Placeholder Content Image

Why do organisations still struggle to protect our data? We asked 50 professionals on the privacy front line

<div class="theconversation-article-body"> <p><em><a href="https://theconversation.com/profiles/jane-andrew-10314">Jane Andrew</a>, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a>; <a href="https://theconversation.com/profiles/dr-penelope-bowyer-pont-1550191">Dr Penelope Bowyer-Pont</a>, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a>, and <a href="https://theconversation.com/profiles/max-baker-25553">Max Baker</a>, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a></em></p> <p>More of our personal data is now collected and stored online than ever before in history. The rise of data breaches should unsettle us all.</p> <p>At an individual level, data breaches can compromise our privacy, cause harm to our finances and mental health, and even enable identity theft.</p> <p>For organisations, the repercussions can be equally severe, often resulting in major financial losses and brand damage.</p> <p>Despite the increasing importance of protecting our personal information, doing so remains fraught with challenges.</p> <p>As part of a <a href="http://www.doi.org/10.25910/psq3-q365">comprehensive study</a> of data breach notification practices, we interviewed 50 senior personnel working in information security and privacy. Here’s what they told us about the multifaceted challenges they face.</p> <h2>What does the law actually say?</h2> <p>Data breaches occur whenever personal information is accessed or disclosed without authorisation, or even lost altogether. <a href="https://www.abc.net.au/news/2024-06-20/optus-hack/104002682">Optus</a>, <a href="https://www.abc.net.au/news/2022-11-09/medibank-data-release-dark-web-hackers/101632088">Medibank</a> and <a href="https://www.afr.com/technology/canva-criticised-after-data-breach-exposed-139m-user-details-20190526-p51r8i">Canva</a> have all experienced high-profile incidents in recent years.</p> <p>Under Australia’s <a href="https://www8.austlii.edu.au/cgi-bin/viewdb/au/legis/cth/consol_act/pa1988108/">privacy laws</a>, organisations aren’t allowed to sweep major cyber attacks under the rug.</p> <p>They have to notify both the regulator – the Office of the Australian Information Commissioner (OAIC) – and any affected individuals of breaches that are likely to result in “<a href="https://www8.austlii.edu.au/cgi-bin/viewdb/au/legis/cth/consol_act/pa1988108/#:%7E:text=Whether%20access%20or%20disclosure%20would%20be%20likely%2C%20or%20would%20not%20be%20likely%2C%20to%20result%20in%20serious%20harm%2D%2Drelevant%20matters%20%C2%A0">serious harm</a>”.</p> <p>But according to the organisational leaders we interviewed, this poses a tricky question. How do you define serious harm?</p> <p>Interpretations of what “serious harm” actually means – and how likely it is to occur – vary significantly. This inconsistency can make it impossible to predict the specific impact of a data breach on an individual.</p> <p>Victims of domestic violence, for example, may be at increased risk when personal information is exposed, creating harms that are difficult to foresee or mitigate.</p> <h2>Enforcing the rules</h2> <p>Interviewees also had concerns about how well the regulator could provide guidance and enforce data protection measures.</p> <p>Many expressed a belief the OAIC is underfunded and lacks the authority to impose and enforce fines properly. The consensus was that the challenge of protecting our data has now outgrown the power and resources of the regulator.</p> <p>As one chief information security officer at a publicly listed company put it:</p> <blockquote> <p>What’s the point of having speeding signs and cameras if you don’t give anyone a ticket?</p> </blockquote> <p>A lack of enforcement can undermine the incentive for organisations to invest in robust data protection.</p> <h2>Only the tip of the iceberg</h2> <p>Data breaches are also underreported, particularly in the corporate sector.</p> <p>One senior cybersecurity consultant from a major multinational company told us there is a strong incentive for companies to minimise or cover up breaches, to avoid embarrassment.</p> <p>This culture means many breaches that should be reported simply aren’t. One senior public servant estimated only about 10% of reportable breaches end up actually being disclosed.</p> <p>Without this basic transparency, the regulator and affected individuals can’t take necessary steps to protect themselves.</p> <h2>Third-party breaches</h2> <p>Sometimes, when we give our personal information to one organisation, it can end up in the hands of another one we might not expect. This is because key tasks – especially managing databases – are often outsourced to third parties.</p> <p>Outsourcing tasks might be a more efficient option for an organisation, but it can make protecting personal data even more complicated.</p> <p>Interviewees told us breaches were more likely when engaging third-party providers, because it limited the control they had over security measures.</p> <p>Between July and December 2023 in Australia, there was an increase of <a href="https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-publications/notifiable-data-breaches-report-july-to-december-2023">more than 300%</a> in third-party data breaches compared to the six months prior.</p> <p>There have been some highly publicised examples.</p> <p>In May this year, many Clubs NSW customers had their personal information potentially <a href="https://www.rimpa.com.au/resource/more-than-a-million-australian-data-records-potentially-exposed-in-nsw-club-and-pub-data-breach.html#:%7E:text=Outabox%2C%20the%20IT%20services%20provider,and%20has%20notified%20law%20enforcement">breached</a> through an attack on third-party software provider Outabox.</p> <p>Bunnings suffered a <a href="https://australiancybersecuritymagazine.com.au/bunnings-customer-data-compromised/">similar breach</a> in late 2021, via an attack on scheduling software provider FlexBooker.</p> <h2>Getting the basics right</h2> <p>Some organisations are still struggling with the basics. Our research found many data breaches occur because outdated or “legacy” data systems are still in use.</p> <p>These systems are old or inactive databases, often containing huge amounts of personal information about all the individuals who’ve previously interacted with them.</p> <p>Organisations tend to hold onto personal data longer than is legally required. This can come down to confusion about data-retention requirements, but also the high cost and complexity of safely decommissioning old systems.</p> <p>One chief privacy officer of a large financial services institution told us:</p> <blockquote> <p>In an organisation like ours where we have over 2,000 legacy systems […] the systems don’t speak to each other. They don’t come with big red delete buttons.</p> </blockquote> <p>Other interviewees flagged that risky data testing practices are widespread.</p> <p>Software developers and tech teams often use “production data” – real customer data – to test new products. This is often quicker and cheaper than creating test datasets.</p> <p>However, this practice exposes real customer information to insecure testing environments, making it more vulnerable. A senior cybersecurity specialist told us:</p> <blockquote> <p>I’ve seen it so much in every industry […] It’s literally live, real information going into systems that are not live and real and have low security.</p> </blockquote> <h2>What needs to be done?</h2> <p>Drawing insights from professionals at the coalface, our study highlights just how complex data protection has become in Australia, and how quickly the landscape is evolving.</p> <p>Addressing these issues will require a multi-pronged approach, including clearer legislative guidelines, better enforcement, greater transparency and robust security practices for the use of third-party providers.</p> <p>As the digital world continues to evolve, so too must our strategies for protecting ourselves and our data.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/236681/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/jane-andrew-10314">Jane Andrew</a>, Professor, Head of the Discipline of Accounting, Governance and Regulation, University of Sydney Business School, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a>; <a href="https://theconversation.com/profiles/dr-penelope-bowyer-pont-1550191">Dr Penelope Bowyer-Pont</a>, Researcher, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a>, and <a href="https://theconversation.com/profiles/max-baker-25553">Max Baker</a>, Associate professor, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a></em></p> <p><em>Image credits: Shutterstock </em></p> <p><em>This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/why-do-organisations-still-struggle-to-protect-our-data-we-asked-50-professionals-on-the-privacy-front-line-236681">original article</a>.</em></p> </div>

Legal

Placeholder Content Image

Australia to introduce new "gold standard" in ID verification

<p>The Australian government is set to introduce a new "gold standard" in ID verification that will protect valuable information from potential data leaks. </p> <p>Government Services Minister Bill Shorten will is set to use his address to the National Press Club on Tuesday to announce the national Trust Exchange, or TEx program, which is currently at the “proof-of-concept stage”, and is slated to be rolled out at the end of the year. </p> <p>The program will connect to a user's MyGov Wallet or digital ID without the need to hand over any documents, allowing businesses to verify your identity using a government-issued QR code.</p> <p>The QR codes could be used for job applications, hotel bookings, or entry into a pub or RSL clubs, eliminating the need to hand over physical driver's licenses or passports.</p> <p>The technology will store information such as someone’s date-of-birth, address, citizenship, visa status, qualifications, occupational licences or working with children check, and other information already held by the government.</p> <p>"Services Australia is partnering with other government systems to develop TEx which would give Australians the ability to verify their identity and credentials based on official information already held by the Australian Government," Shorten is set to say in his National Press Club speech.</p> <p>"That means sharing only the personal information to get the job done, and in some cases, not handing over any personal information at all."</p> <p>“You control what details are exchanged. You then have in your wallet a record of sharing, say, your passport and trade certificate with your employer.”</p> <p>Shorten will say codes "digitally shake hands with your myGov wallet," leaving you with a record in your account of what you shared, and who you shared it with.</p> <p>"All that has been exchanged has been a digital 'thumbs up' from the Government that you are who you say you are," Shorten will say.</p> <p><em>Image credits: Shutterstock </em></p>

Legal

Placeholder Content Image

Worried your address, birth date or health data is being sold? You should be – and the law isn’t protecting you

