressure on everyone at the moment, trust remains a hard-earned and vitally important commodity," Reader's Digest Australia Editor-in-Chief Louise Waterson said. </p> <p>"Many leading companies are rebranding their image, or reshaping their services, to hold on to existing customers and seek out new ones."</p> <p><em><strong>Check out the list below of Australia's top 20 most trusted brands, and <a href="https://www.trustedbrands.com.au/" target="_blank" rel="noopener">head here for the full 2023 results</a>.</strong></em></p> <p>20. Woolworths</p> <p>19. Sanitarium</p> <p>18. Bridgestone</p> <p>17. Ryobi</p> <p>16. Dairy Farmers</p> <p>15. Cancer Council Australia</p> <p>14. Dyson</p> <p>13. Bega </p> <p>12. Selleys</p> <p>11. Specsavers</p> <p>10. Glen20</p> <p>9. Dulux</p> <p>8. Royal Flying Doctor Service</p> <p>7. Band-Aid</p> <p>6. Victa</p> <p>5. Panadol</p> <p>4. Bunnings Warehouse</p> <p>3. Cadbury</p> <p>2. Weber</p> <p>1. Dettol</p> <p><em>Image credits: Trusted Brands</em></p>

News

Placeholder Content Image

Can big data really predict what makes a song popular?

<p>Music is part of our lives in different ways. We listen to it on our commutes and it resounds through shopping centres. Some of us seek live music at concerts, festivals and shows or rely on music to set the tone and mood of our days.</p> <p>While we might understand the genres or songs we appreciate, it’s not clear precisely why a certain song is more appealing or popular. Perhaps the lyrics speak to an experience? Perhaps the energy makes it appealing? These questions are important to answer for music industry professionals, and <a href="https://theconversation.com/how-data-is-transforming-the-music-industry-70940">analyzing data</a> is a key part of this.</p> <p>At Carleton University, a group of data science researchers sought to answer the question: “What descriptive features of a song make it popular on music/online platforms?”</p> <h2>Revenue in the music industry</h2> <p>Revenue in the music industry <a href="https://doi.org/10.1509/jm.14.0473">is derived from two sources that are affected by different factors: live music and recorded music</a>. During the pandemic, although live music income dropped due to the cancellation of in-person performances, the <a href="https://doi.org/10.1371/journal.pone.0267640">income from streaming</a> rose.</p> <p>As digital platforms like Spotify and TikTok have grown, <a href="https://doi.org/10.5753/sbcm.2019.10436">the majority of music revenue has come to be contributed by digital media, mostly music streaming</a>. How and whether this <a href="https://theconversation.com/artists-spotify-criticisms-point-to-larger-ways-musicians-lose-with-streaming-heres-3-changes-to-help-in-canada-176526">revenue reaches singers and songwriters at large</a> is another matter. </p> <h2>Popularity on digital platforms</h2> <p>The popularity of a song on digital platforms is considered a measure of the revenue the song may generate.</p> <p>As such, producers seek to answer questions like “<a href="https://doi.org/10.1098/rsos.171274">How can we make the song more popular?</a>” and “<a href="https://doi.org/10.1109/ICMLA.2019.00149">What are the characteristics of songs that make it the top charts?</a>” </p> <p>With collaborators <a href="https://www.linkedin.com/in/laura-colley/">Laura Colley</a>, <a href="https://www.linkedin.com/in/andrew-dybka/">Andrew Dybka</a>, Adam Gauthier, Jacob Laboissonniere, Alexandre Mougeot and Nayeeb Mowla, we produced a systematic study that collected data from YouTube, Twitter, TikTok, Spotify and Billboard (<a href="https://www.billboard.com/charts/hot-100">Billboard Hot-100</a>, sometimes also denoted by data researchers as “<a href="https://data.world/bigml/association-discovery">Billboard hot top</a>” or in our work and others’ work, “Billboard Top-100”).</p> <p>We linked the datasets from the different platforms with Spotify’s acoustic descriptive metric or “descriptive features” for songs. These features have been derived <a href="https://www.billboard.com/music/music-news/echo-nest-columbia-university-launch-million-song-dataset-1178990/">from a dataset which yielded categories for measuring and analyzing qualities of songs</a>. Spotify’s <a href="https://www.theguardian.com/technology/2014/mar/06/spotify-echo-nest-streaming-music-deal">metrics capture</a> <a href="https://doi.org/10.1098/rsos.171274">descriptive features such as</a>acousticness, energy, danceability and instrumentalness (the collection of instruments and voices in a given piece). </p> <p>We sought to find trends and analyze the relationship between songs’ descriptive features and their popularity.</p> <p>The rankings on the weekly <a href="https://www.billboard.com/charts/hot-100/">Billboard Hot-100</a> are based on sales, online streams and radio plays in the United States.</p> <p>The analysis we performed by looking at Spotify and Billboard revealed insights that are useful for the music industry.</p> <h2>What predicts a Billboard hit?</h2> <p>To perform <a href="https://ieeexplore.ieee.org/document/9842568">this study</a>, we used two different data sets pertaining to songs that <a href="https://www.npr.org/sections/therecord/2013/08/16/207879695/how-the-hot-100-became-americas-hit-barometer">were Billboard hits</a> <a href="https://data.world/kcmillersean/billboard-hot-100-1958-2017">from the early 1940s to 2020</a> and Spotify data related to over 600,000 tracks and over one million artists.</p> <p>Interestingly, we found no substantial correlations between the number of weeks a song remained on the charts, as a measure of popularity, and the acoustic features included in the study.</p> <p>Our analysis determined that newer songs tend to last longer on the charts and that a song’s popularity affects how long it stays on the charts. </p> <p>In a related study, researchers collected data for Billboard’s Hot 100 from 1958 to 2013 and found that <a href="https://doi.org/10.1007/978-3-319-13734-6_36">songs with a higher tempo and danceability often get a higher peak position on the Billboard charts</a>. </p> <h2>Predicting Spotify song popularity</h2> <p>We also used the songs’ features to generate machine learning models to predict Spotify song popularity. Preliminary results concluded that features are not linearly correlated, with some expected exceptions including songs’ energy. </p> <p>This indicated that the Spotify metrics we studied — including acousticness, danceability, duration, energy, explicitness, instrumentalness, liveness, speechiness (a measure of the presence of spoken words in a song), tempo and release year — were not strong predictors of the song’s popularity.</p> <p>The majority of songs in the Spotify dataset were not listed as explicit, tended to have low instrumentalness and speechiness, and were typically recent songs. </p> <p>Although one may think that some features that are innate to certain songs make them more popular, our study revealed that popularity can not be attributed solely to quantifiable acoustic elements. </p> <p>This means that song makers and consumers must consider other contextual factors beyond the musical features, as captured by Spotify’s measurables, that may contribute to the song’s success. </p> <h2>Elements affecting popularity shift</h2> <p>Our study reinforces that elements affecting the popularity of songs change over time and should be continuously explored. </p> <p>For example, <a href="https://doi.org/10.1098%2Frsos.171274">in songs produced between 1985 and 2015 in the United Kingdom, songs produced by female artists were more successful</a>.</p> <p>Other aspects may substantially contribute to the success of a song. Data scientists have proposed <a href="https://doi.org/10.1371/journal.pone.0244576">simplicity of the lyrics</a>, the advertising and <a href="https://www.ipr.edu/blogs/audio-production/what-are-the-elements-of-popular-music/">distribution plans</a> as potential predictors of songs’ popularity.</p> <h2>Attached listeners</h2> <p>Many musicians and producers make use of popular events and marketing strategies to advertise songs. Such events create social engagements and <a href="https://doi.org/10.3389/fpsyg.2018.02682">audience involvement</a> which attaches the listener to the song being performed. </p> <p>For the public, <a href="https://www.osheaga.com/en">live music events</a>, following long lockdowns, have been opportune for reuniting friends, and <a href="https://ottawabluesfest.ca/">enjoying live artistry and</a> entertainment.</p> <p>While attending a music event or listening to a song, we invite you to reflect on what it is about the song that makes you enjoy it.</p> <p><em>Image credits: Getty Images</em></p> <p><em>This arctic originally appeared on <a href="https://theconversation.com/can-big-data-really-predict-what-makes-a-song-popular-189052" target="_blank" rel="noopener">The Conversation</a>. </em></p>

Music

Placeholder Content Image

“Have a second phone”: Aussie spy chief’s warning on social media use

<p dir="ltr">MPs have been urged to use a second phone if they want to access social media apps such as TikTok, after one of Australia’s top spy bosses spoke about how these apps use our personal information.</p> <p dir="ltr">Rachel Noble, the Director-General of the Australian Signals Directorate (ASD), recommended that politicians and their staff should adopt the practice during a Senate estimates hearing.</p> <p dir="ltr">She also said that having a phone without access to social media was the only way to have “absolute certainty” of data privacy.</p> <p dir="ltr">“Our advice was, frankly, for people who are members of parliament who might be particularly targets of espionage … that if you wanted absolute certainty that your social media app couldn’t have access to those things … would be to have a second phone which you exclusively use for that,” Ms Noble said.</p> <p dir="ltr">The warning comes after it was reported earlier this year that the ASD had confidential meetings with politicians and their staff to warn them that some apps undertake excessive data collection and request access to contact lists, location data and photos.</p> <p dir="ltr">Last year, the Department of Home Affairs restricted TikTok use on work phones, joining the Department of Defence in doing so.</p> <p dir="ltr">During the hearing, Ms Noble said that in some cases social media apps were collecting additional information extending “beyond the content of messages, videos and voice recordings”.</p> <p dir="ltr">“Social media apps are monetising what you do on your phone, what you access, what you look at for how long, who your friends are – they will seek to get demographics of your friends in order to push you the information and get you to buy things,” she said.</p> <p dir="ltr">With some apps headquartered outside Australia, such as China, Ms Noble said the information collected could be accessed legally or be subject to covert collection.</p> <p dir="ltr">Sectors of the Australian public service aren’t the only ones restricting use of social media apps on work phones, with parliaments in the United States and New Zealand warning against using TikTok on government devices.</p> <p><span id="docs-internal-guid-4a365f66-7fff-12a0-c84b-6e36f0ce1003"></span></p> <p dir="ltr"><em>Image: Getty Images</em></p>

