Placeholder Content Image

Why do organisations still struggle to protect our data? We asked 50 professionals on the privacy front line

<div class="theconversation-article-body"> <p><em><a href="https://theconversation.com/profiles/jane-andrew-10314">Jane Andrew</a>, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a>; <a href="https://theconversation.com/profiles/dr-penelope-bowyer-pont-1550191">Dr Penelope Bowyer-Pont</a>, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a>, and <a href="https://theconversation.com/profiles/max-baker-25553">Max Baker</a>, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a></em></p> <p>More of our personal data is now collected and stored online than ever before in history. The rise of data breaches should unsettle us all.</p> <p>At an individual level, data breaches can compromise our privacy, cause harm to our finances and mental health, and even enable identity theft.</p> <p>For organisations, the repercussions can be equally severe, often resulting in major financial losses and brand damage.</p> <p>Despite the increasing importance of protecting our personal information, doing so remains fraught with challenges.</p> <p>As part of a <a href="http://www.doi.org/10.25910/psq3-q365">comprehensive study</a> of data breach notification practices, we interviewed 50 senior personnel working in information security and privacy. Here’s what they told us about the multifaceted challenges they face.</p> <h2>What does the law actually say?</h2> <p>Data breaches occur whenever personal information is accessed or disclosed without authorisation, or even lost altogether. <a href="https://www.abc.net.au/news/2024-06-20/optus-hack/104002682">Optus</a>, <a href="https://www.abc.net.au/news/2022-11-09/medibank-data-release-dark-web-hackers/101632088">Medibank</a> and <a href="https://www.afr.com/technology/canva-criticised-after-data-breach-exposed-139m-user-details-20190526-p51r8i">Canva</a> have all experienced high-profile incidents in recent years.</p> <p>Under Australia’s <a href="https://www8.austlii.edu.au/cgi-bin/viewdb/au/legis/cth/consol_act/pa1988108/">privacy laws</a>, organisations aren’t allowed to sweep major cyber attacks under the rug.</p> <p>They have to notify both the regulator – the Office of the Australian Information Commissioner (OAIC) – and any affected individuals of breaches that are likely to result in “<a href="https://www8.austlii.edu.au/cgi-bin/viewdb/au/legis/cth/consol_act/pa1988108/#:%7E:text=Whether%20access%20or%20disclosure%20would%20be%20likely%2C%20or%20would%20not%20be%20likely%2C%20to%20result%20in%20serious%20harm%2D%2Drelevant%20matters%20%C2%A0">serious harm</a>”.</p> <p>But according to the organisational leaders we interviewed, this poses a tricky question. How do you define serious harm?</p> <p>Interpretations of what “serious harm” actually means – and how likely it is to occur – vary significantly. This inconsistency can make it impossible to predict the specific impact of a data breach on an individual.</p> <p>Victims of domestic violence, for example, may be at increased risk when personal information is exposed, creating harms that are difficult to foresee or mitigate.</p> <h2>Enforcing the rules</h2> <p>Interviewees also had concerns about how well the regulator could provide guidance and enforce data protection measures.</p> <p>Many expressed a belief the OAIC is underfunded and lacks the authority to impose and enforce fines properly. The consensus was that the challenge of protecting our data has now outgrown the power and resources of the regulator.</p> <p>As one chief information security officer at a publicly listed company put it:</p> <blockquote> <p>What’s the point of having speeding signs and cameras if you don’t give anyone a ticket?</p> </blockquote> <p>A lack of enforcement can undermine the incentive for organisations to invest in robust data protection.</p> <h2>Only the tip of the iceberg</h2> <p>Data breaches are also underreported, particularly in the corporate sector.</p> <p>One senior cybersecurity consultant from a major multinational company told us there is a strong incentive for companies to minimise or cover up breaches, to avoid embarrassment.</p> <p>This culture means many breaches that should be reported simply aren’t. One senior public servant estimated only about 10% of reportable breaches end up actually being disclosed.</p> <p>Without this basic transparency, the regulator and affected individuals can’t take necessary steps to protect themselves.