<div class="theconversation-article-body"><em><a href="https://theconversation.com/profiles/katharine-kemp-402096">Katharine Kemp</a>, <a href="https://theconversation.com/institutions/unsw-sydney-1414">UNSW Sydney</a></em></p> <p>Australians don’t know and can’t control how data brokers are spreading their personal information. This is the core finding of a newly <a href="https://www.accc.gov.au/system/files/Digital-platform-services-inquiry-March-2024-interim-report.pdf">released report</a> from the Australian Competition and Consumer Commission (ACCC).</p> <p>Consumers wanting to rent a property, get an insurance quote or shop online are not given real choices about whether their personal data is shared for other purposes. This exposes Australians to scams, fraud, manipulation and discrimination.</p> <p>In fact, <a href="https://www.accc.gov.au/media-release/consumers-lack-visibility-and-choice-over-data-collection-practices">many don’t even know</a> what kind of data has been collected about them and shared or sold by data firms and other third parties.</p> <p>Our privacy laws are due for reform. But Australia’s privacy commissioner <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4224653">should also enforce</a> an existing rule: with very limited exceptions, businesses must not collect information about you from third parties.</p> <h2>What are data brokers?</h2> <p><a href="https://cprc.org.au/wp-content/uploads/2024/02/CPRC-Singled-Out-Final-Feb-2024.pdf">Data brokers</a> generally make their profits by collecting information about individuals from various sources and sharing this personal data with their many business clients. This can include detailed profiles of a person’s family, health, finances and movements.</p> <p>Data brokers often have no connection with the individual – you may not even recognise the name of a firm that holds vast amounts of information on you. Some of these data brokers are large multinational companies with billions of dollars in revenue.</p> <p>Consumer and privacy advocates provided the ACCC with evidence of highly concerning data broker practices. <a href="https://www.accc.gov.au/system/files/Salinger%20Privacy.pdf">One woman</a> tried to find out how data brokers had got hold of her information after receiving targeted medical advertising.</p> <p>Although she never discovered how they obtained her data, she found out it included her name, date of birth and contact details. It also included inferences about her, such as her retiree status, having no children, not having “high affluence” and being likely to donate to a charity.</p> <p>ACCC found another data broker was reportedly creating lists of individuals who may be experiencing vulnerability. The categories included:</p> <ul> <li>children, teenage girls and teenage boys</li> <li>“financially unsavvy” people</li> <li>elderly people living alone</li> <li>new migrants</li> <li>religious minorities</li> <li>unemployed people</li> <li>people in financial distress</li> <li>new migrants</li> <li>people experiencing pain or who have visited certain medical facilities.</li> </ul> <p>These are all potential vulnerabilities that could be exploited, for example, by scammers or unscrupulous advertisers.</p> <h2>How do they get this information?</h2> <p>The ACCC notes <a href="https://cprc.org.au/wp-content/uploads/2023/03/CPRC-working-paper-Not-a-fair-trade-March-2025.pdf">74% of Australians are uncomfortable</a> with their personal information being shared or sold.</p> <p>Nonetheless, data brokers sell and share Australian consumers’ personal information every day. Businesses we deal with – for example, when we buy a car or search for natural remedies on an online marketplace – both buy data about us from data brokers and provide them with more.</p> <p>The ACCC acknowledges consumers haven’t been given a choice about this.</p> <p>Attempting to read every privacy term is near impossible. The ACCC referred to a recent study which found it would take consumers <a href="https://www.mi-3.com.au/06-11-2023/aussies-face-10-hour-privacy-policy-marathon-finds-study">over 46 hours a month</a> to read every privacy policy they encounter.</p> <figure class="align-center zoomable"><a href="https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&amp;q=45&amp;auto=format&amp;w=1000&amp;fit=clip"><img src="https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px" srcset="https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&amp;q=45&amp;auto=format&amp;w=600&amp;h=131&amp;fit=crop&amp;dpr=1 600w, https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&amp;q=30&amp;auto=format&amp;w=600&amp;h=131&amp;fit=crop&amp;dpr=2 1200w, https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&amp;q=15&amp;auto=format&amp;w=600&amp;h=131&amp;fit=crop&amp;dpr=3 1800w, https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;h=165&amp;fit=crop&amp;dpr=1 754w, https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&amp;q=30&amp;auto=format&amp;w=754&amp;h=165&amp;fit=crop&amp;dpr=2 1508w, https://images.theconversation.com/files/595623/original/file-20240522-23-2zkuc.png?ixlib=rb-4.1.0&amp;q=15&amp;auto=format&amp;w=754&amp;h=165&amp;fit=crop&amp;dpr=3 2262w" alt="" /></a><figcaption><span class="caption">The approximate length and time it would take to read an average privacy policy in Australia per month.</span> <span class="attribution"><a class="source" href="https://www.accc.gov.au/about-us/publications/serial-publications/digital-platform-services-inquiry-2020-25-reports/digital-platform-services-inquiry-interim-report-march-2024">ACCC Digital Platform Services Inquiry interim report</a></span></figcaption></figure> <p>Even if you could read every term, you still wouldn’t get a clear picture. Businesses use <a href="https://cprc.org.au/wp-content/uploads/2024/02/CPRC-Singled-Out-Final-Feb-2024.pdf">vague wording</a> and data descriptions which <a href="https://theconversation.com/70-of-australians-dont-feel-in-control-of-their-data-as-companies-hide-behind-meaningless-privacy-terms-224072">confuse consumers</a> and have no fixed meaning. These include “pseudonymised information”, “hashed email addresses”, “aggregated information” and “advertising ID”.</p> <p>Privacy terms are also presented on a “take it or leave it” basis, even for transactions like applying for a rental property or buying insurance.</p> <p>The ACCC pointed out 41% of Australians feel they have been <a href="https://www.choice.com.au/consumers-and-data/data-collection-and-use/how-your-data-is-used/articles/choice-renttech-report-release">pressured to use “rent tech” platforms</a>. These platforms collect an increasing range of information with questionable connection to renting.</p> <h2>A first for Australian consumers</h2> <p>This is the first time an Australian regulator has made an in-depth report on the consumer data practices of data brokers, which are generally hidden from consumers. It comes <a href="https://www.ftc.gov/system/files/documents/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014/140527databrokerreport.pdf">ten years after</a> the United States Federal Trade Commission (FTC) conducted a similar inquiry into data brokers in the US.</p> <p>The ACCC report examined the data practices of nine data brokers and other “data firms” operating in Australia. (It added the term “data firms” because some companies sharing data about people argue that they are not data brokers.)</p> <p>A big difference between the Australian and the US reports is that the FTC is both the consumer watchdog and the <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2312913">privacy regulator</a>. As our competition and consumer watchdog, the ACCC is meant to focus on competition and consumer issues.</p> <p>We also need our privacy regulator, the Office of the Australian Information Commissioner (OAIC), to pay attention to these findings.</p> <h2>There’s a law against that</h2> <p>The ACCC report shows many examples of businesses collecting personal information about us from third parties. For example, you may be a customer of a business that only has your name and email address. But that business can purchase “<a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4224653">data enrichment</a>” services from a data broker to find out your age range, income range and family situation.</p> <p>The <a href="https://www.legislation.gov.au/C2004A03712/latest/text">current Privacy Act</a> includes <a href="https://www.oaic.gov.au/privacy/australian-privacy-principles/read-the-australian-privacy-principles">a principle</a> that organisations must collect personal information only from the individual (you) unless it is unreasonable or impracticable to do so. “Impracticable” means practically impossible. This is the direct collection rule.</p> <p>Yet there is no reported case of the privacy commissioner enforcing the direct collection rule against a data broker or its business customers. Nor has the OAIC issued any specific guidance in this respect. It should do both.</p> <h2>Time to update our privacy laws</h2> <p>Our privacy law was drafted in 1988, long before this complex web of digital data practices emerged. Privacy laws in places such as California and the European Union provide much stronger protections.</p> <p>The government has <a href="https://ministers.ag.gov.au/media-centre/speeches/privacy-design-awards-2024-02-05-2024">announced</a> it plans to introduce a privacy law reform bill this August.</p> <p>The ACCC report reinforces the need for vital amendments, including a direct right of action for individuals and a rule requiring dealings in personal information to be “fair and reasonable”.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/230540/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/katharine-kemp-402096">Katharine Kemp</a>, Associate Professor, Faculty of Law &amp; Justice, <a href="https://theconversation.com/institutions/unsw-sydney-1414">UNSW Sydney</a></em></p> <p><em>Image credits: Shutterstock</em></p> <p><em>This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/worried-your-address-birth-date-or-health-data-is-being-sold-you-should-be-and-the-law-isnt-protecting-you-230540">original article</a>.</em></p> </div>

Legal

Placeholder Content Image

Attempts to access Kate Middleton’s medical records are no surprise. Such breaches are all too common

<p><a href="https://theconversation.com/profiles/bruce-baer-arnold-1408">Bruce Baer Arnold</a>, <em><a href="https://theconversation.com/institutions/university-of-canberra-865">University of Canberra</a></em></p> <p>The <a href="https://www.abc.net.au/news/2024-03-20/claim-hospital-staff-tried-to-access-kate-middleton-health-info/103608066">alleged</a> data breach involving Catherine, Princess of Wales tells us something about health privacy. If hospital staff can apparently access a future queen’s medical records without authorisation, it can happen to you.</p> <p>Indeed it may have already happened to you, given many breaches of health data go under the radar.</p> <p>Here’s why breaches of health data keep on happening.</p> <h2>What did we learn this week?</h2> <p>Details of the alleged data breaches, by <a href="https://www.mirror.co.uk/news/royals/breaking-kate-middleton-three-london-32401247">up to three staff</a> at The London Clinic, emerged in the UK media this week. These breaches are alleged to have occurred after the princess had abdominal surgery at the private hospital earlier this year.</p> <p>The UK Information Commissioner’s Office <a href="https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2024/03/ico-statement-in-response-to-reports-of-data-breach-at-the-london-clinic/">is investigating</a>. Its report should provide some clarity about what medical data was improperly accessed, in what form and by whom. But it is unlikely to identify whether this data was given to a third party, such as a media organisation.</p> <h2>Health data isn’t always as secure as we’d hope</h2> <p>Medical records are inherently sensitive, providing insights about individuals and often about biological relatives.</p> <p>In an ideal world, only the “right people” would have access to these records. These are people who “need to know” that information and are aware of the responsibility of accessing it.</p> <p>Best practice digital health systems typically try to restrict overall access to databases through hack-resistant firewalls. They also try to limit access to specific types of data through grades of access.</p> <p>This means a hospital accountant, nurse or cleaner does not get to see everything. Such systems also incorporate blocks or alarms where there is potential abuse, such as unauthorised copying.</p> <p>But in practice each health records ecosystem – in GP and specialist suites, pathology labs, research labs, hospitals – is less robust, often with fewer safeguards and weaker supervision.</p> <h2>This has happened before</h2> <p>Large health-care providers and insurers, including major hospitals or chains of hospitals, have a <a href="https://www.theguardian.com/australia-news/2023/dec/22/st-vincents-health-australia-hack-cyberattack-data-stolen-hospital-aged-care-what-to-do">worrying</a> <a href="https://www.afr.com/technology/medical-information-leaked-in-nsw-health-hack-20210608-p57z7k">history</a> of <a href="https://www.innovationaus.com/oaic-takes-pathology-company-to-court-over-data-breach/">digital breaches</a>.</p> <p>Those breaches include hackers accessing the records of millions of people. The <a href="https://www.theguardian.com/world/2022/nov/11/medical-data-hacked-from-10m-australians-begins-to-appear-on-dark-web">Medibank</a> data breach involved more than ten million people. The <a href="https://www.hipaajournal.com/healthcare-data-breach-statistics/">Anthem</a> data breach in the United States involved more than 78 million people.</p> <p>Hospitals and clinics have also had breaches specific to a particular individual. Many of those breaches involved unauthorised sighting (and often copying) of hardcopy or digital files, for example by nurses, clinicians and administrative staff.</p> <p>For instance, this has happened to public figures such as <a href="https://www.latimes.com/archives/la-xpm-2008-mar-15-me-britney15-story.html">singer</a> <a href="https://journals.lww.com/healthcaremanagerjournal/abstract/2009/01000/health_information_privacy__why_trust_matters.11.aspx">Britney Spears</a>, actor <a href="https://www.nytimes.com/2007/10/10/nyregion/10clooney.html">George Clooney</a> and former United Kingdom prime minister <a href="https://www.theguardian.com/uk-news/2024/mar/20/when-fame-and-medical-privacy-clash-kate-and-other-crises-of-confidentiality">Gordon Brown</a>.</p> <p>Indeed, the Princess of Wales has had her medical privacy breached before, in 2012, while in hospital pregnant with her first child. This was no high-tech hacking of health data.</p> <p>Hoax callers from an Australian radio station <a href="https://theconversation.com/did-2day-fm-break-the-law-and-does-it-matter-11250">tricked</a> hospital staff into divulging details over the phone of the then Duchess of Cambridge’s health care.</p> <h2>Tip of the iceberg</h2> <p>Some unauthorised access to medical information goes undetected or is indeed undetectable unless there is an employment dispute or media involvement. Some is identified by colleagues.</p> <p>Records about your health <em>might</em> have been improperly sighted by someone in the health system. But you are rarely in a position to evaluate the data management of a clinic, hospital, health department or pathology lab.</p> <p>So we have to trust people do the right thing.</p> <h2>How could we improve things?</h2> <p>Health professions have long emphasised the need to protect these records. For instance, medical ethics bodies <a href="https://www.bmj.com/content/350/bmj.h2255">condemn</a> medical students who <a href="https://www.abc.net.au/news/2014-04-14/picture-sharing-app-for-doctors-raises-privacy-concerns/5389226">share</a> intimate or otherwise inappropriate images of patients.</p> <p>Different countries have various approaches to protecting who has access to medical records and under what circumstances.</p> <p>In Australia, for instance, we have a mix of complex and inconsistent laws that vary across jurisdictions, some covering privacy in general, others specific to health data. There isn’t one comprehensive law and set of standards <a href="https://theconversation.com/governments-privacy-review-has-some-strong-recommendations-now-we-really-need-action-200079">vigorously administered</a> by one well-resourced watchdog.</p> <p>In Australia, it’s mandatory to report <a href="https://www.oaic.gov.au/privacy/notifiable-data-breaches">data breaches</a>, including breaches of health data. This reporting system is currently <a href="https://theconversation.com/governments-privacy-review-has-some-strong-recommendations-now-we-really-need-action-200079">being updated</a>. But this won’t necessarily prevent data breaches.</p> <p>Instead, we need to incentivise Australian organisations to improve how they handle sensitive health data.</p> <p>The best policy <a href="https://onlinelibrary.wiley.com/doi/full/10.1111/1475-4932.12693">nudges</a> involve increasing penalties for breaches. This is so organisations act as responsible custodians rather than negligent owners of health data.</p> <p>We also need to step-up enforcement of data breaches and make it easier for victims to sue for breaches of privacy – princesses and tradies alike.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/226303/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><a href="https://theconversation.com/profiles/bruce-baer-arnold-1408">Bruce Baer Arnold</a>, Associate Professor, School of Law, <em><a href="https://theconversation.com/institutions/university-of-canberra-865">University of Canberra</a></em></p> <p><em>This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/attempts-to-access-kate-middletons-medical-records-are-no-surprise-such-breaches-are-all-too-common-226303">original article</a>.</em></p> <p><em>Images: Getty</em></p>