Technology

Placeholder Content Image

"Deplorable": Medibank hacker announces ransom demands

<p>As more sensitive health data has been posted on the dark web, the Medibank hacker has shared their ransom demands for the information to be returned safely. </p> <p>Along with the unlawful release of the information, the hacker stated, "Society ask us about ransom, it's a 10 millions (sic) usd. We can make discount 9.7m 1$=1 customer."</p> <p>At current rates, US$9.7 million is worth $15.07 million.</p> <p>The alleged hacker, also posted: "Medibanks (sic) CEO stated, that ransom amount is 'irrelevant'. We want to inform the customers, that He refuses to pay for yours data more, like 1 USD per person. So, probably customers data and extra efforts don't cost that."</p> <p>Following the release of 200 users' personal health data yesterday, the hacker has today posted an additional file of information allegedly obtained in the hack.</p> <p>While the file is titled "abortions", it is understood that the diagnostic code listed in the file against the names of over 300 Australian men and women actually refers to an admission for "Supervision of high risk pregnancy, unspecified, first trimester", according to <a href="https://www.9news.com.au/national/medibank-hack-update-more-health-data-ransom-demand-posted/32e7d105-1b5f-4291-bbb4-32620cbe3456" target="_blank" rel="noopener">9News</a>. </p> <p>Medibank CEO David Koczkar has called the latest health data release as "deplorable", while assuring customers they are working to secure their information. </p> <p>He said, "The release of this stolen data on the dark web is disgraceful."</p> <p>"We take the responsibility to secure our customer data seriously and we again unreservedly apologise to our customers.</p> <p>"We remain committed to fully and transparently communicating with customers and we will be contacting customers whose data has been released on the dark web.</p> <p>"The weaponisation of people's private information in an effort to extort payment is malicious, and it is an attack on the most vulnerable members of our community.</p> <p>"These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care."</p> <p>With so much information already leaked, there is a high risk of scams and individual ransom demands to come for the 500 or so Australians whose personal data has already been published.</p> <p>Those customers should be on high alert for scammers.</p> <p>Medibank has yet to reach out to the 500,000 customers whose health data is in jeopardy, to advise them whether more information has been lost to the scammers. </p> <p><em>Image credits: Getty Images </em></p>

Legal

Placeholder Content Image

Optus data breach: regulatory changes announced, but legislative reform still needed

<p>In response to Australia’s biggest ever data breach, the federal government will <a href="https://ministers.treasury.gov.au/ministers/jim-chalmers-2022/media-releases/changes-protect-consumers-following-optus-data-breach" target="_blank" rel="noopener">temporarily suspend regulations</a> that stop telcos sharing customer information with third parties.</p> <p>It’s a necessary step to deal with the threat of identify theft faced by 10 million current and former Optus customers. It will allow Optus to work with banks and government agencies to detect and prevent the fraudulent use of their data.</p> <p>But it’s still only a remedial measure, intended to be in place for 12 months. More substantive reform is needed to tighten Australia’s loose approach to data privacy and protection.</p> <h2>Changing regulations, not legislation</h2> <p>The changes – <a href="https://ministers.treasury.gov.au/ministers/jim-chalmers-2022/media-releases/changes-protect-consumers-following-optus-data-breach" target="_blank" rel="noopener">announced</a> by Treasurer Jim Chalmers and Federal Communications Minister Michelle Rowland – involve amending the <a href="https://www.legislation.gov.au/Details/F2022C00329" target="_blank" rel="noopener">Telecommunications Regulation 2021</a>.</p> <p>This a piece of “subordinate” or “<a href="https://peo.gov.au/understand-our-parliament/your-questions-on-notice/questions/whats-the-difference-between-a-legislative-act-and-a-regulation/" target="_blank" rel="noopener">delegated law</a>” to the <a href="https://www.legislation.gov.au/Series/C2004A05145" target="_blank" rel="noopener">Telecommunications Act 1997</a>. Amending the act itself would require a vote of parliament. Regulations can be amended at the government’s discretion.</p> <p>Under the Telecommunications Act it is a criminal offence for telcos to share information about “the affairs or personal particulars of another person”.</p> <p>The only exceptions are sharing information with the <a href="https://www.infrastructure.gov.au/media-communications-arts/phone/services-people-disability/accesshub/national-relay-service" target="_blank" rel="noopener">National Relay Service</a> (which enables those with hearing or speech disabilities to communicate by phone), to “authorised research entities” such as universities, public health agencies or electoral commissions, or to police and intelligence agencies <a href="https://www.homeaffairs.gov.au/about-us/our-portfolios/national-security/lawful-access-telecommunications/telecommunications-interception-and-surveillance" target="_blank" rel="noopener">with a warrant</a>.</p> <p>That means Optus can’t tell banks or even government agencies set up to prevent identity fraud, such as the little-known <a href="https://www.afr.com/companies/telecommunications/banks-treasury-team-up-to-protect-optus-customers-20220928-p5blm3" target="_blank" rel="noopener">Australian Financial Crime Exchange</a>, who the affected customers are.</p> <h2>Important safeguards</h2> <p>The government says the changes will only allow the sharing of “<a href="https://ministers.treasury.gov.au/ministers/jim-chalmers-2022/media-releases/changes-protect-consumers-following-optus-data-breach" target="_blank" rel="noopener">approved government identifier information</a>” – driver’s licences, Medicare and passport numbers.</p> <p>This information can only be shared with government agencies or financial institutions <a href="https://www.apra.gov.au/register-of-authorised-deposit-taking-institutions" target="_blank" rel="noopener">regulated by</a> the Australian Prudential Regulatory Authority. This means Optus (or any other telco) won’t be able to share information with the Australian branches of foreign banks.</p> <p>Financial institutions will also have to meet strict requirements about secure methods for transferring and storing personal information shared with them, and make undertakings to the Australian Competition and Consumer Commission (<a href="https://www.accc.gov.au/publications/section-87b-of-the-competition-consumer-act" target="_blank" rel="noopener">which can be enforced in court</a>).</p> <p>The information can be shared only “for the sole purposes of preventing or responding to cybersecurity incidents, fraud, scam activity or identify theft”. Any entity receiving information must destroy it after using it for this purpose.</p> <p>These are incredibly important safeguards given the current lack of limits on how long companies can keep identity data.</p> <h2>What is needed now</h2> <p>Although temporary, these changes could be a game changer. For the next 12 months, at least, Optus (and possibly other telcos) will be able to proactively share customer information with banks to prevent cybersecurity, fraud, scams and identity theft.</p> <p>It could potentially enable a crackdown on scams that affect both banks and telcos – such as <a href="https://www.ato.gov.au/General/Online-services/Identity-security-and-scams/Scam-alerts/" target="_blank" rel="noopener">fraudulent texts and phone calls</a>.</p> <p>But this does not nullify the need for a larger legislative reform agenda.</p> <p>Australia’s data privacy laws and regulations should put limits on how much data companies can collect, or for how long they can keep that information. Without limits, companies will continue to collect and store much more personal information <a href="https://theconversation.com/what-do-tiktok-bunnings-ebay-and-netflix-have-in-common-theyre-all-hyper-collectors-187274" target="_blank" rel="noopener">than they need</a>.</p> <p>This will require amending the federal Privacy Act – subject to a <a href="https://www.ag.gov.au/integrity/consultations/review-privacy-act-1988" target="_blank" rel="noopener">government review</a> now nearing three years in length. There should be limits on what data companies can retain, and how long, as well as bigger penalties for non-compliance.</p> <p>We all need to take data privacy more seriously.</p> <p><strong>This article originally appeared on <a href="https://theconversation.com/optus-data-breach-regulatory-changes-announced-but-legislative-reform-still-needed-192009" target="_blank" rel="noopener">The Conversation</a>. </strong></p> <p><em>Image: Shutterstock</em></p>