</p> <h2>Third-party breaches</h2> <p>Sometimes, when we give our personal information to one organisation, it can end up in the hands of another one we might not expect. This is because key tasks – especially managing databases – are often outsourced to third parties.</p> <p>Outsourcing tasks might be a more efficient option for an organisation, but it can make protecting personal data even more complicated.</p> <p>Interviewees told us breaches were more likely when engaging third-party providers, because it limited the control they had over security measures.</p> <p>Between July and December 2023 in Australia, there was an increase of <a href="https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-publications/notifiable-data-breaches-report-july-to-december-2023">more than 300%</a> in third-party data breaches compared to the six months prior.</p> <p>There have been some highly publicised examples.</p> <p>In May this year, many Clubs NSW customers had their personal information potentially <a href="https://www.rimpa.com.au/resource/more-than-a-million-australian-data-records-potentially-exposed-in-nsw-club-and-pub-data-breach.html#:%7E:text=Outabox%2C%20the%20IT%20services%20provider,and%20has%20notified%20law%20enforcement">breached</a> through an attack on third-party software provider Outabox.</p> <p>Bunnings suffered a <a href="https://australiancybersecuritymagazine.com.au/bunnings-customer-data-compromised/">similar breach</a> in late 2021, via an attack on scheduling software provider FlexBooker.</p> <h2>Getting the basics right</h2> <p>Some organisations are still struggling with the basics. Our research found many data breaches occur because outdated or “legacy” data systems are still in use.</p> <p>These systems are old or inactive databases, often containing huge amounts of personal information about all the individuals who’ve previously interacted with them.</p> <p>Organisations tend to hold onto personal data longer than is legally required. This can come down to confusion about data-retention requirements, but also the high cost and complexity of safely decommissioning old systems.</p> <p>One chief privacy officer of a large financial services institution told us:</p> <blockquote> <p>In an organisation like ours where we have over 2,000 legacy systems […] the systems don’t speak to each other. They don’t come with big red delete buttons.</p> </blockquote> <p>Other interviewees flagged that risky data testing practices are widespread.</p> <p>Software developers and tech teams often use “production data” – real customer data – to test new products. This is often quicker and cheaper than creating test datasets.</p> <p>However, this practice exposes real customer information to insecure testing environments, making it more vulnerable. A senior cybersecurity specialist told us:</p> <blockquote> <p>I’ve seen it so much in every industry […] It’s literally live, real information going into systems that are not live and real and have low security.</p> </blockquote> <h2>What needs to be done?</h2> <p>Drawing insights from professionals at the coalface, our study highlights just how complex data protection has become in Australia, and how quickly the landscape is evolving.</p> <p>Addressing these issues will require a multi-pronged approach, including clearer legislative guidelines, better enforcement, greater transparency and robust security practices for the use of third-party providers.</p> <p>As the digital world continues to evolve, so too must our strategies for protecting ourselves and our data.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/236681/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/jane-andrew-10314">Jane Andrew</a>, Professor, Head of the Discipline of Accounting, Governance and Regulation, University of Sydney Business School, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a>; <a href="https://theconversation.com/profiles/dr-penelope-bowyer-pont-1550191">Dr Penelope Bowyer-Pont</a>, Researcher, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a>, and <a href="https://theconversation.com/profiles/max-baker-25553">Max Baker</a>, Associate professor, <a href="https://theconversation.com/institutions/university-of-sydney-841">University of Sydney</a></em></p> <p><em>Image credits: Shutterstock </em></p> <p><em>This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/why-do-organisations-still-struggle-to-protect-our-data-we-asked-50-professionals-on-the-privacy-front-line-236681">original article</a>.</em></p> </div>