Legal

Placeholder Content Image

Investigation launched over "major security breach" at Princess Kate's hospital

<p>New reports have claimed that there was an alleged security breach at the hospital where the Princess of Wales was treated, and an internal investigation is currently underway. </p> <p>According to the <em>Daily Mirror's </em>Royal Editor Russell Myers, bosses at The London Clinic have launched a probe into the claims that Kate Middleton's confidentiality was breached by staff.</p> <p>"The reason [for the alleged investigation] is that there is allegations that a member of staff accessed her private medical records," Myers, said on <em>Today </em>this morning.</p> <p>He also described it as "a major security breach," citing an unidentified insider who claims that Kensington Palace was contacted by the hospital bosses  immediately after the alleged incident and "assured the Palace there would be a full investigation."</p> <p>"Kensington Palace and indeed the Princess of Wales have been extremely guarded about the nature of the surgery," he added. </p> <p>"Sources have told me that it's something she may wish to discuss in the future but it is a private medical matter now in the UK."</p> <p>Myers also claimed that he had spoken with London's Metropolitan Police, but said that they "haven't confirmed they are involved" at this stage.</p> <p>Just yesterday, Myers commented on the footage of Princess Kate <a href="https://www.oversixty.com.au/health/caring/princess-kate-filmed-in-public-for-the-first-time-since-christmas" target="_blank" rel="noopener">out in public </a>for the first time since Christmas, calling it "the video that everybody had been clambering for."</p> <p>"The main thing is, Kate looks very happy and fully healthy," Myers said on the <em>Today</em> show. </p> <p>Kensington Palace and The London Clinic have not provided a comment on the matter at this stage. </p> <p>The Princess of Wales is expected to return to her royal duties after easter. </p> <p><em>Images: Getty</em></p>

Legal

Placeholder Content Image

How Samantha Murphy's digital data could be a crucial clue

<p>Last Friday, Victoria Police revisited the Mount Clear area after extracting information from her mobile phone data, as they continue to investigate the Ballarat mum's disappearance. </p> <p>Now, Former Australia Federal Police officer and professor of cybersecurity, Nigel Phair believes an "anomaly" or "change in the behaviour" of Murphy's data pattern may have prompted authorities to return to the area. </p> <p>Detectives have previously said that Murphy departed her residence and ran approximately 7km through Woowookarung Regional Park with data tracking her last location as Mount Clear. </p> <p>Phair who formerly headed investigations at the Australian High Tech Crime Centre (AHTCC), said that data from her iPhone and Apple Watch is particularly important as both devices constantly log her GPS coordinates, heart rate, altitude and can even detect falls among other biometric information. </p> <p>"From the second that she walked out of her door, when out on the street, they would be able to see where she was moving and how she was moving," Phair told told Liz Hayes on Channel 9's series <em>Under Investigation</em>. </p> <p>Additionally, her iPhone can be precisely located using triangulation from nearby cell phone towers. </p> <p>Phair said that this type of data is extremely reliable and accurate, and he believes that the disturbance in this data the 7km mark, where it stopped tracking the information, reveals some form of sophistication. </p> <p>"That means someone's done something active against those two devices and you have to know what you are doing to think I'm going to completely take these out," he said. </p> <p>"It's not just turning them off, it's destroying them and then getting rid of that piece of evidence."</p> <p>He added that tampering with these devices are particularly hard, because even if they may attempt to change SIM cards, mobile phones that are still on can still be traced. </p> <p>"A device has two signifiers. It has a phone number, which you can change, call that the software signifier," he said.</p> <p>"Then it has a hardware identifier, which is the IMEI number." </p> <p>He said that police would be notified if the IMEI number was still operational. </p> <p>"Regardless if you swap SIMs or don't use a SIM at all and just use it as a Wi-Fi-only device in a Wi-Fi area, it will always broadcast that IME number onto the network," he said. </p> <p>Phair said that it is "highly likely" that police have the data on potential predators and are tracking them, as they can see whether someone else was using a device in the Mount Clear area the day Murphy disappeared. </p> <p>Former Victorian detective Damian Marrett told Hayes the he believes Murphy's disappearance is the result of foul play, as changes in her digital data could suggest it was a "targeted attack". </p> <p>He also added that if anyone else had access to her Find My iPhone app or any of her other data, they could easily track her using this information. </p> <p>"Somebody who intimately knew the tracks that she takes or had access to be able to track her runs," he said.</p> <p>"So she could have been tracked without those people having to physically surveil her."</p> <p><em>Images: Under Investigation/ Facebook</em></p> <p> </p>

Legal

Placeholder Content Image

Are Australia’s roads becoming more dangerous? Here’s what the data says

<p><a href="https://theconversation.com/profiles/mark-stevenson-330220">Mark Stevenson</a>, <em><a href="https://theconversation.com/institutions/the-university-of-melbourne-722">The University of Melbourne</a></em> and <a href="https://theconversation.com/profiles/jason-thompson-96100">Jason Thompson</a>, <em><a href="https://theconversation.com/institutions/the-university-of-melbourne-722">The University of Melbourne</a></em></p> <p>In 2022, there were nearly <a href="https://www.bitre.gov.au/sites/default/files/documents/road_trauma_2022.pdf">1,200 road crash deaths</a> in Australia – a figure that has remained largely the same over the past decade. However, some states and territories have seen dramatic increases in just the last five years, such as the ACT (100%), Tasmania (59.4%) and Queensland (21.2%).</p> <p>Serious injuries from road crashes have also been <a href="https://app.powerbi.com/view?r=eyJrIjoiMGVlZDM0YzQtNWI3Mi00YzAyLWI5YjUtZGQyYzc3YjJmMmY3IiwidCI6ImFhMjFiNjQwLWJhYzItNDU2ZC04NTA1LWYyY2MwN2Y1MTc4NCJ9">on the rise</a>, from 35,000 in 2013 to 39,866 in 2019.</p> <p>These statistics highlight the need for an urgent rethink of road safety policies if we are to achieve Australia’s <a href="https://www.sbs.com.au/news/article/australias-road-deaths-rise-despite-push-to-halve-fatalities-by-2030/vcl7yj50g">target</a> of a 50% decrease in fatalities and a 30% decrease in serious injuries by 2030. We are clearly not on track to meet these targets.</p> <p>People are worth more than statistics, though. And it is not surprising we haven’t seen decreases in road deaths when we rely on strategies first implemented three to four decades ago. Change is needed to prevent the ongoing trauma caused by road crashes to Australian families.</p> <p><iframe id="DTp1X" class="tc-infographic-datawrapper" style="border: none;" src="https://datawrapper.dwcdn.net/DTp1X/1/" width="100%" height="400px" frameborder="0"></iframe></p> <h2>Why have road trauma rates not declined?</h2> <p>Australia has long had an international reputation for pioneering road safety measures, such as seat belt restraints, speed management strategies (including speed cameras) and drink-driving laws, among others. In fact, Australia was the <a href="https://link.springer.com/article/10.1007/BF00137361">first country</a> in the world to introduce laws for compulsory seat belt use.</p> <p>These initiatives have been highly successful in reducing road deaths from their peak in 1970, when <a href="https://www.abs.gov.au/ausstats/abs@.nsf/Previousproducts/1301.0Feature%20Article412001?opendocument&amp;tabname=Summary&amp;prodno=1301.0&amp;issue=2001&amp;num=&amp;view=">3,798</a> were recorded. But in the past two decades, further progress has stalled. We must ask ourselves why.</p> <p>One theory to explain why road deaths may have increased in many states in the past couple of years is the pandemic. The previously empty roads are now congested again, which may have led to impatience and speeding. Or perhaps, some people have seemingly forgotten how to drive safely. However, there is another, perhaps simpler explanation.</p> <p>This chart shows how closely road deaths have tracked with domestic fuel sales in Australia – measured in millions of litres of fuel – since 2019. In simple terms, when driving rates decreased at the beginning of the pandemic, deaths and injuries went down. When driving rates increased again in early 2021, deaths and injuries went up.</p> <p>In fact, there is scant evidence to suggest people’s driving behaviours changed during this time. Our recent unpublished research followed approximately 800 drivers from January 2020 to March 2023 using monitoring systems inside their cars to measure their behaviour. We found no differences in driver behaviours during this time.</p> <p>Rather, there’s a more likely reason why road deaths and injuries continue to be so high: the amount of time we spend driving continues to increase, while our strategies to target the risks associated with driving haven’t changed.</p> <p>Unfortunately, government agencies continue to rely on strategies implemented over the past 20-30 years, which were effective when they were first introduced, but are now subject to the law of diminishing marginal returns. This means continually throwing more resources at existing speed management strategies, for example, will likely only see marginal benefits.</p> <h2>A new approach not focused on cars</h2> <p>There is increasing urgency to investigate and implement new road safety strategies based on emerging technologies and a redesign of our cities instead.</p> <p>For example, a <a href="https://www.sciencedirect.com/science/article/abs/pii/S0001457521003092">recent Australian trial</a> using new driving monitoring technology showed promise in reducing risky driving behaviours that could cause crashes. The monitoring systems provided feedback to the driver (via a smartphone app) and encouraged safer driving using financial incentives akin to insurance premiums. This new strategy is being explored further in three states: New South Wales, Queensland and Western Australia.</p> <p>Encouraging people to transition from private car trips to public transport is another road safety strategy that has seldom been considered by governments. Rather, the driver, car and road remain the focus.</p> <p>This <a href="https://www.roadsafety.gov.au/nrss/fact-sheets/vision-zero-safe-system">“safe system” approach</a> puts an emphasis on building safe road infrastructure for cars, while ignoring urban design changes that de-emphasise the need for cars. We should be encouraging more people to commute by rail, tram and bus (all lower-risk modes per kilometre travelled), while at the same time delivering safe infrastructure for sustainable transport such as bicycles/e-bicycles or walking.</p> <p>If we continue to tinker with strategies implemented many decades ago, we will never get close to achieving the lofty government targets on road deaths and injuries by 2030.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/213240/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><a href="https://theconversation.com/profiles/mark-stevenson-330220"><em>Mark Stevenson</em></a><em>, Professor of Urban Transport and Public Health, <a href="https://theconversation.com/institutions/the-university-of-melbourne-722">The University of Melbourne</a> and <a href="https://theconversation.com/profiles/jason-thompson-96100">Jason Thompson</a>, Associate Professor, Faculty of Medicine and Melbourne School of Design, <a href="https://theconversation.com/institutions/the-university-of-melbourne-722">The University of Melbourne</a></em></p> <p><em>Image credits: Getty Images</em></p> <p><em>This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/are-australias-roads-becoming-more-dangerous-heres-what-the-data-says-213240">original article</a>.</em></p>