Legal

Placeholder Content Image

7 tricks to use less phone data – and lower your phone bill

<p><strong>Turn off background app refresh</strong></p> <p><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/01-background-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></p> <p>When this feature is enabled, your apps are constantly refreshing so that they can show you the most recent content when opened. This includes email synching, weather widgets updating, and feeds refreshing. For the iPhone: Turn off the background app refresh by going to Settings &gt; General &gt; Background App Refresh. For Android: Go to Settings &gt; Data Usage &gt; Restrict app background data. This will allow you to turn the feature off for all apps or you can pick and choose which ones you want to turn off.</p> <p><strong>Disable apps that use a lot of data</strong></p> <p><strong><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/02-disable-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></strong></p> <p>There are certain apps that use more data than others, whether you use them frequently or not. For ones that you don’t use often, turn off cellular data. For the iPhone: Go to Settings &gt; Cellular &gt; then under “Use Cellular Data For” switch certain apps to off.</p> <p><strong>Turn off app updates</strong></p> <p><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/03-updates-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></p> <p>If your apps update automatically your phone will start the download whether you are connected to Wi-Fi or not. To turn this off on an iPhone, go to Settings &gt; iTunes &amp; App Stores &gt; turn off Use Cellular Data. For an Android, go to Settings &gt; under General click Auto-update apps &gt; Auto-update apps over Wi-Fi only. Then, your apps will only update when you are connected to Wi-Fi.</p> <p><strong>Turn off Wi-Fi assist</strong></p> <p><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/04-wifi-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></p> <p>Wi-Fi assist automatically uses your cellular data when the Wi-Fi signal is poor. To disable Wi-Fi assist for an iPhone go to Settings &gt; Cellular &gt; turn off Wi-Fi Assist.</p> <p><strong>Turn off iCloud drive</strong></p> <p><strong><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/05-icloud-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></strong></p> <p>When iCloud is enabled it is constantly moving documents in and out of the cloud. Use less cell phone data by turning iCloud off. To do this on the iPhone got to Settings &gt; iCloud &gt; turn off iCloud Drive.</p> <p><strong>Download music</strong></p> <p><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/06-download-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></p> <p>When you are on the go, streaming music, podcasts, or videos can really eat away at your data. Both the iPhone and Android phones let you restrict these apps to Wi-Fi only. Turning this setting on will force you to download them when connected to a Wi-Fi network and then allow for data free listening on the move.</p> <p><strong>Turn off cellular data completely</strong></p> <p><strong><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/07-turn-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></strong></p> <p>If you know that you are about to reach you data limit or are saving it for the road trip you have coming up, you can simply turn off cellular data. This way, no data will be used, and certain apps will only work if you are connected to a Wi-Fi network.</p> <p><em><span id="docs-internal-guid-a9e22df5-7fff-1897-03fe-9c3a3e5e32d8">Written by M</span></em><em>organ Cutolo</em><em>. This article first appeared in <a href="https://www.readersdigest.com.au/culture/7-tricks-to-use-less-phone-data-and-lower-your-phone-bill" target="_blank" rel="noopener">Reader’s Digest</a>. For more of what you love from the world’s best-loved magazine, <a href="http://readersdigest.innovations.com.au/c/readersdigestemailsubscribe?utm_source=over60&amp;utm_medium=articles&amp;utm_campaign=RDSUB&amp;keycode=WRA87V" target="_blank" rel="noopener">here’s our best subscription offer.</a></em></p> <p><em>Images: </em><em>NICOLE FORNABAIO/RD.COM</em></p>

Technology

Placeholder Content Image

How not to tell customers their data is at risk: the perils of the Optus approach

<p>Optus fears data on up to 9.8 million of its customers has been accessed in a <a href="https://www.optus.com.au/about/media-centre/media-releases/2022/09/optus-notifies-customers-of-cyberattack" target="_blank" rel="noopener">sophisticated cyberattack</a> – including, for some customers, passport and drivers licence details, as well as phone numbers, dates of birth and email addresses.</p> <p>It made the announcement through the media, in the middle of Thursday’s national day of mourning public holiday, and during the four-day long weekend in Melbourne in the lead-up to the AFL grand final.</p> <p>At first, it didn’t text or email its customers. Instead, it issued a <a href="https://www.optus.com.au/about/media-centre/media-releases/2022/09/optus-notifies-customers-of-cyberattack" target="_blank" rel="noopener">press release</a> in the belief this was</p> <blockquote> <p>the quickest and most effective way to alert as many current and former customers as possible, so they could be vigilant and monitor for any suspicious activity.</p> </blockquote> <p>Trust in the media is at an all-time low. Communications authority Edelman reports that globally, only <a href="https://www.edelman.com/sites/g/files/aatuss191/files/2022-01/2022%20Edelman%20Trust%20Barometer%20FINAL_Jan25.pdf" target="_blank" rel="noopener">50%</a> of people trust the media, down from 62% a decade ago. Far more people (61%) trust businesses.</p> <h2>Tweets rather than texts</h2> <p>It has been <a href="https://studycorgi.com/the-role-of-integrated-marketing-communications-campaign/" target="_blank" rel="noopener">conventional wisdom</a> that brands should take an integrated approach to marketing communications. Many channels are better than one, increasingly so as audiences for traditional channels continue to fragment.</p> <p>An integrated marketing approach need not mean communicating through every available channel, but it should mean strategically selecting channels that are trusted and consumed by the brand’s customers.</p> <p>One of the best channels Optus has is its own phone network, and it is experienced in using it to contact its customers.</p> <p>Customers are likely to expect this where Optus has something important to say, and they are likely to trust a direct message from Optus more than one filtered through the media.</p> <p>They are even likely to spread it via word of mouth through friends who also use Optus, giving the company a continuing role in shaping the message.</p> <p>Instead, Optus backed up its press release with tweets.</p> <blockquote> <p dir="ltr" lang="en">Hi Marie, we issued a press release and proactively reached out to media as this is the quickest way to inform all our existing and former customers so they can be on high alert for anything suspicious. Kartik</p> <p>— Optus (@Optus) <a href="https://twitter.com/Optus/status/1572949683332583428?ref_src=twsrc%5Etfw">September 22, 2022</a></p></blockquote> <p>Optus has around 5.8 million active users, around 21% of the Australian population. They are a cross-section of the population, having little in common other than the fact they use Optus for communications.</p> <p>Some of Optus’ customers, especially those in Gen Z, might not use traditional news media. They wouldn’t have received the message through that channel.</p> <p>Former customers dating back to 2017 are also likely to be affected by the breach, taking the total affected to around <a href="https://www.smh.com.au/technology/sophisticated-attack-optus-hackers-used-european-addresses-could-be-state-linked-20220923-p5bkfn.html" target="_blank" rel="noopener">9.8 million</a>, about one third of the population.</p> <p>Twitter is used by about only about <a href="https://www.genroe.com/blog/social-media-statistics-australia/13492" target="_blank" rel="noopener">18%</a> of the population, and the overlap with Optus customers might not be large.</p> <blockquote class="twitter-tweet"> <p dir="ltr" lang="en">We'll be contacting impacted customers soon with more information and details on how we'll support them. Optus will not be sending links in any emails or SMS messages. If you believe your account has been compromised, you can contact us on My Optus app (2/2) ^George</p> <p>— Optus (@Optus) <a href="https://twitter.com/Optus/status/1573136010904363008?ref_src=twsrc%5Etfw">September 23, 2022</a></p></blockquote> <h2>What can brands learn from Optus?</h2> <p>As marketing and branding experts, we’ve distilled three lessons, each well known before the data breach.</p> <ol> <li> <p>When you have news affecting your customers, tell them before anyone else, in a personalised, one-to-one approach.</p> </li> <li> <p>Use channels that are trusted and consumed by your customers.</p> </li> <li> <p>Encourage word of mouth through your relationships with your brand community and loyal customers.</p> </li> </ol> <p><strong>This article originally appeared on <a href="https://theconversation.com/how-not-to-tell-customers-their-data-is-at-risk-the-perils-of-the-optus-approach-191258" target="_blank" rel="noopener">The Conversation</a>.</strong></p> <p><em>Image: Shutterstock</em></p>

Legal

Placeholder Content Image

This law makes it illegal for companies to collect third-party data to profile you but they do anyway