Domestic Travel

Placeholder Content Image

"Disparaging and insulting": Kyle Sandilands found in breach of decency rules

<p>The Australian Communications and Media Authority (ACMA) found that Kyle Sandilands breached the decency rules over the <a href="https://www.oversixty.com.au/health/caring/kyle-sandilands-under-fire-for-hurtful-monkeypox-comments" target="_blank" rel="noopener">monkeypox comments</a> he made on-air in <em>The Kyle and Jackie O </em>show <span style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, 'Open Sans', 'Helvetica Neue', sans-serif;">last year</span><span style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, 'Open Sans', 'Helvetica Neue', sans-serif;">. </span></p> <p>The ACMA found that he breached the Commercial Radio Code of Practice with "offensive, exclusionary comments explicitly aimed at the presumed conduct of gay men". </p> <p>"The ACMA found that the overall sentiment of the segment stereotyped gay men as irresponsible in regard to their sexual health," the media watchdog found. </p> <p>"This made them the prime carriers of a virus that presented a danger to the community and, as a result, they were not deserving of sympathy or compassion."</p> <p>Monkeypox was declared a global health emergency in July 2022. </p> <p>At the time, Sandilands called the virus "the big gay disease" and that "it’s only gays getting it." </p> <p>In defence of Sandilands' comments, the broadcaster told the ACMA the segment may have contained "unfavourable descriptions of those susceptible to the virus, being homosexual males".</p> <p>They also claimed that the segment was "well-intended" in terms of bringing awareness to the community about the public health risk around the transmission of the virus and the availability of a vaccine. </p> <p>They also said that there was an insufficient amount of content that demonstrated  "ill-will towards (the) LGBTQIA+ community."</p> <p>However, ACMA Chairperson Nerida O'Loughlin called the comments "derisive and insulting". </p> <p>"We acknowledge that the program's audience does not expect the presentation style of either the program or the presenter to always be formal and nuanced," O'Loughlin said. </p> <p>"Although there was a basis at the time for a public discussion about mpox that involved reference to gay sexuality, the segment went beyond any acceptable standards by conveying that gay men were irresponsible, were a risk to the community and did not deserve any sympathy even when presenting for medical assistance."</p> <p>"Broadcasters have a responsibility to maintain appropriate levels of decency, and in this case the comments by Sandilands were overly disparaging and insulting."</p> <p><em>KIIS</em> have agreed to deliver sensitivity training to the hosts, producers, censors and other staff. </p> <p>They must also report back to the ACMA on their progress every six months for  two years. </p> <p><em>Images: KIIS FM</em></p>

Legal

Placeholder Content Image

The $500 million ATO fraud highlights flaws in the myGov ID system. Here’s how to keep your data safe

<p><em><a href="https://theconversation.com/profiles/rob-nicholls-91073">Rob Nicholls</a>, <a href="https://theconversation.com/institutions/unsw-sydney-1414">UNSW Sydney</a></em></p> <p>The Australian Tax Office (ATO) paid out more than half a billion dollars to cyber criminals between July 2021 and February 2023, according to an <a href="https://www.abc.net.au/news/2023-07-26/ato-reveals-cost-of-mygov-tax-identity-crime-fraud/102632572">ABC report</a>.</p> <p>Most of the payments were for small amounts (less than A$5,000) and were not flagged by the ATO’s own monitoring systems.</p> <p>The fraudsters exploited a weakness in the identification system used by the myGov online portal to redirect other people’s tax refunds to their own bank accounts.</p> <p>The good news is there’s plenty the federal government can do to crack down on this kind of fraud – and that you can do to keep your own payments secure.</p> <h2>How these scams work</h2> <p>Setting up a myGov account or a myGov ID requires proof of identity in the form of “<a href="https://www.afp.gov.au/sites/default/files/PDF/NPC-100PointChecklist-18042019.pdf">100 points of ID</a>”. It usually means either a passport and a driver’s licence or a driver’s licence, a Medicare card, and a bank statement.</p> <p>Once a myGov account is created, linking it to your tax records requires two of the following: an ATO assessment, bank account details, a payslip, a Centrelink payment, or a super account.</p> <p>These documents were precisely the ones targeted in three large data breaches in the past year: at <a href="https://theconversation.com/what-does-the-optus-data-breach-mean-for-you-and-how-can-you-protect-yourself-a-step-by-step-guide-191332">Optus</a>, at <a href="https://theconversation.com/medibank-hackers-are-now-releasing-stolen-data-on-the-dark-web-if-youre-affected-heres-what-you-need-to-know-194340">Medibank</a>, and at <a href="https://asic.gov.au/about-asic/news-centre/news-items/guidance-for-consumers-impacted-by-the-latitude-financial-services-data-breach/">Latitude Financial</a>.</p> <p>In this scam, the cyber criminal creates a fake myGov account using the stolen documents. If they can also get enough information to link to the ATO or your Tax File Number, they can then change bank account details to have your tax rebate paid to their account.</p> <p>It is a sadly simple scam.</p> <h2>How government can improve</h2> <p>One of the issues here is quite astounding. The ATO knows where salaries are paid, via the “<a href="https://www.ato.gov.au/business/single-touch-payroll/what-is-stp-/">single touch</a>” payroll system. This ensures salaries, tax and superannuation contributions are all paid at once.</p> <p>Most people who have received a tax refund will have provided bank account details where that payment can be made. Indeed, many people use precisely those bank account details to identify themselves to myGov.</p> <p>At present, those bank details can be changed within myGov without any further ado. If the ATO simply checked with the individual via another channel when bank account details are changed, this fraud could be prevented. It might be sensible to check with the individual’s employer as well.</p> <p>Part of the problem is the ATO has not been very transparent about the risks. If these risks were clearly set out, then calls for changes to ATO procedures would have been loud and clear from the cyber security community.</p> <p>The ATO is usually good at identifying when a cyber security incident may lead to fraud. For example, when the recruitment software company <a href="https://www.abc.net.au/news/2018-06-06/australian-data-may-be-compromised-in-pageup-security-breach/9840048?itm_campaign=newsapp">PageUp was hacked in 2018</a>, the ATO required people who may have been affected to reconfirm their identities. This was done without public commentary and represents sound practice.</p> <p>Sadly, the millions of records stolen in the Optus, Medibank and Latitude Financial breaches have not led to a similar level of vigilance.</p> <p>Another action the ATO could take would be to check when a single set of bank account details is associated with more than one myGov account.</p> <p>A national digital identity would also help. However, this system has been in development for years, is not universally popular, and may well be <a href="https://www.themandarin.com.au/226280-gallagher-warns-community-support-for-digital-identity-not-ubiquitous/">delayed</a> until after the federal election due in 2024.</p> <h2>Protecting yourself</h2> <p>The most important thing to do is make sure the ATO does not use a bank account number other than yours. As long as the ATO only has your bank account number to transfer your tax rebate, this scam does not work.</p> <p>It also helps to protect your Tax File Number. There are only four groups that ever need this number.</p> <p>The first is the ATO itself. The second is your employer. However, remember you do not need to give your TFN to a prospective employer, and your employer only needs your TFN <em>after</em> you have started work.</p> <p>Your super fund and your bank may ask for your TFN. However, providing your TFN to your super fund or bank is optional – it just makes things easier, as otherwise they will withhold tax which you will need to claim back later.</p> <p>Of course, all the usual data safety issues still apply. Don’t share your driver’s licence details without good reason. Take similar care with your passport. Your Medicare card is for health services and does not need to be shared widely.</p> <p>Don’t open emails from people you do not know. Never click links in messages unless you are sure they are safe. Most importantly, know your bank will not send you emails containing links, nor will the ATO.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/210459/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/rob-nicholls-91073">Rob Nicholls</a>, Associate professor of regulation and governance, <a href="https://theconversation.com/institutions/unsw-sydney-1414">UNSW Sydney</a></em></p> <p><em>Image </em><em>credits: Shutterstock</em></p> <p><em>This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/the-500-million-ato-fraud-highlights-flaws-in-the-mygov-id-system-heres-how-to-keep-your-data-safe-210459">original article</a>.</em></p>

Technology

Placeholder Content Image

Why Channel 10 is suing its former star host

<p>Channel 10 is suing its former political editor, Peter van Onselen, for an alleged breach of contract after he wrote a column tearing into his former employer’s business skills.</p> <p>Anonymous sources told news.com.au that Mr van Onselen signed a non-disparagement clause and received a financial settlement after leaving the network.</p> <p>He had announced he was returning to academia, leaving his daily political news role at Ten in March 2023 after four years. It followed reports he had become tired of the commute from Sydney to Canberra.</p> <p>“I’ve only been doing this for four years ... We sometimes forget the sacrifices they make!” he wrote.</p> <p>It’s believed that the alleged breach of contract that Ten Network has initiated action over relates to that secret clause, which required him not to badmouth the network.</p> <p><span style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, 'Open Sans', 'Helvetica Neue', sans-serif;">However, it’s now the court’s decision to decide whether his column — which only referred to publicly available information about the network — constitutes a breach, or whether he should be free to make such observations in his role as commentator.</span></p> <p>In The Australian on May 25, <a href="https://www.theaustralian.com.au/subscribe/news/1/?sourceCode=TAWEB_WRE170_a&dest=https%3A%2F%2Fwww.theaustralian.com.au%2Fbusiness%2Fmedia%2Fparamount-woes-raise-questions-about-the-long-term-viability-of-network-10%2Fnews-story%2Fe2dbfb95698c1eca1cb78f0dfd858c22&memtype=anonymous&mode=premium&v21=dynamic-low-control-score&V21spcbehaviour=append" target="_blank" rel="noopener">Mr van Onselen wrote</a> that Ten’s parent company, Paramount, was unlikely to have a promising future.</p> <p>“Paramount’s share price has plummeted more than 30 per cent in the past month, down more than 50 per cent in just a year,” he wrote.</p> <p>“You could choose to be a little more upbeat about Paramount (and Network 10’s) future if the streaming part of the business was firing, but it’s not.</p> <p>“So what does all of this mean for Network 10? It could be fine, limping along with little attention paid to it by its big overseas owner … Since that time the network’s ratings have slowly ebbed lower and lower, elongating the divide between it and its more successful commercial rivals in Australia.”</p> <p>Mr van Onselen also revealed during his tenure that NSW Premier Gladys Berejiklian criticised Scott Morrison in private text messages.</p> <p><em>Image credit: Getty</em></p>

Legal

Placeholder Content Image

Huge fallout after panicked passenger opens exit door midflight

<p>Asiana Airlines has immediately stopped offering its emergency exit seats after a passenger opened a door during a flight over South Korea on May 26, sparking panic inside the plane.</p> <p>Passengers will no longer be seated in emergency exit seats on its 174-seat A321-200 aircrafts and the 195-seat A321-200s, as a safety measure.</p> <p>According to airline officials, the man, 33, who opened the door was seated near the emergency exit.</p> <p>During preliminary questioning, the 33-year-old told investigators that he felt suffocated and tried to get off the plane quickly, police reported.</p> <p>Twelve people suffered minor injuries as a result, with air blasting in the cabin and terrifying passengers.</p> <p>Some testified they suffered severe ear pain and saw others screaming and crying.</p> <p>A video shared on social media shows passengers’ hair being whipped by air blowing into the cabin.</p> <p>The emergency exit doors usually cannot be opened mid-flight due to the difference in air pressure inside and outside the plane.</p> <p>However, the 33-year-old managed to open the door likely because the plane was flying at a low altitude while preparing to land and there wasn’t much difference to pressure, Asiana Airlines officials report.</p> <blockquote class="twitter-tweet"> <p dir="ltr" lang="en">(warning: distressing)</p> <p>A man traveling on an Asiana Airlines flight opened the plane's cabin door minutes before it came in for its planned landing. <a href="https://t.co/QUIUXuVDgD">pic.twitter.com/QUIUXuVDgD</a></p> <p>— NowThis (@nowthisnews) <a href="https://twitter.com/nowthisnews/status/1662179612804149249?ref_src=twsrc%5Etfw">May 26, 2023</a></p></blockquote> <p>The Transport Ministry said the plane was at 213 metres when the man pulled the door open.</p> <p>The aircraft, which was flying to the city of Daegu from the southern island of Jeju was carrying 200 passengers and landed safely.</p> <p>Passengers onboard included teenage athletes on their way to a track and field competition, according to Asiana Airlines.</p> <p>The 33-year-old told authorities that he had wanted to get out of the plane because he felt suffocated, <em>Yonhap</em> news agency reported, citing police.</p> <p><em>Yonhap</em> said the man told police he had suffered stress after losing his job recently.</p> <p>A district court in Daegu has since approved a warrant to formally arrest him.</p> <p>"I wanted to get off the plane soon," the man told reporters at the court ahead of his arrest warrant review.</p> <p>"I'm really sorry to kids," he said, likely referencing the teenage athletes.</p> <p>Daegu police said they have up to 20 days to investigate the man before determining whether to send him to prosecutors for a possible indictment.</p> <p>If convicted, he faces a maximum sentence of 10 years in prison for breaching the aviation security law that bans passengers from handling entry doors, emergency exit doors and other equipment on board, according to the Transport Ministry.</p> <p>Those who were taken to hospitals were primarily treated for minor issues such as breathing difficulties.</p> <p><em>Image credit: Twitter</em></p>

Travel Trouble

Placeholder Content Image

Australia's most trusted brands revealed for 2023

<p>When it comes to big brands, there are certain names that Aussies go back to time and time again for their reliability and trustworthy reputations. </p> <p>This year, according to recent data collated by <a href="https://www.trustedbrands.com.au" target="_blank" rel="noopener">Reader's Digest</a>, consumers are interacting differently with big name brands after recovering from the pandemic, but now being faced with the cost of living crisis. </p> <p>The survey, now in its 24th year, was carried out by independent market research company Catalyst Consultancy & Research and asked thousands of consumers of a mixed demographic to name the brands they trusted across more than 70 categories. </p> <p>The data suggests that our most trusted brands have "not only changed the way they interact with us during the past three years of the pandemic", but current "cost-of-living pressures mean the most successful organisations are making even further refinements".</p> <p>"With inflation putting price pressure on everyone at the moment, trust remains a hard-earned and vitally important commodity," Reader's Digest Australia Editor-in-Chief Louise Waterson said. </p> <p>"Many leading companies are rebranding their image, or reshaping their services, to hold on to existing customers and seek out new ones."</p> <p><em><strong>Check out the list below of Australia's top 20 most trusted brands, and <a href="https://www.trustedbrands.com.au/" target="_blank" rel="noopener">head here for the full 2023 results</a>.</strong></em></p> <p>20. Woolworths</p> <p>19. Sanitarium</p> <p>18. Bridgestone</p> <p>17. Ryobi</p> <p>16. Dairy Farmers</p> <p>15. Cancer Council Australia</p> <p>14. Dyson</p> <p>13. Bega </p> <p>12. Selleys</p> <p>11. Specsavers</p> <p>10. Glen20</p> <p>9. Dulux</p> <p>8. Royal Flying Doctor Service</p> <p>7. Band-Aid</p> <p>6. Victa</p> <p>5. Panadol</p> <p>4. Bunnings Warehouse</p> <p>3. Cadbury</p> <p>2. Weber</p> <p>1. Dettol</p> <p><em>Image credits: Trusted Brands</em></p>

News

Placeholder Content Image

Can big data really predict what makes a song popular?

<p>Music is part of our lives in different ways. We listen to it on our commutes and it resounds through shopping centres. Some of us seek live music at concerts, festivals and shows or rely on music to set the tone and mood of our days.</p> <p>While we might understand the genres or songs we appreciate, it’s not clear precisely why a certain song is more appealing or popular. Perhaps the lyrics speak to an experience? Perhaps the energy makes it appealing? These questions are important to answer for music industry professionals, and <a href="https://theconversation.com/how-data-is-transforming-the-music-industry-70940">analyzing data</a> is a key part of this.</p> <p>At Carleton University, a group of data science researchers sought to answer the question: “What descriptive features of a song make it popular on music/online platforms?”</p> <h2>Revenue in the music industry</h2> <p>Revenue in the music industry <a href="https://doi.org/10.1509/jm.14.0473">is derived from two sources that are affected by different factors: live music and recorded music</a>. During the pandemic, although live music income dropped due to the cancellation of in-person performances, the <a href="https://doi.org/10.1371/journal.pone.0267640">income from streaming</a> rose.</p> <p>As digital platforms like Spotify and TikTok have grown, <a href="https://doi.org/10.5753/sbcm.2019.10436">the majority of music revenue has come to be contributed by digital media, mostly music streaming</a>. How and whether this <a href="https://theconversation.com/artists-spotify-criticisms-point-to-larger-ways-musicians-lose-with-streaming-heres-3-changes-to-help-in-canada-176526">revenue reaches singers and songwriters at large</a> is another matter. </p> <h2>Popularity on digital platforms</h2> <p>The popularity of a song on digital platforms is considered a measure of the revenue the song may generate.</p> <p>As such, producers seek to answer questions like “<a href="https://doi.org/10.1098/rsos.171274">How can we make the song more popular?</a>” and “<a href="https://doi.org/10.1109/ICMLA.2019.00149">What are the characteristics of songs that make it the top charts?</a>” </p> <p>With collaborators <a href="https://www.linkedin.com/in/laura-colley/">Laura Colley</a>, <a href="https://www.linkedin.com/in/andrew-dybka/">Andrew Dybka</a>, Adam Gauthier, Jacob Laboissonniere, Alexandre Mougeot and Nayeeb Mowla, we produced a systematic study that collected data from YouTube, Twitter, TikTok, Spotify and Billboard (<a href="https://www.billboard.com/charts/hot-100">Billboard Hot-100</a>, sometimes also denoted by data researchers as “<a href="https://data.world/bigml/association-discovery">Billboard hot top</a>” or in our work and others’ work, “Billboard Top-100”).</p> <p>We linked the datasets from the different platforms with Spotify’s acoustic descriptive metric or “descriptive features” for songs. These features have been derived <a href="https://www.billboard.com/music/music-news/echo-nest-columbia-university-launch-million-song-dataset-1178990/">from a dataset which yielded categories for measuring and analyzing qualities of songs</a>. Spotify’s <a href="https://www.theguardian.com/technology/2014/mar/06/spotify-echo-nest-streaming-music-deal">metrics capture</a> <a href="https://doi.org/10.1098/rsos.171274">descriptive features such as</a>acousticness, energy, danceability and instrumentalness (the collection of instruments and voices in a given piece). </p> <p>We sought to find trends and analyze the relationship between songs’ descriptive features and their popularity.</p> <p>The rankings on the weekly <a href="https://www.billboard.com/charts/hot-100/">Billboard Hot-100</a> are based on sales, online streams and radio plays in the United States.</p> <p>The analysis we performed by looking at Spotify and Billboard revealed insights that are useful for the music industry.</p> <h2>What predicts a Billboard hit?</h2> <p>To perform <a href="https://ieeexplore.ieee.org/document/9842568">this study</a>, we used two different data sets pertaining to songs that <a href="https://www.npr.org/sections/therecord/2013/08/16/207879695/how-the-hot-100-became-americas-hit-barometer">were Billboard hits</a> <a href="https://data.world/kcmillersean/billboard-hot-100-1958-2017">from the early 1940s to 2020</a> and Spotify data related to over 600,000 tracks and over one million artists.</p> <p>Interestingly, we found no substantial correlations between the number of weeks a song remained on the charts, as a measure of popularity, and the acoustic features included in the study.</p> <p>Our analysis determined that newer songs tend to last longer on the charts and that a song’s popularity affects how long it stays on the charts. </p> <p>In a related study, researchers collected data for Billboard’s Hot 100 from 1958 to 2013 and found that <a href="https://doi.org/10.1007/978-3-319-13734-6_36">songs with a higher tempo and danceability often get a higher peak position on the Billboard charts</a>. </p> <h2>Predicting Spotify song popularity</h2> <p>We also used the songs’ features to generate machine learning models to predict Spotify song popularity. Preliminary results concluded that features are not linearly correlated, with some expected exceptions including songs’ energy. </p> <p>This indicated that the Spotify metrics we studied — including acousticness, danceability, duration, energy, explicitness, instrumentalness, liveness, speechiness (a measure of the presence of spoken words in a song), tempo and release year — were not strong predictors of the song’s popularity.</p> <p>The majority of songs in the Spotify dataset were not listed as explicit, tended to have low instrumentalness and speechiness, and were typically recent songs. </p> <p>Although one may think that some features that are innate to certain songs make them more popular, our study revealed that popularity can not be attributed solely to quantifiable acoustic elements. </p> <p>This means that song makers and consumers must consider other contextual factors beyond the musical features, as captured by Spotify’s measurables, that may contribute to the song’s success. </p> <h2>Elements affecting popularity shift</h2> <p>Our study reinforces that elements affecting the popularity of songs change over time and should be continuously explored. </p> <p>For example, <a href="https://doi.org/10.1098%2Frsos.171274">in songs produced between 1985 and 2015 in the United Kingdom, songs produced by female artists were more successful</a>.</p> <p>Other aspects may substantially contribute to the success of a song. Data scientists have proposed <a href="https://doi.org/10.1371/journal.pone.0244576">simplicity of the lyrics</a>, the advertising and <a href="https://www.ipr.edu/blogs/audio-production/what-are-the-elements-of-popular-music/">distribution plans</a> as potential predictors of songs’ popularity.</p> <h2>Attached listeners</h2> <p>Many musicians and producers make use of popular events and marketing strategies to advertise songs. Such events create social engagements and <a href="https://doi.org/10.3389/fpsyg.2018.02682">audience involvement</a> which attaches the listener to the song being performed. </p> <p>For the public, <a href="https://www.osheaga.com/en">live music events</a>, following long lockdowns, have been opportune for reuniting friends, and <a href="https://ottawabluesfest.ca/">enjoying live artistry and</a> entertainment.</p> <p>While attending a music event or listening to a song, we invite you to reflect on what it is about the song that makes you enjoy it.</p> <p><em>Image credits: Getty Images</em></p> <p><em>This arctic originally appeared on <a href="https://theconversation.com/can-big-data-really-predict-what-makes-a-song-popular-189052" target="_blank" rel="noopener">The Conversation</a>. </em></p>

Music

Placeholder Content Image

“Have a second phone”: Aussie spy chief’s warning on social media use

<p dir="ltr">MPs have been urged to use a second phone if they want to access social media apps such as TikTok, after one of Australia’s top spy bosses spoke about how these apps use our personal information.</p> <p dir="ltr">Rachel Noble, the Director-General of the Australian Signals Directorate (ASD), recommended that politicians and their staff should adopt the practice during a Senate estimates hearing.</p> <p dir="ltr">She also said that having a phone without access to social media was the only way to have “absolute certainty” of data privacy.</p> <p dir="ltr">“Our advice was, frankly, for people who are members of parliament who might be particularly targets of espionage … that if you wanted absolute certainty that your social media app couldn’t have access to those things … would be to have a second phone which you exclusively use for that,” Ms Noble said.</p> <p dir="ltr">The warning comes after it was reported earlier this year that the ASD had confidential meetings with politicians and their staff to warn them that some apps undertake excessive data collection and request access to contact lists, location data and photos.</p> <p dir="ltr">Last year, the Department of Home Affairs restricted TikTok use on work phones, joining the Department of Defence in doing so.</p> <p dir="ltr">During the hearing, Ms Noble said that in some cases social media apps were collecting additional information extending “beyond the content of messages, videos and voice recordings”.</p> <p dir="ltr">“Social media apps are monetising what you do on your phone, what you access, what you look at for how long, who your friends are – they will seek to get demographics of your friends in order to push you the information and get you to buy things,” she said.</p> <p dir="ltr">With some apps headquartered outside Australia, such as China, Ms Noble said the information collected could be accessed legally or be subject to covert collection.</p> <p dir="ltr">Sectors of the Australian public service aren’t the only ones restricting use of social media apps on work phones, with parliaments in the United States and New Zealand warning against using TikTok on government devices.</p> <p><span id="docs-internal-guid-4a365f66-7fff-12a0-c84b-6e36f0ce1003"></span></p> <p dir="ltr"><em>Image: Getty Images</em></p>