<p>A little-known provision of the Privacy Act makes it illegal for many companies in Australia to buy or exchange consumers’ personal data for profiling or targeting purposes. It’s almost never enforced. In a published <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4224653" target="_blank" rel="noopener">research paper</a>, I argue that needs to change.</p> <p>“Data enrichment” is the intrusive practice of companies going behind our backs to “fill in the gaps” of the information we provide.</p> <p>When you purchase a product or service from a company, fill out an online form, or sign up for a newsletter, you might provide only the necessary data such as your name, email, delivery address and/or payment information.</p> <p>That company may then turn to other retailers or <a href="https://www.oracle.com/au/cx/advertising/data-enrichment-measurement/#data-enrichment" target="_blank" rel="noopener">data brokers</a> to purchase or exchange extra data about you. This could include your age, family, health, habits and more.</p> <p>This allows them to build a more detailed individual profile on you, which helps them predict your behaviour and more precisely target you with ads.</p> <p>For almost ten years, there has been a law in Australia that makes this kind of data enrichment illegal if a company can “reasonably and practicably” request that information directly from the consumer. And at least <a href="https://consultations.ag.gov.au/rights-and-protections/privacy-act-review-discussion-paper/consultation/view_respondent?_b_index=60&amp;uuId=926016195" target="_blank" rel="noopener">one major data broker</a> has asked the government to “remove” this law.</p> <p>The burning question is: why is there not a single published case of this law being enforced against companies “enriching” customer data for profiling and targeting purposes?</p> <h2>Data collection ‘only from the individual’</h2> <p>The relevant law is Australian Privacy Principle 3.6 and is part of the federal <a href="https://www.legislation.gov.au/Details/C2022C00199" target="_blank" rel="noopener">Privacy Act</a>. It applies to most organisations that operate businesses with annual revenues higher than A$3 million, and smaller data businesses.</p> <p>The law says such organisations:</p> <blockquote> <p>must collect personal information about an individual only from the individual […] unless it is unreasonable or impracticable to do so.</p> </blockquote> <p>This “direct collection rule” protects individuals’ privacy by allowing them some control over information collected about them, and avoiding a combination of data sources that could reveal sensitive information about their vulnerabilities.</p> <p>But this rule has received almost no attention. There’s only one published determination of the federal privacy regulator on it, and that was against the <a href="https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/AICmr/2020/69.html" target="_blank" rel="noopener">Australian Defence Force</a> in a different context.</p> <p>According to Australian Privacy Principle 3.6, it’s only legal for an organisation to collect personal information from a third party if it would be “unreasonable or impracticable” to collect that information from the individual alone.</p> <p>This exception was intended to apply to <a href="https://www.oaic.gov.au/privacy/australian-privacy-principles-guidelines/chapter-3-app-3-collection-of-solicited-personal-information#collecting-directly-from-the-individual" target="_blank" rel="noopener">limited situations</a>, such as when:</p> <ul> <li>the individual is being investigated for some wrongdoing</li> <li>the individual’s address needs to be updated for delivery of legal or official documents.</li> </ul> <p>The exception shouldn’t apply simply because a company wants to collect extra information for profiling and targeting, but realises the customer would probably refuse to provide it.</p> <h2>Who’s bypassing customers for third-party data?</h2> <p>Aside from data brokers, companies also exchange information with each other about their respective customers to get extra information on customers’ lives. This is often referred to as “data matching” or “data partnerships”.</p> <p>Companies tend to be very vague about who they share information with, and who they get information from. So we don’t know for certain who’s buying data-enrichment services from data brokers, or “matching” customer data.</p> <p>Major companies such as <a href="https://www.amazon.com.au/gp/help/customer/display.html?nodeId=202075050&amp;ref_=footer_iba" target="_blank" rel="noopener">Amazon Australia</a>, <a href="https://www.ebay.com.au/help/policies/member-behaviour-policies/user-privacy-notice-privacy-policy?id=4260&amp;mkevt=1&amp;mkcid=1&amp;mkrid=705-53470-19255-0&amp;campid=5337590774&amp;customid=&amp;toolid=10001#section4" target="_blank" rel="noopener">eBay Australia</a>, <a href="https://www.facebook.com/privacy/policy/?subpage=1.subpage.4-InformationFromPartnersVendors" target="_blank" rel="noopener">Meta</a> (Facebook), <a href="https://www.viacomcbsprivacy.com/en/policy" target="_blank" rel="noopener">10Play Viacom</a> and <a href="https://twitter.com/en/privacy#twitter-privacy-1" target="_blank" rel="noopener">Twitter</a> include terms in the fine print of their privacy policies that state they collect personal information from third parties, including demographic details and/or interests.</p> <p><a href="https://policies.google.com/privacy?hl=en-US#infocollect" target="_blank" rel="noopener">Google</a>, <a href="https://preferences.news.com.au/privacy" target="_blank" rel="noopener">News Corp</a>, <a href="https://www.sevenwestmedia.com.au/privacy-policies/privacy" target="_blank" rel="noopener">Seven</a>, <a href="https://login.nine.com.au/privacy?client_id=smh" target="_blank" rel="noopener">Nine</a> and others also say they collect personal information from third parties, but are more vague about the nature of that information.</p> <p>These privacy policies don’t explain why it would be unreasonable or impracticable to collect that information directly from customers.</p> <h2>Consumer ‘consent’ is not an exception</h2> <p>Some companies may try to justify going behind customers’ backs to collect data because there’s an obscure term in their privacy policy that mentions they collect personal information from third parties. Or because the company disclosing the data has a privacy policy term about sharing data with “trusted data partners”.</p> <p>But even if this amounts to consumer “consent” under the relatively weak standards for consent in our current privacy law, this is not an exception to the direct collection rule.</p> <p>The law allows a “consent” exception for government agencies under a separate part of the direct collection rule, but not for private organisations.</p> <h2>Data enrichment involves personal information</h2> <p>Many companies with third-party data collection terms in their privacy policies acknowledge this is personal information. But some may argue the collected data isn’t “personal information” under the Privacy Act, so the direct collection rule doesn’t apply.</p> <p>Companies often exchange information about an individual without using the individual’s legal name or email. Instead they may use a unique advertising identifier for that individual, or <a href="https://help.abc.net.au/hc/en-us/articles/4402890310671" target="_blank" rel="noopener">“hash” the email address</a> to turn it into a unique string of numbers and letters.</p> <p>They essentially allocate a “code name” to the consumer. So the companies can exchange information that can be linked to the individual, yet say this information wasn’t connected to their actual name or email.</p> <p>However, this information should still be treated as personal information because it can be linked back to the individual when combined with other <a href="https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/FCAFC/2017/4.html" target="_blank" rel="noopener">information about them</a>.</p> <h2>At least one major data broker is against it</h2> <p>Data broker <a href="https://www.experian.com.au/business/solutions/audience-targeting/digital-solutions-sell-side/digital-audiences-ss" target="_blank" rel="noopener">Experian Australia</a> has asked the government to “remove” Australian Privacy Principle 3.6 “altogether”. In its <a href="https://consultations.ag.gov.au/rights-and-protections/privacy-act-review-discussion-paper/consultation/view_respondent?_b_index=60&amp;uuId=926016195" target="_blank" rel="noopener">submission</a> to the Privacy Act Review in January, Experian argued:</p> <blockquote> <p>It is outdated and does not fit well with modern data uses.</p> </blockquote> <p>Others who profit from data enrichment or data matching would probably agree, but prefer to let sleeping dogs lie.</p> <p>Experian argued the law favours large companies with direct access to lots of customers and opportunities to pool data collected from across their own corporate group. It said companies with access to fewer consumers and less data would be disadvantaged if they can’t purchase data from brokers.</p> <p>But the fact that some digital platforms impose extensive personal data collection on customers supports the case for stronger privacy laws. It doesn’t mean there should be a data free-for-all.</p> <h2>Our privacy regulator should take action</h2> <p>It has been three years since the consumer watchdog recommended <a href="https://www.accc.gov.au/system/files/Digital%20platforms%20inquiry%20-%20final%20report.pdf" target="_blank" rel="noopener">major reforms</a> to our privacy laws to reduce the disadvantages consumers suffer from invasive data practices. These reforms are probably still years away, if they eventuate at all.</p> <p>The direct collection rule is a very rare thing. It is an existing Australian privacy law that favours consumers. The privacy regulator should prioritise the enforcement of this law for the benefit of consumers.</p> <p><strong>This article originally appeared on <a href="https://theconversation.com/this-law-makes-it-illegal-for-companies-to-collect-third-party-data-to-profile-you-but-they-do-anyway-190758" target="_blank" rel="noopener">The Conversation</a>.</strong></p> <p><em>Image: Shutterstock</em></p>

Legal

Placeholder Content Image

Even if TikTok and other apps are collecting your data, what are the actual consequences?