Technology

Placeholder Content Image

"Deplorable": Medibank hacker announces ransom demands

<p>As more sensitive health data has been posted on the dark web, the Medibank hacker has shared their ransom demands for the information to be returned safely. </p> <p>Along with the unlawful release of the information, the hacker stated, "Society ask us about ransom, it's a 10 millions (sic) usd. We can make discount 9.7m 1$=1 customer."</p> <p>At current rates, US$9.7 million is worth $15.07 million.</p> <p>The alleged hacker, also posted: "Medibanks (sic) CEO stated, that ransom amount is 'irrelevant'. We want to inform the customers, that He refuses to pay for yours data more, like 1 USD per person. So, probably customers data and extra efforts don't cost that."</p> <p>Following the release of 200 users' personal health data yesterday, the hacker has today posted an additional file of information allegedly obtained in the hack.</p> <p>While the file is titled "abortions", it is understood that the diagnostic code listed in the file against the names of over 300 Australian men and women actually refers to an admission for "Supervision of high risk pregnancy, unspecified, first trimester", according to <a href="https://www.9news.com.au/national/medibank-hack-update-more-health-data-ransom-demand-posted/32e7d105-1b5f-4291-bbb4-32620cbe3456" target="_blank" rel="noopener">9News</a>. </p> <p>Medibank CEO David Koczkar has called the latest health data release as "deplorable", while assuring customers they are working to secure their information. </p> <p>He said, "The release of this stolen data on the dark web is disgraceful."</p> <p>"We take the responsibility to secure our customer data seriously and we again unreservedly apologise to our customers.</p> <p>"We remain committed to fully and transparently communicating with customers and we will be contacting customers whose data has been released on the dark web.</p> <p>"The weaponisation of people's private information in an effort to extort payment is malicious, and it is an attack on the most vulnerable members of our community.</p> <p>"These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care."</p> <p>With so much information already leaked, there is a high risk of scams and individual ransom demands to come for the 500 or so Australians whose personal data has already been published.</p> <p>Those customers should be on high alert for scammers.</p> <p>Medibank has yet to reach out to the 500,000 customers whose health data is in jeopardy, to advise them whether more information has been lost to the scammers. </p> <p><em>Image credits: Getty Images </em></p>

Legal

Placeholder Content Image

Optus data breach: regulatory changes announced, but legislative reform still needed

<p>In response to Australia’s biggest ever data breach, the federal government will <a href="https://ministers.treasury.gov.au/ministers/jim-chalmers-2022/media-releases/changes-protect-consumers-following-optus-data-breach" target="_blank" rel="noopener">temporarily suspend regulations</a> that stop telcos sharing customer information with third parties.</p> <p>It’s a necessary step to deal with the threat of identify theft faced by 10 million current and former Optus customers. It will allow Optus to work with banks and government agencies to detect and prevent the fraudulent use of their data.</p> <p>But it’s still only a remedial measure, intended to be in place for 12 months. More substantive reform is needed to tighten Australia’s loose approach to data privacy and protection.</p> <h2>Changing regulations, not legislation</h2> <p>The changes – <a href="https://ministers.treasury.gov.au/ministers/jim-chalmers-2022/media-releases/changes-protect-consumers-following-optus-data-breach" target="_blank" rel="noopener">announced</a> by Treasurer Jim Chalmers and Federal Communications Minister Michelle Rowland – involve amending the <a href="https://www.legislation.gov.au/Details/F2022C00329" target="_blank" rel="noopener">Telecommunications Regulation 2021</a>.</p> <p>This a piece of “subordinate” or “<a href="https://peo.gov.au/understand-our-parliament/your-questions-on-notice/questions/whats-the-difference-between-a-legislative-act-and-a-regulation/" target="_blank" rel="noopener">delegated law</a>” to the <a href="https://www.legislation.gov.au/Series/C2004A05145" target="_blank" rel="noopener">Telecommunications Act 1997</a>. Amending the act itself would require a vote of parliament. Regulations can be amended at the government’s discretion.</p> <p>Under the Telecommunications Act it is a criminal offence for telcos to share information about “the affairs or personal particulars of another person”.</p> <p>The only exceptions are sharing information with the <a href="https://www.infrastructure.gov.au/media-communications-arts/phone/services-people-disability/accesshub/national-relay-service" target="_blank" rel="noopener">National Relay Service</a> (which enables those with hearing or speech disabilities to communicate by phone), to “authorised research entities” such as universities, public health agencies or electoral commissions, or to police and intelligence agencies <a href="https://www.homeaffairs.gov.au/about-us/our-portfolios/national-security/lawful-access-telecommunications/telecommunications-interception-and-surveillance" target="_blank" rel="noopener">with a warrant</a>.</p> <p>That means Optus can’t tell banks or even government agencies set up to prevent identity fraud, such as the little-known <a href="https://www.afr.com/companies/telecommunications/banks-treasury-team-up-to-protect-optus-customers-20220928-p5blm3" target="_blank" rel="noopener">Australian Financial Crime Exchange</a>, who the affected customers are.</p> <h2>Important safeguards</h2> <p>The government says the changes will only allow the sharing of “<a href="https://ministers.treasury.gov.au/ministers/jim-chalmers-2022/media-releases/changes-protect-consumers-following-optus-data-breach" target="_blank" rel="noopener">approved government identifier information</a>” – driver’s licences, Medicare and passport numbers.</p> <p>This information can only be shared with government agencies or financial institutions <a href="https://www.apra.gov.au/register-of-authorised-deposit-taking-institutions" target="_blank" rel="noopener">regulated by</a> the Australian Prudential Regulatory Authority. This means Optus (or any other telco) won’t be able to share information with the Australian branches of foreign banks.</p> <p>Financial institutions will also have to meet strict requirements about secure methods for transferring and storing personal information shared with them, and make undertakings to the Australian Competition and Consumer Commission (<a href="https://www.accc.gov.au/publications/section-87b-of-the-competition-consumer-act" target="_blank" rel="noopener">which can be enforced in court</a>).</p> <p>The information can be shared only “for the sole purposes of preventing or responding to cybersecurity incidents, fraud, scam activity or identify theft”. Any entity receiving information must destroy it after using it for this purpose.</p> <p>These are incredibly important safeguards given the current lack of limits on how long companies can keep identity data.</p> <h2>What is needed now</h2> <p>Although temporary, these changes could be a game changer. For the next 12 months, at least, Optus (and possibly other telcos) will be able to proactively share customer information with banks to prevent cybersecurity, fraud, scams and identity theft.</p> <p>It could potentially enable a crackdown on scams that affect both banks and telcos – such as <a href="https://www.ato.gov.au/General/Online-services/Identity-security-and-scams/Scam-alerts/" target="_blank" rel="noopener">fraudulent texts and phone calls</a>.</p> <p>But this does not nullify the need for a larger legislative reform agenda.</p> <p>Australia’s data privacy laws and regulations should put limits on how much data companies can collect, or for how long they can keep that information. Without limits, companies will continue to collect and store much more personal information <a href="https://theconversation.com/what-do-tiktok-bunnings-ebay-and-netflix-have-in-common-theyre-all-hyper-collectors-187274" target="_blank" rel="noopener">than they need</a>.</p> <p>This will require amending the federal Privacy Act – subject to a <a href="https://www.ag.gov.au/integrity/consultations/review-privacy-act-1988" target="_blank" rel="noopener">government review</a> now nearing three years in length. There should be limits on what data companies can retain, and how long, as well as bigger penalties for non-compliance.</p> <p>We all need to take data privacy more seriously.</p> <p><strong>This article originally appeared on <a href="https://theconversation.com/optus-data-breach-regulatory-changes-announced-but-legislative-reform-still-needed-192009" target="_blank" rel="noopener">The Conversation</a>. </strong></p> <p><em>Image: Shutterstock</em></p>

Legal

Placeholder Content Image

7 tricks to use less phone data – and lower your phone bill

<p><strong>Turn off background app refresh</strong></p> <p><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/01-background-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></p> <p>When this feature is enabled, your apps are constantly refreshing so that they can show you the most recent content when opened. This includes email synching, weather widgets updating, and feeds refreshing. For the iPhone: Turn off the background app refresh by going to Settings &gt; General &gt; Background App Refresh. For Android: Go to Settings &gt; Data Usage &gt; Restrict app background data. This will allow you to turn the feature off for all apps or you can pick and choose which ones you want to turn off.</p> <p><strong>Disable apps that use a lot of data</strong></p> <p><strong><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/02-disable-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></strong></p> <p>There are certain apps that use more data than others, whether you use them frequently or not. For ones that you don’t use often, turn off cellular data. For the iPhone: Go to Settings &gt; Cellular &gt; then under “Use Cellular Data For” switch certain apps to off.</p> <p><strong>Turn off app updates</strong></p> <p><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/03-updates-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></p> <p>If your apps update automatically your phone will start the download whether you are connected to Wi-Fi or not. To turn this off on an iPhone, go to Settings &gt; iTunes &amp; App Stores &gt; turn off Use Cellular Data. For an Android, go to Settings &gt; under General click Auto-update apps &gt; Auto-update apps over Wi-Fi only. Then, your apps will only update when you are connected to Wi-Fi.</p> <p><strong>Turn off Wi-Fi assist</strong></p> <p><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/04-wifi-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></p> <p>Wi-Fi assist automatically uses your cellular data when the Wi-Fi signal is poor. To disable Wi-Fi assist for an iPhone go to Settings &gt; Cellular &gt; turn off Wi-Fi Assist.</p> <p><strong>Turn off iCloud drive</strong></p> <p><strong><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/05-icloud-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></strong></p> <p>When iCloud is enabled it is constantly moving documents in and out of the cloud. Use less cell phone data by turning iCloud off. To do this on the iPhone got to Settings &gt; iCloud &gt; turn off iCloud Drive.</p> <p><strong>Download music</strong></p> <p><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/06-download-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></p> <p>When you are on the go, streaming music, podcasts, or videos can really eat away at your data. Both the iPhone and Android phones let you restrict these apps to Wi-Fi only. Turning this setting on will force you to download them when connected to a Wi-Fi network and then allow for data free listening on the move.</p> <p><strong>Turn off cellular data completely</strong></p> <p><strong><img src="https://oversixtydev.blob.core.windows.net/media/2022/10/07-turn-simple-ways-use-less-data-770.jpg" alt="" width="770" height="514" /></strong></p> <p>If you know that you are about to reach you data limit or are saving it for the road trip you have coming up, you can simply turn off cellular data. This way, no data will be used, and certain apps will only work if you are connected to a Wi-Fi network.</p> <p><em><span id="docs-internal-guid-a9e22df5-7fff-1897-03fe-9c3a3e5e32d8">Written by M</span></em><em>organ Cutolo</em><em>. This article first appeared in <a href="https://www.readersdigest.com.au/culture/7-tricks-to-use-less-phone-data-and-lower-your-phone-bill" target="_blank" rel="noopener">Reader’s Digest</a>. For more of what you love from the world’s best-loved magazine, <a href="http://readersdigest.innovations.com.au/c/readersdigestemailsubscribe?utm_source=over60&amp;utm_medium=articles&amp;utm_campaign=RDSUB&amp;keycode=WRA87V" target="_blank" rel="noopener">here’s our best subscription offer.</a></em></p> <p><em>Images: </em><em>NICOLE FORNABAIO/RD.COM</em></p>

Technology

Placeholder Content Image

How not to tell customers their data is at risk: the perils of the Optus approach