<p>By now, most of us are aware social media companies collect vast amounts of our information. By doing this, they can target us with ads and monetise our attention. The latest chapter in the data-privacy debate concerns one of the world’s most popular apps among young people – TikTok.</p> <p>Yet anecdotally it seems the potential risks aren’t really something young people care about. Some were <a href="https://twitter.com/theprojecttv/status/1548962230741487617">interviewed</a> by The Project this week regarding the risk of their TikTok data being accessed from China.</p> <p>They said it wouldn’t stop them using the app. “Everyone at the moment has access to everything,” one person said. Another said they didn’t “have much to hide from the Chinese government”.</p> <p>Are these fair assessments? Or should Australians actually be worried about yet another social media company taking their data?</p> <p><strong>What’s happening with TikTok?</strong></p> <p>In a 2020 Australian parliamentary hearing on foreign interference through social media, TikTok representatives <a href="https://www.aph.gov.au/Parliamentary_Business/Hansard/Hansard_Display?bid=committees/commsen/1a5e6393-fec4-4222-945b-859e3f8ebd17/&amp;sid=0002">stressed</a>: “TikTok Australia data is stored in the US and Singapore, and the security and privacy of this data are our highest priority.”</p> <p>But as Australian Strategic Policy Institute (ASPI) analyst Fergus Ryan has <a href="https://www.aspistrategist.org.au/its-time-tiktok-australia-came-clean/">observed</a>, it’s not about where the data are <em>stored</em>, but who has <em>access</em>.</p> <blockquote class="twitter-tweet"> <p dir="ltr" lang="en">'Where the data is stored is really immaterial if the data can be accessed from Beijing at any point, and that's what we have known for a couple of years' | <a href="https://twitter.com/ASPI_ICPC?ref_src=twsrc%5Etfw">@ASPI_ICPC</a>'s <a href="https://twitter.com/fryan?ref_src=twsrc%5Etfw">@fryan</a> spoke to <a href="https://twitter.com/abcnews?ref_src=twsrc%5Etfw">@abcnews</a> about Tik Tok &amp; data security </p> <p>📺 Watch the interview: <a href="https://t.co/iKIXqj2Rt2">https://t.co/iKIXqj2Rt2</a></p> <p>— ASPI (@ASPI_org) <a href="https://twitter.com/ASPI_org/status/1549185634837102592?ref_src=twsrc%5Etfw">July 19, 2022</a></p></blockquote> <p>On June 17, BuzzFeed published a <a href="https://www.buzzfeednews.com/article/emilybakerwhite/tiktok-tapes-us-user-data-china-bytedance-access">report</a> based on 80 leaked internal TikTok meetings which seemed to confirm access to US TikTok data by Chinese actors. The report refers to multiple examples of data access by TikTok’s parent company ByteDance, which is based in China.</p> <p>Then in July, TikTok Australia’s director of public policy, Brent Thomas, wrote to the shadow minister for cyber security, James Paterson, regarding China’s access to Australian user data.</p> <p>Thomas denied having been asked for data from China or having “given data to the Chinese government” – but he also noted access is “based on the need to access data”. So there’s good reason to believe Australian users’ data <em>may</em> be accessed from China.</p> <blockquote class="twitter-tweet"> <p dir="ltr" lang="en">TikTok Australia has replied to my letter and admitted that Australian user data is also accessible in mainland China, putting it within reach of the Chinese government, despite their previous assurances it was safe because it was stored in the US and Singapore <a href="https://t.co/ITY1HNEo6v">pic.twitter.com/ITY1HNEo6v</a></p> <p>— James Paterson (@SenPaterson) <a href="https://twitter.com/SenPaterson/status/1546957121274621952?ref_src=twsrc%5Etfw">July 12, 2022</a></p></blockquote> <p><strong>Is TikTok worse than other platforms?</strong></p> <p>TikTok collects rich consumer information, including personal information and behavioural data from people’s activity on the app. In this respect, it’s not different from other social media companies.</p> <p>They all need oceans of user data to push ads onto us, and run data analytics behind a shiny facade of cute cats and trendy dances.</p> <p>However, TikTok’s corporate roots extend to authoritarian China – and not the US, where most of our other social media come from. This carries implications for TikTok users.</p> <p>Hypothetically, since TikTok moderates content according to Beijing’s foreign policy goals, it’s possible TikTok could apply censorship controls over Australian users.</p> <p>This means users’ feeds would be filtered to omit anything that doesn’t fit the Chinese government’s agenda, such as support for Taiwan’s sovereignty, as an example. In “shadowbanning”, a user’s posts appear to have been published to the user themselves, but are not visible to anyone else.</p> <p>It’s worth noting this censorship risk isn’t hypothetical. In 2019, information about Hong Kong protests was reported to have been <a href="https://www.theguardian.com/technology/2019/sep/25/revealed-how-tiktok-censors-videos-that-do-not-please-beijing">censored</a> not only on Douyin, China’s domestic version of TikTok, but also on TikTok itself.</p> <p>Then in 2020, ASPI <a href="https://www.aspi.org.au/report/tiktok-wechat">found</a> hashtags related to LGBTQ+ are suppressed in at least eight languages on TikTok. In response to ASPI’s research, a TikTok spokesperson said the hashtags may be restricted as part of the company’s localisation strategy and due to local laws.</p> <p>In Thailand, keywords such as #acab, #gayArab and anti-monarchy hashtags were found to be shadowbanned.</p> <p>Within China, Douyin complies with strict national content regulation. This includes censoring information about the religious movement Falun Gong and the Tiananmen massacre, among other examples.</p> <p>The legal environment in China forces Chinese internet product and service providers to work with government authorities. If Chinese companies disagree, or are unaware of their obligations, they can be slapped with legal and/or financial penalties and be forcefully shut down.</p> <p>In 2012, another social media product run by the founder of ByteDance, Yiming Zhang, was forced to close. Zhang fell into political line in a <a href="https://chinamediaproject.org/2018/04/11/tech-shame-in-the-new-era/">public apology</a>. He acknowledged the platform deviated from “public opinion guidance” by not moderating content that goes against “socialist core values”.</p> <p>Individual TikTok users should seriously consider leaving the app until issues of global censorship are clearly addressed.</p> <p><strong>But don’t forget, it’s not just TikTok</strong></p> <p>Meta products, such as Facebook and Instagram, also measure our interests by the seconds we spend looking at certain posts. They aggregate those behavioural data with our personal information to try to keep us hooked – looking at ads for as long as possible.</p> <p><a href="https://www.aclu.org/news/privacy-technology/holding-facebook-accountable-for-digital-redlining">Some real cases</a> of targeted advertising on social media have contributed to “digital redlining” – the use of technology to perpetuate social discrimination.</p> <p>In 2018, Facebook came under fire for showing some employment ads only to men. In 2019, it settled another digital redlining <a href="https://www.theguardian.com/technology/2019/mar/28/facebook-ads-housing-discrimination-charges-us-government-hud">case</a> over discriminatory practices in which housing ads were targeted to certain users on the basis of “race, colour, national origin and religion”.</p> <p>And in 2021, before the US Capitol breach, military and defence product ads <a href="https://www.buzzfeednews.com/article/ryanmac/facebook-profits-military-gear-ads-capitol-riot">were running</a> alongside conversations about a coup.</p> <p>Then there are some worst-case scenarios. The 2018 Cambridge Analytica scandal <a href="https://www.nytimes.com/2018/04/04/us/politics/cambridge-analytica-scandal-fallout.html">revealed</a> how Meta (then Facebook) exposed users’ data to the political consulting firm Cambridge Analytica without their consent.</p> <p>Cambridge Analytica harvested up to 87 million users’ data from Facebook, derived psychological user profiles and used these to tailor pro-Trump messaging to them. This likely had an influence on the 2016 US presidential election.</p> <figure class="align-center zoomable"><a href="https://images.theconversation.com/files/475064/original/file-20220720-19-dzfe0b.jpeg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=1000&amp;fit=clip"><img src="https://images.theconversation.com/files/475064/original/file-20220720-19-dzfe0b.jpeg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px" srcset="https://images.theconversation.com/files/475064/original/file-20220720-19-dzfe0b.jpeg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=600&amp;h=400&amp;fit=crop&amp;dpr=1 600w, https://images.theconversation.com/files/475064/original/file-20220720-19-dzfe0b.jpeg?ixlib=rb-1.1.0&amp;q=30&amp;auto=format&amp;w=600&amp;h=400&amp;fit=crop&amp;dpr=2 1200w, https://images.theconversation.com/files/475064/original/file-20220720-19-dzfe0b.jpeg?ixlib=rb-1.1.0&amp;q=15&amp;auto=format&amp;w=600&amp;h=400&amp;fit=crop&amp;dpr=3 1800w, https://images.theconversation.com/files/475064/original/file-20220720-19-dzfe0b.jpeg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;h=503&amp;fit=crop&amp;dpr=1 754w, https://images.theconversation.com/files/475064/original/file-20220720-19-dzfe0b.jpeg?ixlib=rb-1.1.0&amp;q=30&amp;auto=format&amp;w=754&amp;h=503&amp;fit=crop&amp;dpr=2 1508w, https://images.theconversation.com/files/475064/original/file-20220720-19-dzfe0b.jpeg?ixlib=rb-1.1.0&amp;q=15&amp;auto=format&amp;w=754&amp;h=503&amp;fit=crop&amp;dpr=3 2262w" alt="A phone shows a TikTok video playing on the screen, with a person mid-dance." /></a><figcaption><span class="caption">To what extent are we willing to ignore potential risks with social platforms, in favour of addictive content?</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure> <p>With TikTok, the most immediate concern for the average Australian user is content censorship – not direct prosecution. But within China, there are recurring instances of Chinese nationals being <a href="https://www.scmp.com/news/china/politics/article/3176605/crackdown-chinas-moderate-rights-voices-how-tweets-are-now">detained or even jailed</a> for using both Chinese and international social media.</p> <p>You can see how the consequences of mass data harvesting are not hypothetical. We need to demand more transparency from not just TikTok but all major social platforms regarding how data are used.</p> <p>Let’s continue the <a href="https://www.afr.com/policy/foreign-affairs/tiktok-s-privacy-fundamentally-incompatible-with-australia-20220713-p5b18l">regulation debate</a> TikTok has accelerated. We should look to update privacy protections and embed transparency into Australia’s national regulatory guidelines – for whatever the next big social media app happens to be.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/187277/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/ausma-bernot-963292" target="_blank" rel="noopener">Ausma Bernot</a>, PhD Candidate, <a href="https://theconversation.com/institutions/griffith-university-828" target="_blank" rel="noopener">Griffith University</a></em></p> <p><em>This article is republished from <a href="https://theconversation.com" target="_blank" rel="noopener">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/even-if-tiktok-and-other-apps-are-collecting-your-data-what-are-the-actual-consequences-187277" target="_blank" rel="noopener">original article</a>.</em></p> <p><em>Image: Getty Images</em></p>

Technology

Placeholder Content Image

Yet again, the census shows women are doing more housework. Now is the time to invest in interventions