<p>Optus fears data on up to 9.8 million of its customers has been accessed in a <a href="https://www.optus.com.au/about/media-centre/media-releases/2022/09/optus-notifies-customers-of-cyberattack" target="_blank" rel="noopener">sophisticated cyberattack</a> – including, for some customers, passport and drivers licence details, as well as phone numbers, dates of birth and email addresses.</p> <p>It made the announcement through the media, in the middle of Thursday’s national day of mourning public holiday, and during the four-day long weekend in Melbourne in the lead-up to the AFL grand final.</p> <p>At first, it didn’t text or email its customers. Instead, it issued a <a href="https://www.optus.com.au/about/media-centre/media-releases/2022/09/optus-notifies-customers-of-cyberattack" target="_blank" rel="noopener">press release</a> in the belief this was</p> <blockquote> <p>the quickest and most effective way to alert as many current and former customers as possible, so they could be vigilant and monitor for any suspicious activity.</p> </blockquote> <p>Trust in the media is at an all-time low. Communications authority Edelman reports that globally, only <a href="https://www.edelman.com/sites/g/files/aatuss191/files/2022-01/2022%20Edelman%20Trust%20Barometer%20FINAL_Jan25.pdf" target="_blank" rel="noopener">50%</a> of people trust the media, down from 62% a decade ago. Far more people (61%) trust businesses.</p> <h2>Tweets rather than texts</h2> <p>It has been <a href="https://studycorgi.com/the-role-of-integrated-marketing-communications-campaign/" target="_blank" rel="noopener">conventional wisdom</a> that brands should take an integrated approach to marketing communications. Many channels are better than one, increasingly so as audiences for traditional channels continue to fragment.</p> <p>An integrated marketing approach need not mean communicating through every available channel, but it should mean strategically selecting channels that are trusted and consumed by the brand’s customers.</p> <p>One of the best channels Optus has is its own phone network, and it is experienced in using it to contact its customers.</p> <p>Customers are likely to expect this where Optus has something important to say, and they are likely to trust a direct message from Optus more than one filtered through the media.</p> <p>They are even likely to spread it via word of mouth through friends who also use Optus, giving the company a continuing role in shaping the message.</p> <p>Instead, Optus backed up its press release with tweets.</p> <blockquote> <p dir="ltr" lang="en">Hi Marie, we issued a press release and proactively reached out to media as this is the quickest way to inform all our existing and former customers so they can be on high alert for anything suspicious. Kartik</p> <p>— Optus (@Optus) <a href="https://twitter.com/Optus/status/1572949683332583428?ref_src=twsrc%5Etfw">September 22, 2022</a></p></blockquote> <p>Optus has around 5.8 million active users, around 21% of the Australian population. They are a cross-section of the population, having little in common other than the fact they use Optus for communications.</p> <p>Some of Optus’ customers, especially those in Gen Z, might not use traditional news media. They wouldn’t have received the message through that channel.</p> <p>Former customers dating back to 2017 are also likely to be affected by the breach, taking the total affected to around <a href="https://www.smh.com.au/technology/sophisticated-attack-optus-hackers-used-european-addresses-could-be-state-linked-20220923-p5bkfn.html" target="_blank" rel="noopener">9.8 million</a>, about one third of the population.</p> <p>Twitter is used by about only about <a href="https://www.genroe.com/blog/social-media-statistics-australia/13492" target="_blank" rel="noopener">18%</a> of the population, and the overlap with Optus customers might not be large.</p> <blockquote class="twitter-tweet"> <p dir="ltr" lang="en">We'll be contacting impacted customers soon with more information and details on how we'll support them. Optus will not be sending links in any emails or SMS messages. If you believe your account has been compromised, you can contact us on My Optus app (2/2) ^George</p> <p>— Optus (@Optus) <a href="https://twitter.com/Optus/status/1573136010904363008?ref_src=twsrc%5Etfw">September 23, 2022</a></p></blockquote> <h2>What can brands learn from Optus?</h2> <p>As marketing and branding experts, we’ve distilled three lessons, each well known before the data breach.</p> <ol> <li> <p>When you have news affecting your customers, tell them before anyone else, in a personalised, one-to-one approach.</p> </li> <li> <p>Use channels that are trusted and consumed by your customers.</p> </li> <li> <p>Encourage word of mouth through your relationships with your brand community and loyal customers.</p> </li> </ol> <p><strong>This article originally appeared on <a href="https://theconversation.com/how-not-to-tell-customers-their-data-is-at-risk-the-perils-of-the-optus-approach-191258" target="_blank" rel="noopener">The Conversation</a>.</strong></p> <p><em>Image: Shutterstock</em></p>

Legal

Placeholder Content Image

This law makes it illegal for companies to collect third-party data to profile you but they do anyway

<p>A little-known provision of the Privacy Act makes it illegal for many companies in Australia to buy or exchange consumers’ personal data for profiling or targeting purposes. It’s almost never enforced. In a published <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4224653" target="_blank" rel="noopener">research paper</a>, I argue that needs to change.</p> <p>“Data enrichment” is the intrusive practice of companies going behind our backs to “fill in the gaps” of the information we provide.</p> <p>When you purchase a product or service from a company, fill out an online form, or sign up for a newsletter, you might provide only the necessary data such as your name, email, delivery address and/or payment information.</p> <p>That company may then turn to other retailers or <a href="https://www.oracle.com/au/cx/advertising/data-enrichment-measurement/#data-enrichment" target="_blank" rel="noopener">data brokers</a> to purchase or exchange extra data about you. This could include your age, family, health, habits and more.</p> <p>This allows them to build a more detailed individual profile on you, which helps them predict your behaviour and more precisely target you with ads.</p> <p>For almost ten years, there has been a law in Australia that makes this kind of data enrichment illegal if a company can “reasonably and practicably” request that information directly from the consumer. And at least <a href="https://consultations.ag.gov.au/rights-and-protections/privacy-act-review-discussion-paper/consultation/view_respondent?_b_index=60&amp;uuId=926016195" target="_blank" rel="noopener">one major data broker</a> has asked the government to “remove” this law.</p> <p>The burning question is: why is there not a single published case of this law being enforced against companies “enriching” customer data for profiling and targeting purposes?</p> <h2>Data collection ‘only from the individual’</h2> <p>The relevant law is Australian Privacy Principle 3.6 and is part of the federal <a href="https://www.legislation.gov.au/Details/C2022C00199" target="_blank" rel="noopener">Privacy Act</a>. It applies to most organisations that operate businesses with annual revenues higher than A$3 million, and smaller data businesses.</p> <p>The law says such organisations:</p> <blockquote> <p>must collect personal information about an individual only from the individual […] unless it is unreasonable or impracticable to do so.</p> </blockquote> <p>This “direct collection rule” protects individuals’ privacy by allowing them some control over information collected about them, and avoiding a combination of data sources that could reveal sensitive information about their vulnerabilities.</p> <p>But this rule has received almost no attention. There’s only one published determination of the federal privacy regulator on it, and that was against the <a href="https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/AICmr/2020/69.html" target="_blank" rel="noopener">Australian Defence Force</a> in a different context.</p> <p>According to Australian Privacy Principle 3.6, it’s only legal for an organisation to collect personal information from a third party if it would be “unreasonable or impracticable” to collect that information from the individual alone.</p> <p>This exception was intended to apply to <a href="https://www.oaic.gov.au/privacy/australian-privacy-principles-guidelines/chapter-3-app-3-collection-of-solicited-personal-information#collecting-directly-from-the-individual" target="_blank" rel="noopener">limited situations</a>, such as when:</p> <ul> <li>the individual is being investigated for some wrongdoing</li> <li>the individual’s address needs to be updated for delivery of legal or official documents.</li> </ul> <p>The exception shouldn’t apply simply because a company wants to collect extra information for profiling and targeting, but realises the customer would probably refuse to provide it.</p> <h2>Who’s bypassing customers for third-party data?</h2> <p>Aside from data brokers, companies also exchange information with each other about their respective customers to get extra information on customers’ lives. This is often referred to as “data matching” or “data partnerships”.</p> <p>Companies tend to be very vague about who they share information with, and who they get information from. So we don’t know for certain who’s buying data-enrichment services from data brokers, or “matching” customer data.</p> <p>Major companies such as <a href="https://www.amazon.com.au/gp/help/customer/display.html?nodeId=202075050&amp;ref_=footer_iba" target="_blank" rel="noopener">Amazon Australia</a>, <a href="https://www.ebay.com.au/help/policies/member-behaviour-policies/user-privacy-notice-privacy-policy?id=4260&amp;mkevt=1&amp;mkcid=1&amp;mkrid=705-53470-19255-0&amp;campid=5337590774&amp;customid=&amp;toolid=10001#section4" target="_blank" rel="noopener">eBay Australia</a>, <a href="https://www.facebook.com/privacy/policy/?subpage=1.subpage.4-InformationFromPartnersVendors" target="_blank" rel="noopener">Meta</a> (Facebook), <a href="https://www.viacomcbsprivacy.com/en/policy" target="_blank" rel="noopener">10Play Viacom</a> and <a href="https://twitter.com/en/privacy#twitter-privacy-1" target="_blank" rel="noopener">Twitter</a> include terms in the fine print of their privacy policies that state they collect personal information from third parties, including demographic details and/or interests.</p> <p><a href="https://policies.google.com/privacy?hl=en-US#infocollect" target="_blank" rel="noopener">Google</a>, <a href="https://preferences.news.com.au/privacy" target="_blank" rel="noopener">News Corp</a>, <a href="https://www.sevenwestmedia.com.au/privacy-policies/privacy" target="_blank" rel="noopener">Seven</a>, <a href="https://login.nine.com.au/privacy?client_id=smh" target="_blank" rel="noopener">Nine</a> and others also say they collect personal information from third parties, but are more vague about the nature of that information.</p> <p>These privacy policies don’t explain why it would be unreasonable or impracticable to collect that information directly from customers.</p> <h2>Consumer ‘consent’ is not an exception</h2> <p>Some companies may try to justify going behind customers’ backs to collect data because there’s an obscure term in their privacy policy that mentions they collect personal information from third parties. Or because the company disclosing the data has a privacy policy term about sharing data with “trusted data partners”.</p> <p>But even if this amounts to consumer “consent” under the relatively weak standards for consent in our current privacy law, this is not an exception to the direct collection rule.</p> <p>The law allows a “consent” exception for government agencies under a separate part of the direct collection rule, but not for private organisations.</p> <h2>Data enrichment involves personal information</h2> <p>Many companies with third-party data collection terms in their privacy policies acknowledge this is personal information. But some may argue the collected data isn’t “personal information” under the Privacy Act, so the direct collection rule doesn’t apply.</p> <p>Companies often exchange information about an individual without using the individual’s legal name or email. Instead they may use a unique advertising identifier for that individual, or <a href="https://help.abc.net.au/hc/en-us/articles/4402890310671" target="_blank" rel="noopener">“hash” the email address</a> to turn it into a unique string of numbers and letters.</p> <p>They essentially allocate a “code name” to the consumer. So the companies can exchange information that can be linked to the individual, yet say this information wasn’t connected to their actual name or email.</p> <p>However, this information should still be treated as personal information because it can be linked back to the individual when combined with other <a href="https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/FCAFC/2017/4.html" target="_blank" rel="noopener">information about them</a>.</p> <h2>At least one major data broker is against it</h2> <p>Data broker <a href="https://www.experian.com.au/business/solutions/audience-targeting/digital-solutions-sell-side/digital-audiences-ss" target="_blank" rel="noopener">Experian Australia</a> has asked the government to “remove” Australian Privacy Principle 3.6 “altogether”. In its <a href="https://consultations.ag.gov.au/rights-and-protections/privacy-act-review-discussion-paper/consultation/view_respondent?_b_index=60&amp;uuId=926016195" target="_blank" rel="noopener">submission</a> to the Privacy Act Review in January, Experian argued:</p> <blockquote> <p>It is outdated and does not fit well with modern data uses.</p> </blockquote> <p>Others who profit from data enrichment or data matching would probably agree, but prefer to let sleeping dogs lie.</p> <p>Experian argued the law favours large companies with direct access to lots of customers and opportunities to pool data collected from across their own corporate group. It said companies with access to fewer consumers and less data would be disadvantaged if they can’t purchase data from brokers.</p> <p>But the fact that some digital platforms impose extensive personal data collection on customers supports the case for stronger privacy laws. It doesn’t mean there should be a data free-for-all.</p> <h2>Our privacy regulator should take action</h2> <p>It has been three years since the consumer watchdog recommended <a href="https://www.accc.gov.au/system/files/Digital%20platforms%20inquiry%20-%20final%20report.pdf" target="_blank" rel="noopener">major reforms</a> to our privacy laws to reduce the disadvantages consumers suffer from invasive data practices. These reforms are probably still years away, if they eventuate at all.</p> <p>The direct collection rule is a very rare thing. It is an existing Australian privacy law that favours consumers. The privacy regulator should prioritise the enforcement of this law for the benefit of consumers.</p> <p><strong>This article originally appeared on <a href="https://theconversation.com/this-law-makes-it-illegal-for-companies-to-collect-third-party-data-to-profile-you-but-they-do-anyway-190758" target="_blank" rel="noopener">The Conversation</a>.</strong></p> <p><em>Image: Shutterstock</em></p>

Legal

Placeholder Content Image

Even if TikTok and other apps are collecting your data, what are the actual consequences?