<p>The Australian Census numbers have been released, showing women typically do <a href="https://www.abs.gov.au/census/find-census-data/community-profiles/2021/AUS/download/GCP_AUS.xlsx">many more hours of unpaid housework</a> per week compared to men.</p> <p>It’s not a new development. In <a href="https://www.abs.gov.au/websitedbs/D3310114.nsf/home/2016+Census+National">2016</a>, the “typical” Australian man spent less than five hours a week on domestic work, while the “typical” Australian woman spent between five and 14 hours a week on domestic work. Before that, the <a href="https://www.abs.gov.au/ausstats/abs@.nsf/7d12b0f6763c78caca257061001cc588/c0e6e1069c8d24e9ca257306000d5b04!OpenDocument">2006 census</a>showed, again, that more of the domestic workload is shouldered by women.</p> <p>So, in the 15 years since the Australian Census <a href="https://www.theage.com.au/national/census-to-count-unpaid-work-20060226-ge1ty0.html">started collecting</a> unpaid housework time, women are shown to do more than men. Every. Single. Time.</p> <p>What is unique about these latest census numbers is Australians filled out their surveys during one of the greatest disruptors to work and home life – the COVID pandemic.</p> <h2>Pandemic pressures</h2> <p>We have a breadth of <a href="https://scholar.google.com.au/citations?hl=en&amp;user=EHPbrxgAAAAJ&amp;view_op=list_works&amp;sortby=pubdate">research</a> showing the pandemic disrupted women’s – especially mothers’ – work and family lives, in catastrophic ways. </p> <p>Economic closures knocked women out of employment at <a href="https://arts.unimelb.edu.au/the-policy-lab/projects/projects/worsening">higher rates to men</a>, forcing them to rely more heavily on their savings and stimulus payments to make ends meet. All this while managing intensified housework, childcare and homeschooling.</p> <p>The <a href="https://read.dukeupress.edu/demography/article/59/1/1/286878/Research-Note-School-Reopenings-During-the-COVID">transition</a> to remote and hybrid learning meant mothers, not fathers, reduced their workloads to meet these newfound demands. </p> <p>Fathers picked up the slack in the home – doing <a href="https://theconversation.com/covid-forced-australian-fathers-to-do-more-at-home-but-at-the-same-cost-mothers-have-long-endured-154834">more housework</a> at the start of the pandemic and <a href="https://journals.sagepub.com/doi/full/10.1177/1097184X21990737">holding it</a> over time.</p> <p>Yet, as my colleagues Brendan Churchill and Lyn Craig <a href="https://onlinelibrary.wiley.com/doi/full/10.1111/gwao.12497">show</a>, fathers increased their housework but so did mothers, meaning the gender gap in that time remained. </p> <p>So, while men should be applauded for doing more during the unique strains of the pandemic, we <a href="https://onlinelibrary.wiley.com/doi/full/10.1111/gwao.12727">show</a> mothers were the true heroes of the pandemic, stepping into added labour at the expense of their health and well-being.</p> <p>Quite simply, the pandemic placed unparalleled pressures on Australian families. So it is perhaps no surprise our surveys are showing <a href="https://www.theage.com.au/national/victoria/the-juggle-is-real-parents-want-greater-flexibility-in-return-to-office-20220325-p5a820.html">Australians are burnt out</a>.</p> <p>(As discussed in <a href="https://theconversation.com/dont-give-mum-chocolates-for-mothers-day-take-on-more-housework-share-the-mental-load-and-advocate-for-equality-instead-182330">previous articles</a>, the chore divide in same-sex relationships is generally found to be more equal. But some critiques suggests even then, equality may suffer <a href="https://www.nytimes.com/2018/05/16/upshot/same-sex-couples-divide-chores-much-more-evenly-until-they-become-parents.html">once kids are involved</a>.)</p> <h2>Time for action</h2> <p>So, where to now? </p> <p>We pay upwards of <a href="https://www.abs.gov.au/AUSSTATS/abs@.nsf/mediareleasesbyReleaseDate/1B9C46E8DBFC05FFCA25847D0080F9A2?OpenDocument">$640 million dollars</a> every five years to document Australia through the census. </p> <p>And, in each of these surveys we find the same result – women are doing more housework than men. </p> <p>This <a href="https://theconversation.com/sorry-men-theres-no-such-thing-as-dirt-blindness-you-just-need-to-do-more-housework-100883">parallels decades of research</a> showing women do more housework, even when they are employed full-time, earn more money and especially <a href="https://onlinelibrary.wiley.com/doi/abs/10.1111/j.1741-3737.2008.00479.x">once kids hit</a>the scene.</p> <p>Men have increased their <a href="https://link.springer.com/chapter/10.1007/978-3-319-21635-5_2">housework</a> and <a href="https://aifs.gov.au/aifs-conference/fathers-and-work">childcare contributions</a> over time and <a href="https://journals.sagepub.com/doi/abs/10.1177/00113921211012737?journalCode=csia&amp;fbclid=IwAR0Vgrre91fTarMY_EFLmDl1iJk7hPms6p3FhfM0E0y52Bbe9bZqmJ7Gs1A">younger men want</a> to be more present, active and attentive in the home.</p> <p>Simply put: men want to step into greater care giving and women are suffering from “doing it all”.</p> <p>We have documented these trends for decades – enough. Now it is time for action.</p> <h2>Creating a fair future</h2> <p>These are the critical questions we are asking through <a href="https://www.unimelb.edu.au/futureofwork">The Future of Work Lab</a> at the University of Melbourne – how do we create a future that is fair to everyone, including women and mothers? </p> <p>A few key projects illuminate some of the next steps towards clear interventions. The first is to provide Australian families with a comprehensive safety net to support their care-giving lives.</p> <p>All of us will be, at some point, called upon to care for a loved one, friend, family member or colleague. At these moments, work becomes difficult and housework demands soar. </p> <p>So, providing <a href="https://theconversation.com/if-were-serious-about-supporting-working-families-here-are-three-policies-we-need-to-enact-now-105490">care-giving resources</a> beyond just paid time off is critical. This underscores the need for </p> <ul> <li>universal free high-quality childcare</li> <li>paid caregiver leave, and/or </li> <li>better and longer term cash payments for caregivers.</li> </ul> <p>Second, we need comprehensive policies that allow <a href="https://pursuit.unimelb.edu.au/articles/flexible-families-workplace-equality">men to step</a> into care-giving roles without fear of retribution and penalty at work.</p> <p>Australians work more <a href="https://stats.oecd.org/Index.aspx?DataSetCode=AVE_HRS">annual hours</a>, on average, than their Canadian and United Kingdom counterparts, working hours more similar to the overwork culture of the United States. And, only <a href="https://www.theguardian.com/lifeandstyle/2019/may/28/only-one-in-20-fathers-take-primary-parental-leave-in-australia">one in 20 Australian fathers</a> take paid parental leave following childbirth, an abysmal rate relative to other high-income countries. </p> <p>We can do better. </p> <p>The pandemic created the space for many men to step into larger care-giving roles with great pleasure and showed workplaces that flexible work is feasible.</p> <p>Next, the Australian workplace must become more supportive of men’s right to care.</p> <h2>Unpaid domestic work and the mental load</h2> <p>Finally, we must redress the challenges of unpaid domestic work and the <a href="https://theconversation.com/planning-stress-and-worry-put-the-mental-load-on-mothers-will-2022-be-the-year-they-share-the-burden-172599">mental load</a> on women’s physical, mental and <a href="https://www.tandfonline.com/doi/abs/10.1080/13668803.2021.2002813">economic health and well-being</a>.</p> <p>Perhaps tech holds some solutions. </p> <p>The demand is clearly there with some super impressive women building out concrete tech solutions to reduce the mental load and unpaid domestic work - like <a href="https://getmelo.app/">Melo’s mental load app</a> or <a href="https://www.yohana.com/">Yohana’s virtual concierges</a>. </p> <p>Others are using old tech solutions – like <a href="https://www.fairplaylife.com/the-cards">Eve Rodsky’s Fair Play</a> cards – to help couples equalise the often unseen, and undervalued household chores. We are working on a research project to understand the impact of these different resources on families’ unpaid domestic loads and lives more broadly. </p> <p>The census is valuable in showing us we remain unchanged. </p> <p>But, now, is a time to invest in intervention and innovation to make us better versions of ourselves into the future.</p> <p><em>Image credits: Getty Images </em></p> <p><em>This article originally appeared on <a href="https://theconversation.com/yet-again-the-census-shows-women-are-doing-more-housework-now-is-the-time-to-invest-in-interventions-185488" target="_blank" rel="noopener">The Conversation</a>. </em></p>

Home Hints & Tips

Placeholder Content Image

Bunnings and Kmart investigated for use of potentially "unethical" tech

<p dir="ltr">Some of Australia’s biggest retailers are being investigated for potentially invading customer privacy with facial recognition technology. </p> <p dir="ltr">Kmart, Bunnings and The Good Guys have been found to be using facial recognition technology on unsuspecting customers.</p> <p dir="ltr">CHOICE has referred the retailers to the Office of the Australian Information Commissioner (OAIC) to investigate potential breaches of the Privacy Act.</p> <p dir="ltr">Facial recognition analyses images from video cameras to capture each person’s unique facial features, known as a faceprint. </p> <p dir="ltr">“The use of facial recognition by Kmart, Bunnings and The Good Guys is a completely inappropriate and unnecessary use of the technology,” CHOICE consumer data advocate Kate Bower said. </p> <p dir="ltr">“To make matters worse, we found 76% of Australians aren’t aware that retailers are capturing their unique facial features in this way.”</p> <p dir="ltr">Ms Bower slammed the use of the technology which she said is unethical and affects consumer’s trust. </p> <p dir="ltr">“Using facial recognition technology in this way is similar to Kmart, Bunnings or The Good Guys collecting your fingerprints or DNA every time you shop,” she went on. </p> <p dir="ltr">“Businesses using invasive technologies to capture their customers’ sensitive biometric information is unethical and is a sure way to erode consumer trust.”</p> <p dir="ltr">After conducting a survey, CHOICE found that four in five respondents agreed that retailers must inform consumers about the use of facial recognition.</p> <p dir="ltr">Four in five people had concerns about how the biometric data was stored, and three in four respondents were concerned that retailers would use the data to create customer profiles for marketing or profit purposes. </p> <p dir="ltr">“CHOICE observed that Kmart and Bunnings display small signs at the entrance of stores where the technology is in use. However, discreet signage and online privacy policies are not nearly enough to adequately inform shoppers that this controversial technology is in use,” Ms Bower said. </p> <p dir="ltr">“The technology is capturing highly personal data from customers, including infants and children.</p> <p dir="ltr">“CHOICE is concerned that Australian businesses are using facial recognition technology on consumers before Australians have had their say on its use in our community. </p> <p dir="ltr">“With the government currently undergoing a review of the Privacy Act, now is the perfect time to strengthen measures around the capture and use of consumer data, including biometric data.” </p> <p dir="ltr"><em>Images: Shutterstock/Twitter</em></p>

Technology

Placeholder Content Image

Data visualisations made more accessible to screen reader users

<p>A type of assistive technology, screen readers are software programs that scan the contents of a computer screen and transform it into a different format – like synthesised voice or Braille – for people with complete or partial blindness, learning disabilities, or motion sensitivity.</p> <p>Now, scientists from the University of Washington (UW) in the US have designed a JavaScript plugin called VoxLens that allows people to better interact with these visualisations.</p> <p>VoxLens allows screen reader users to gain a high-level summary of the information described in a graph, listen to said graph translated into sound, or use voice-activated commands to ask specific questions about the data, such as the mean or the minimum value.</p> <p>The team presented their <a href="https://dl.acm.org/doi/fullHtml/10.1145/3491102.3517431" target="_blank" rel="noreferrer noopener">research</a> last month at the <a href="https://programs.sigchi.org/chi/2022" target="_blank" rel="noreferrer noopener">ACM CHI Conference on Human Factors in Computing Systems</a> in New Orleans in the US.</p> <figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"> <div class="wp-block-embed__wrapper"> <div class="entry-content-asset"> <div class="embed-wrapper"> <div class="inner"><iframe title="VoxLens - Paper Summary and Demo Video" src="https://www.youtube.com/embed/o1R-5D2WS4s?feature=oembed" width="500" height="281" frameborder="0" allowfullscreen="allowfullscreen"></iframe></div> </div> </div> </div> </figure> <p>“If I’m looking at a graph, I can pull out whatever information I am interested in – maybe it’s the overall trend or maybe it’s the maximum,” says lead author Ather Sharif, a doctoral student in the Paul G. Allen School of Computer Science &amp; Engineering at UW.</p> <p>“Right now, screen reader users either get very little or no information about online visualisations, which, in light of the COVID-19 pandemic, can sometimes be a matter of life and death. The goal of our project is to give screen reader users a platform where they can extract as much or as little information as they want.”</p> <p>The difficulty with translating graphs, according to co-senior author Jacob O. Wobbrock, a professor of information at UW, comes from deciphering information with no clear beginning and end.</p> <div class="newsletter-box"> <div id="wpcf7-f6-p193459-o1" class="wpcf7" dir="ltr" lang="en-US" role="form"> <form class="wpcf7-form mailchimp-ext-0.5.61 spai-bg-prepared init" action="/technology/voxlens-accessibility-screen-readers/#wpcf7-f6-p193459-o1" method="post" novalidate="novalidate" data-status="init"> <p style="display: none !important;"><span class="wpcf7-form-control-wrap referer-page"><input class="wpcf7-form-control wpcf7-text referer-page spai-bg-prepared" name="referer-page" type="hidden" value="https://www.google.com/" data-value="https://www.google.com/" aria-invalid="false" /></span></p> <p><!-- Chimpmail extension by Renzo Johnson --></form> </div> </div> <p>“There is a start and an end of a sentence and everything else comes in between,” he explains. “But as soon as you move things into two dimensional spaces, such as visualisations, there’s no clear start and finish.</p> <p>“It’s just not structured in the same way, which means there’s no obvious entry point or sequencing for screen readers.”</p> <p><strong>Working with screen reader users to improve accessibility</strong></p> <p>The team worked with screen reader users who had partial or complete blindness when designing and testing the tool. During the testing phase, participants learned how to use VoxLens and then completed nine tasks, each of which involved answering questions about a data visualisation.</p> <p>The researchers found that participants completed the tasks with 122% increased accuracy and 36% decreased interaction time, compared to participants of a previous study who hadn’t had access to VoxLens.</p> <p>“We want people to interact with a graph as much as they want, but we also don’t want them to spend an hour trying to find what the maximum is,” says Sharif. “In our study, interaction time refers to how long it takes to extract information, and that’s why reducing it is a good thing.”</p> <p>VoxLens can be implanted easily by data visualisation designers with a single line of code. Right now it only works for visualisations created using <a href="https://www.javascript.com/" target="_blank" rel="noreferrer noopener">JavaScript</a> libraries – such as <a href="https://d3js.org/" target="_blank" rel="noreferrer noopener">D3</a>, <a href="https://www.chartjs.org/" target="_blank" rel="noreferrer noopener">chart.js</a> or <a href="https://www.google.com.au/sheets/about/" target="_blank" rel="noreferrer noopener">Google Sheets</a> – but the team is working towards expanding to other popular platforms.</p> <p>“This work is part of a much larger agenda for us – removing bias in design,” adds co-senior author Katharina Reinecke, associate professor in the Paul G. Allen School of Computer Science &amp; Engineering at UW. “When we build technology, we tend to think of people who are like us and who have the same abilities as we do.</p> <p>“For example, D3 has really revolutionised access to visualisations online and improved how people can understand information. But there are values ingrained in it and people are left out. It’s really important that we start thinking more about how to make technology useful for everybody.”</p> <p><!-- Start of tracking content syndication. Please do not remove this section as it allows us to keep track of republished articles --></p> <p><img id="cosmos-post-tracker" style="opacity: 0; height: 1px!important; width: 1px!important; border: 0!important; position: absolute!important; z-index: -1!important;" src="https://syndication.cosmosmagazine.com/?id=193459&amp;title=Data+visualisations+made+more+accessible+to+screen+reader+users" width="1" height="1" /></p> <p><!-- End of tracking content syndication --></p> <div id="contributors"> <p><em><a href="https://cosmosmagazine.com/technology/voxlens-accessibility-screen-readers/" target="_blank" rel="noopener">This article</a> was originally published on <a href="https://cosmosmagazine.com" target="_blank" rel="noopener">Cosmos Magazine</a> and was written by <a href="https://cosmosmagazine.com/contributor/imma-perfetto" target="_blank" rel="noopener">Imma Perfetto</a>. Imma Perfetto is a science writer at Cosmos. She has a Bachelor of Science with Honours in Science Communication from the University of Adelaide.</em></p> <p><em>Image: Getty Images</em></p> </div>

Technology

Placeholder Content Image

ACCC says consumers need more choices about what online marketplaces are doing with their data