<p>By now, most of us are aware social media companies collect vast amounts of our information. By doing this, they can target us with ads and monetise our attention. The latest chapter in the data-privacy debate concerns one of the world’s most popular apps among young people – TikTok.</p> <p>Yet anecdotally it seems the potential risks aren’t really something young people care about. Some were <a href="https://twitter.com/theprojecttv/status/1548962230741487617">interviewed</a> by The Project this week regarding the risk of their TikTok data being accessed from China.</p> <p>They said it wouldn’t stop them using the app. “Everyone at the moment has access to everything,” one person said. Another said they didn’t “have much to hide from the Chinese government”.</p> <p>Are these fair assessments? Or should Australians actually be worried about yet another social media company taking their data?</p> <p><strong>What’s happening with TikTok?</strong></p> <p>In a 2020 Australian parliamentary hearing on foreign interference through social media, TikTok representatives <a href="https://www.aph.gov.au/Parliamentary_Business/Hansard/Hansard_Display?bid=committees/commsen/1a5e6393-fec4-4222-945b-859e3f8ebd17/&amp;sid=0002">stressed</a>: “TikTok Australia data is stored in the US and Singapore, and the security and privacy of this data are our highest priority.”</p> <p>But as Australian Strategic Policy Institute (ASPI) analyst Fergus Ryan has <a href="https://www.aspistrategist.org.au/its-time-tiktok-australia-came-clean/">observed</a>, it’s not about where the data are <em>stored</em>, but who has <em>access</em>.</p> <blockquote class="twitter-tweet"> <p dir="ltr" lang="en">'Where the data is stored is really immaterial if the data can be accessed from Beijing at any point, and that's what we have known for a couple of years' | <a href="https://twitter.com/ASPI_ICPC?ref_src=twsrc%5Etfw">@ASPI_ICPC</a>'s <a href="https://twitter.com/fryan?ref_src=twsrc%5Etfw">@fryan</a> spoke to <a href="https://twitter.com/abcnews?ref_src=twsrc%5Etfw">@abcnews</a> about Tik Tok &amp; data security </p> <p>📺 Watch the interview: <a href="https://t.co/iKIXqj2Rt2">https://t.co/iKIXqj2Rt2</a></p> <p>— ASPI (@ASPI_org) <a href="https://twitter.com/ASPI_org/status/1549185634837102592?ref_src=twsrc%5Etfw">July 19, 2022</a></p></blockquote> <p>On June 17, BuzzFeed published a <a href="https://www.buzzfeednews.com/article/emilybakerwhite/tiktok-tapes-us-user-data-china-bytedance-access">report</a> based on 80 leaked internal TikTok meetings which seemed to confirm access to US TikTok data by Chinese actors. The report refers to multiple examples of data access by TikTok’s parent company ByteDance, which is based in China.</p> <p>Then in July, TikTok Australia’s director of public policy, Brent Thomas, wrote to the shadow minister for cyber security, James Paterson, regarding China’s access to Australian user data.</p> <p>Thomas denied having been asked for data from China or having “given data to the Chinese government” – but he also noted access is “based on the need to access data”. So there’s good reason to believe Australian users’ data <em>may</em> be accessed from China.</p> <blockquote class="twitter-tweet"> <p dir="ltr" lang="en">TikTok Australia has replied to my letter and admitted that Australian user data is also accessible in mainland China, putting it within reach of the Chinese government, despite their previous assurances it was safe because it was stored in the US and Singapore <a href="https://t.co/ITY1HNEo6v">pic.twitter.com/ITY1HNEo6v</a></p> <p>— James Paterson (@SenPaterson) <a href="https://twitter.com/SenPaterson/status/1546957121274621952?ref_src=twsrc%5Etfw">July 12, 2022</a></p></blockquote> <p><strong>Is TikTok worse than other platforms?</strong></p> <p>TikTok collects rich consumer information, including personal information and behavioural data from people’s activity on the app. In this respect, it’s not different from other social media companies.</p> <p>They all need oceans of user data to push ads onto us, and run data analytics behind a shiny facade of cute cats and trendy dances.</p> <p>However, TikTok’s corporate roots extend to authoritarian China – and not the US, where most of our other social media come from. This carries implications for TikTok users.</p> <p>Hypothetically, since TikTok moderates content according to Beijing’s foreign policy goals, it’s possible TikTok could apply censorship controls over Australian users.</p> <p>This means users’ feeds would be filtered to omit anything that doesn’t fit the Chinese government’s agenda, such as support for Taiwan’s sovereignty, as an example. In “shadowbanning”, a user’s posts appear to have been published to the user themselves, but are not visible to anyone else.</p> <p>It’s worth noting this censorship risk isn’t hypothetical. In 2019, information about Hong Kong protests was reported to have been <a href="https://www.theguardian.com/technology/2019/sep/25/revealed-how-tiktok-censors-videos-that-do-not-please-beijing">censored</a> not only on Douyin, China’s domestic version of TikTok, but also on TikTok itself.</p> <p>Then in 2020, ASPI <a href="https://www.aspi.org.au/report/tiktok-wechat">found</a> hashtags related to LGBTQ+ are suppressed in at least eight languages on TikTok. In response to ASPI’s research, a TikTok spokesperson said the hashtags may be restricted as part of the company’s localisation strategy and due to local laws.</p> <p>In Thailand, keywords such as #acab, #gayArab and anti-monarchy hashtags were found to be shadowbanned.</p> <p>Within China, Douyin complies with strict national content regulation. This includes censoring information about the religious movement Falun Gong and the Tiananmen massacre, among other examples.</p> <p>The legal environment in China forces Chinese internet product and service providers to work with government authorities. If Chinese companies disagree, or are unaware of their obligations, they can be slapped with legal and/or financial penalties and be forcefully shut down.</p> <p>In 2012, another social media product run by the founder of ByteDance, Yiming Zhang, was forced to close. Zhang fell into political line in a <a href="https://chinamediaproject.org/2018/04/11/tech-shame-in-the-new-era/">public apology</a>. He acknowledged the platform deviated from “public opinion guidance” by not moderating content that goes against “socialist core values”.</p> <p>Individual TikTok users should seriously consider leaving the app until issues of global censorship are clearly addressed.</p> <p><strong>But don’t forget, it’s not just TikTok</strong></p> <p>Meta products, such as Facebook and Instagram, also measure our interests by the seconds we spend looking at certain posts. They aggregate those behavioural data with our personal information to try to keep us hooked – looking at ads for as long as possible.</p> <p><a href="https://www.aclu.org/news/privacy-technology/holding-facebook-accountable-for-digital-redlining">Some real cases</a> of targeted advertising on social media have contributed to “digital redlining” – the use of technology to perpetuate social discrimination.</p> <p>In 2018, Facebook came under fire for showing some employment ads only to men. In 2019, it settled another digital redlining <a href="https://www.theguardian.com/technology/2019/mar/28/facebook-ads-housing-discrimination-charges-us-government-hud">case</a> over discriminatory practices in which housing ads were targeted to certain users on the basis of “race, colour, national origin and religion”.</p> <p>And in 2021, before the US Capitol breach, military and defence product ads <a href="https://www.buzzfeednews.com/article/ryanmac/facebook-profits-military-gear-ads-capitol-riot">were running</a> alongside conversations about a coup.</p> <p>Then there are some worst-case scenarios. The 2018 Cambridge Analytica scandal <a href="https://www.nytimes.com/2018/04/04/us/politics/cambridge-analytica-scandal-fallout.html">revealed</a> how Meta (then Facebook) exposed users’ data to the political consulting firm Cambridge Analytica without their consent.</p> <p>Cambridge Analytica harvested up to 87 million users’ data from Facebook, derived psychological user profiles and used these to tailor pro-Trump messaging to them. This likely had an influence on the 2016 US presidential election.</p> <figure class="align-center zoomable"><a href="https://images.theconversation.com/files/475064/original/file-20220720-19-dzfe0b.jpeg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=1000&amp;fit=clip"><img src="https://images.theconversation.com/files/475064/original/file-20220720-19-dzfe0b.jpeg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px" srcset="https://images.theconversation.com/files/475064/original/file-20220720-19-dzfe0b.jpeg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=600&amp;h=400&amp;fit=crop&amp;dpr=1 600w, https://images.theconversation.com/files/475064/original/file-20220720-19-dzfe0b.jpeg?ixlib=rb-1.1.0&amp;q=30&amp;auto=format&amp;w=600&amp;h=400&amp;fit=crop&amp;dpr=2 1200w, https://images.theconversation.com/files/475064/original/file-20220720-19-dzfe0b.jpeg?ixlib=rb-1.1.0&amp;q=15&amp;auto=format&amp;w=600&amp;h=400&amp;fit=crop&amp;dpr=3 1800w, https://images.theconversation.com/files/475064/original/file-20220720-19-dzfe0b.jpeg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;h=503&amp;fit=crop&amp;dpr=1 754w, https://images.theconversation.com/files/475064/original/file-20220720-19-dzfe0b.jpeg?ixlib=rb-1.1.0&amp;q=30&amp;auto=format&amp;w=754&amp;h=503&amp;fit=crop&amp;dpr=2 1508w, https://images.theconversation.com/files/475064/original/file-20220720-19-dzfe0b.jpeg?ixlib=rb-1.1.0&amp;q=15&amp;auto=format&amp;w=754&amp;h=503&amp;fit=crop&amp;dpr=3 2262w" alt="A phone shows a TikTok video playing on the screen, with a person mid-dance." /></a><figcaption><span class="caption">To what extent are we willing to ignore potential risks with social platforms, in favour of addictive content?</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure> <p>With TikTok, the most immediate concern for the average Australian user is content censorship – not direct prosecution. But within China, there are recurring instances of Chinese nationals being <a href="https://www.scmp.com/news/china/politics/article/3176605/crackdown-chinas-moderate-rights-voices-how-tweets-are-now">detained or even jailed</a> for using both Chinese and international social media.</p> <p>You can see how the consequences of mass data harvesting are not hypothetical. We need to demand more transparency from not just TikTok but all major social platforms regarding how data are used.</p> <p>Let’s continue the <a href="https://www.afr.com/policy/foreign-affairs/tiktok-s-privacy-fundamentally-incompatible-with-australia-20220713-p5b18l">regulation debate</a> TikTok has accelerated. We should look to update privacy protections and embed transparency into Australia’s national regulatory guidelines – for whatever the next big social media app happens to be.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/187277/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/ausma-bernot-963292" target="_blank" rel="noopener">Ausma Bernot</a>, PhD Candidate, <a href="https://theconversation.com/institutions/griffith-university-828" target="_blank" rel="noopener">Griffith University</a></em></p> <p><em>This article is republished from <a href="https://theconversation.com" target="_blank" rel="noopener">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/even-if-tiktok-and-other-apps-are-collecting-your-data-what-are-the-actual-consequences-187277" target="_blank" rel="noopener">original article</a>.</em></p> <p><em>Image: Getty Images</em></p>

Technology

Our Partners