<p>Consumers using online retail marketplaces such as eBay and Amazon “have little effective choice in the amount of data they share”, according to the <a href="https://www.accc.gov.au/publications/serial-publications/digital-platform-services-inquiry-2020-2025/digital-platform-services-inquiry-march-2022-interim-report" target="_blank" rel="noopener">latest report</a> of the Australian Competition &amp; Consumer Commission (ACCC) Digital Platform Services Inquiry.</p> <p>Consumers may benefit from personalisation and recommendations in these marketplaces based on their data, but many are in the dark about how much personal information these companies collect and share for other purposes.</p> <p><a href="https://www.accc.gov.au/media-release/concerning-issues-for-consumers-and-sellers-on-online-marketplaces" target="_blank" rel="noopener">ACCC chair Gina Cass-Gottlieb</a> said:</p> <blockquote> <p>We believe consumers should be given more information about, and control over, how online marketplaces collect and use their data.</p> </blockquote> <p>The report reiterates the ACCC’s earlier calls for amendments to the Australian Consumer Law to address unfair data terms and practices. It also points out that the government is considering <a href="https://www.ag.gov.au/integrity/consultations/review-privacy-act-1988" target="_blank" rel="noopener">proposals for major changes to privacy law</a>.</p> <p>However, none of these proposals is likely to come into effect in the near future. In the meantime, we should also consider whether practices such as obtaining information about users from third-party data brokers are fully compliant with existing privacy law.</p> <p><strong>Why did the ACCC examine online marketplaces?</strong></p> <p>The ACCC examined competition and consumer issues associated with “general online retail marketplaces” as part of its <a href="https://www.accc.gov.au/focus-areas/inquiries-ongoing/digital-platform-services-inquiry-2020-2025" target="_blank" rel="noopener">five-year Digital Platform Services Inquiry</a>.</p> <p>These marketplaces facilitate transactions between third-party sellers and consumers on a common platform. They do not include retailers that don’t operate marketplaces, such as Kmart, or platforms such as Gumtree that carry classified ads but don’t allow transactions.</p> <p>The ACCC report focuses on the four largest online marketplaces in Australia: Amazon Australia, Catch, eBay Australia and Kogan. In 2020–21, these four carried sales totalling $8.4 billion.</p> <figure class="align-center "><em><img src="https://images.theconversation.com/files/460716/original/file-20220502-18-4pvx0.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px" srcset="https://images.theconversation.com/files/460716/original/file-20220502-18-4pvx0.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=600&amp;h=401&amp;fit=crop&amp;dpr=1 600w, https://images.theconversation.com/files/460716/original/file-20220502-18-4pvx0.jpg?ixlib=rb-1.1.0&amp;q=30&amp;auto=format&amp;w=600&amp;h=401&amp;fit=crop&amp;dpr=2 1200w, https://images.theconversation.com/files/460716/original/file-20220502-18-4pvx0.jpg?ixlib=rb-1.1.0&amp;q=15&amp;auto=format&amp;w=600&amp;h=401&amp;fit=crop&amp;dpr=3 1800w, https://images.theconversation.com/files/460716/original/file-20220502-18-4pvx0.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;h=503&amp;fit=crop&amp;dpr=1 754w, https://images.theconversation.com/files/460716/original/file-20220502-18-4pvx0.jpg?ixlib=rb-1.1.0&amp;q=30&amp;auto=format&amp;w=754&amp;h=503&amp;fit=crop&amp;dpr=2 1508w, https://images.theconversation.com/files/460716/original/file-20220502-18-4pvx0.jpg?ixlib=rb-1.1.0&amp;q=15&amp;auto=format&amp;w=754&amp;h=503&amp;fit=crop&amp;dpr=3 2262w" alt="" /></em><figcaption><em><span class="caption">Online marketplaces such as Amazon, eBay, Catch and Kogan facilitate transactions between third-party buyers and sellers.</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/new-york-usa-november-1-2018-1219079038" target="_blank" rel="noopener">Shutterstock</a></span></em></figcaption></figure> <p>According to the report, eBay has the largest sales of these companies. Amazon Australia is the second-largest and the fastest-growing, with an 87% increase in sales over the past two years.</p> <p>The ACCC examined:</p> <ul> <li>the state of competition in the relevant markets</li> <li>issues facing sellers who depend on selling their products through these marketplaces</li> <li>consumer issues including concerns about personal information collection, use and sharing.</li> </ul> <p><strong>Consumers don’t want their data used for other purposes</strong></p> <p>The ACCC expressed concern that in online marketplaces, “the extent of data collection, use and disclosure … often does not align with consumer preferences”.</p> <p>The Commission pointed to surveys about <a href="https://www.accc.gov.au/system/files/Consumer%20Policy%20Research%20Centre%20%28CPRC%29%20%2818%20August%202021%29.pdf" target="_blank" rel="noopener">Australian consumer attitudes to privacy</a> which indicate:</p> <ul> <li>94% did not feel comfortable with how digital platforms including online marketplaces collect their personal information</li> <li>92% agreed that companies should only collect information they need for providing their product or service</li> <li>60% considered it very or somewhat unacceptable for their online behaviour to be monitored for targeted ads and offers.</li> </ul> <p>However, the four online marketplaces analysed:</p> <ul> <li>do not proactively present privacy terms to consumers “throughout the purchasing journey”</li> <li>may allow advertisers or other third parties to place tracking cookies on users’ devices</li> <li>do not clearly identify how consumers can opt out of cookies while still using the marketplace.</li> </ul> <p>Some of the marketplaces also obtain extra data about individuals from third-party data brokers or advertisers.</p> <p>The <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3432769" target="_blank" rel="noopener">harms from increased tracking and profiling</a> of consumers include decreased privacy; manipulation based on detailed profiling of traits and weaknesses; and discrimination or exclusion from opportunities.</p> <p><strong>Limited choices: you can’t just ‘walk out of a store’</strong></p> <p>Some might argue that consumers must not actually care that much about privacy if they keep using these companies, but the choice is not so simple.</p> <p>The ACCC notes the relevant privacy terms are often spread across multiple web pages and offered on a “take it or leave it” basis.</p> <p>The terms also use “bundled consents”. This means that agreeing to the company using your data to fill your order, for example, may be bundled together with agreeing for the company to use your data for its separate advertising business.</p> <p>Further, as my research has shown, there is <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3905693" target="_blank" rel="noopener">so little competition on privacy</a> between these marketplaces that consumers can’t just find a better offer. The ACCC agrees:</p> <blockquote> <p>While consumers in Australia can choose between a number of online marketplaces, the common approaches and practices of the major online marketplaces to data collection and use mean that consumers have little effective choice in the amount of data they share.</p> </blockquote> <p>Consumers also seem unable to require these companies to delete their data. The situation is quite different from conventional retail interactions where a consumer can select “unsubscribe” or walk out of a store.</p> <p><strong>Does our privacy law currently permit all these practices?</strong></p> <p>The ACCC has reiterated its earlier calls to amend the Australian Consumer Law to prohibit unfair practices and make unfair contract terms illegal. (At present unfair contract terms are just void, or unenforceable.)</p> <p>The report also points out that the government is considering proposals for major changes to privacy law, but <a href="https://theconversation.com/a-new-proposed-privacy-code-promises-tough-rules-and-10-million-penalties-for-tech-giants-170711" target="_blank" rel="noopener">these changes</a> are uncertain and may take more than a year to come into effect.</p> <p>In the meantime, we should look more closely at the practices of these marketplaces under current privacy law.</p> <p>For example, under the <a href="https://www.legislation.gov.au/Series/C2004A03712" target="_blank" rel="noopener">federal Privacy Act</a> the four marketplaces</p> <blockquote> <p>must collect personal information about an individual only from the individual unless … it is unreasonable or impracticable to do so.</p> </blockquote> <p>However, <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3905693" target="_blank" rel="noopener">some online marketplaces</a> say they collect information about individual consumers’ interests and demographics from “<a href="https://www.ebay.com.au/help/policies/member-behaviour-policies/user-privacy-notice-privacy-policy?id=4260&amp;mkevt=1&amp;mkcid=1&amp;mkrid=705-53470-19255-0&amp;campid=5338596835&amp;customid=&amp;toolid=10001#section4" target="_blank" rel="noopener">data providers</a>” and <a href="https://www.amazon.com.au/gp/help/customer/display.html?nodeId=202075050&amp;ref_=footer_iba" target="_blank" rel="noopener">other third parties</a>.</p> <p>We don’t know the full detail of what’s collected, but demographic information might include our age range, income, or family details.</p> <p>How is it “unreasonable or impracticable” to obtain information about our demographics and interests directly from us? Consumers could ask online marketplaces this question, and complain to the <a href="https://www.oaic.gov.au/privacy/privacy-complaints" target="_blank" rel="noopener">Office of the Australian Information Commissioner</a> if there is no reasonable answer.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/182134/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/katharine-kemp-402096" target="_blank" rel="noopener">Katharine Kemp</a>, Senior Lecturer, Faculty of Law &amp; Justice, UNSW, <a href="https://theconversation.com/institutions/unsw-sydney-1414" target="_blank" rel="noopener">UNSW Sydney</a></em></p> <p><em>This article is republished from <a href="https://theconversation.com" target="_blank" rel="noopener">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/accc-says-consumers-need-more-choices-about-what-online-marketplaces-are-doing-with-their-data-182134" target="_blank" rel="noopener">original article</a>.</em></p> <p><em>Image: Getty Images</em></p>

Technology

Placeholder Content Image

How does Spotify use your data? Even experts aren’t sure

<p dir="ltr">Spotify has revolutionised the music industry, and its ability to recommend music tailored to your personal taste has been a standout feature.</p> <p dir="ltr">But it isn’t the only app to provide this kind of personalised experience, with Artificial Intelligence being used to create your personalised newsfeeds on Facebook and Twitter, recommend purchases on Amazon, or even the order of search results on Google.</p> <p dir="ltr">To achieve this, these apps and websites use our data in their recommendation algorithms - but they are so secretive about these algorithms that we don’t fully know how they work.</p> <p dir="ltr">In a search for answers, a team of New Zealand legal and music experts <a href="https://www.scimex.org/newsfeed/tinder-and-spotifys-fine-print-arent-clear-about-how-they-use-our-data-for-recs" target="_blank" rel="noopener">pored over</a> several versions of the privacy policies and Terms of Use used by Spotify and Tinder to determine how our data is being used as new features have been rolled out.</p> <p dir="ltr">Their work, published in the <em><a href="https://doi.org/10.1080/03036758.2022.2064517" target="_blank" rel="noopener">Journal of the Royal Society of New Zealand</a></em>, found that Spotify’s privacy policy has nearly doubled since its launch in 2012, which reflects an increase in the amount of data the platform now collects.</p> <p dir="ltr"><strong>The algorithm hungers for data</strong></p> <p dir="ltr">Originally, Spotify collected basic information such as the kinds of songs played, the playlists created, and the email address, age, gender, and location of a user, as well as their profile picture, and the pictures and names of their Facebook friends if their profile was linked.</p> <p dir="ltr">In the 2021 policy, Spotify collects voice data, users’ photos, and location data - and the team of experts have connected this expansion to the patents the company owns.</p> <p dir="ltr">That same year, “Spotify was granted a patent that allows the company to promote ‘personalised content’ based on the ‘personality traits’ it detects from voice data and background noise,” the authors wrote, suggesting the algorithm has changed to capture voice data.</p> <p dir="ltr">As for its Terms of Use, the authors found both Spotify and Tinder used ambiguous wording and vague language, despite expectations that it would be somewhat transparent because it is a legal agreement between the platform and its users.</p> <p dir="ltr">They noted that the opaque style of the Terms of Use made analysis more difficult.</p> <p dir="ltr">Despite this, they found that from 2015, Spotify’s recommendations were also influenced by “commercial considerations”, including third-party agreements Spotify had with other companies.</p> <p dir="ltr">The team of experts argue that this particular change “provides ample room for the company to legally highlight content to a specific user based on a commercial agreement”.</p> <p dir="ltr">Meanwhile, Spotify has also started offering artists the option to lower their royalty rate “in exchange for an increased number of recommendations”.</p> <p dir="ltr">Taken together, the authors argue that this means that the playlists made specifically for us could be influenced by factors outside of our control, “like commercial deals with artists and labels”.</p> <p dir="ltr"><strong>Users deserve answers</strong></p> <p dir="ltr">Though they made these findings, the authors note that some will still be speculative while companies stay tight-lipped about how their algorithms work.</p> <p dir="ltr">“When companies are uncooperative, and typical academic inquiry cannot be complete without breaching contractual agreements, we maintain that scholarly investigation can have a speculative character,” they wrote.</p> <p dir="ltr">“This suggestion does not mean that a less academic rigour can be expected or granted about making assumptions on the basis of partial, observable data. Instead, we propose that it is the companies’ remit and burden to refute such assumptions and communicating the clarity of their systems.”</p> <p dir="ltr">With many of us using services like Spotify, Tinder, Google and Amazon on a daily basis, it’s up to these companies to become more transparent in how they use our information with the understanding that we deserve to know what happens to the data that makes us, us.</p> <p><span id="docs-internal-guid-22451cbe-7fff-7512-7ed6-c621fbd456c7"></span></p> <p dir="ltr"><em>Image: Getty Images</em></p>

Technology

Our Partners