Legal

Placeholder Content Image

Does the royal family have a right to privacy? What the law says

<p><em><a href="https://theconversation.com/profiles/gemma-horton-1515949">Gemma Horton</a>, <a href="https://theconversation.com/institutions/university-of-sheffield-1147">University of Sheffield</a></em></p> <p>From court cases to conspiracy theories, the royal family’s right to privacy is, somewhat ironically, nearly always in the spotlight. The latest focus is Kate Middleton, Princess of Wales, whose whereabouts have been the subject of <a href="https://www.townandcountrymag.com/society/tradition/a60008117/kate-middleton-health-speculation-conspiracy-theories-online/">online speculation</a> after it was announced she was undergoing abdominal surgery and would be away from public duties until after Easter.</p> <p>This comes just weeks after King Charles <a href="https://www.bbc.co.uk/news/uk-68208157">revealed that he is undergoing treatment for cancer</a>, and a legal settlement between Prince Harry and Mirror Group Newspapers over <a href="https://www.bbc.co.uk/news/uk-68249009">illegal phone hacking</a>.</p> <p>Interest in the personal lives of the royals and other celebrities <a href="https://www.tandfonline.com/doi/full/10.1080/1461670X.2016.1150193">is a constant</a>, driving newspaper sales and online clicks for decades. You only needs to consider the media frenzy that followed Princess Diana to <a href="https://www.tandfonline.com/doi/full/10.1080/17512786.2013.833678">see this</a>, and its potentially devastating consequences.</p> <p>From a legal perspective, the British courts have ruled that everyone – the royal family included – is entitled to a right to privacy. The Human Rights Act incorporates into British law the rights set out by the European Convention on Human Rights. This includes article 8, which focuses on the right to privacy.</p> <p>In the years after the Human Rights Act came into force, courts ruled on a string of cases from celebrities claiming that the press invaded their privacy. Courts had to balance article 8 of the convention against article 10, the right to freedom of expression.</p> <p>Rulings repeatedly stated that, despite being in and sometimes seeking the limelight, celebrities should still be afforded a right to privacy. Some disagree with this position, such as prominent journalist <a href="https://www.independent.co.uk/news/uk/home-news/prince-harry-hacking-piers-morgan-b2336442.html">Piers Morgan, who has criticised</a> the Duke and Duchess of Sussex asking for privacy when they have also released a Netflix documentary, a broadcast interview with Oprah Winfrey and published a memoir.</p> <p>But the courts have made the position clear, as in the case concerning Catherine Zeta-Jones and Michael Douglas after Hello! Magazine published unauthorised photographs from their wedding. The <a href="https://eprints.whiterose.ac.uk/190559/3/Final%20Edited%20Version%20-%20Celebrity%20Privacy%20and%20Celebrity%20Journalism-%20Has%20anything%20changed%20since%20the%20Leveson%20Inquiry_.pdf">court stated</a> that: “To hold that those who have sought any publicity lose all protection would be to repeal article 8’s application to very many of those who are likely to need it.”</p> <p>There is no universal definition of privacy, but scholars have identified key concepts encompassing what privacy can entail. In my own research, I have argued that the <a href="https://eprints.whiterose.ac.uk/190559/3/Final%20Edited%20Version%20-%20Celebrity%20Privacy%20and%20Celebrity%20Journalism-%20Has%20anything%20changed%20since%20the%20Leveson%20Inquiry_.pdf">notion of choice</a> is one of these. Privacy allows us to control the spread of information about ourselves and disclose information to whom we want.</p> <h2>Privacy and the public interest</h2> <p>There are exceptions to these protections if the person involved had no reasonable expectation of privacy, or if it was in the public interest for this information to be revealed. There is no solid, legal definition of the “public interest”, so this is decided on a case-by-case basis.</p> <p><a href="https://www.tandfonline.com/doi/full/10.1080/17577632.2021.1889866">In the past</a>, the public interest defence has been applied because a public figure or official has acted hypocritically and the courts have stated there is a right for a publisher to set the record straight.</p> <p>When it comes to medical records and information concerning health, case law and journalistic <a href="https://www.ipso.co.uk/editors-code-of-practice/">editorial codes of conduct</a> are clear that this information is afforded the utmost protection.</p> <p>Model Naomi Campbell was pictured leaving a Narcotics Anonymous meeting and these images were published by the Daily Mirror. The court found that there had been a public interest in revealing the fact she was attending these meetings, as she had previously denied substance abuse.</p> <p>The House of Lords accepted that there was a public interest in the press “setting the record straight”. Nonetheless, the publication of additional, confidential details, and the photographs of her leaving the meeting were a <a href="https://www.theguardian.com/media/2004/may/06/mirror.pressandpublishing1">step too far</a>. The House of Lords highlighted the importance of being able to keep medical records and information private.</p> <h2>Royal health</h2> <p>When it comes to the royals, the history of <a href="https://www.townandcountrymag.com/society/tradition/a23798094/lindo-wing-st-marys-hospital-facts-photos/">publicity</a> around royal births, often posing with the newborn royal baby outside of the hospital, has set a precedent for what the public can expect about the royals’ medical information. When they choose to go against this tradition, it can frustrate both royal-watchers and publishers.</p> <p>King Charles made the choice to openly speak about his enlarged prostate to “assist public understanding”. And, as Prostate Cancer UK noted, this has worked – they noted a <a href="https://www.independent.co.uk/news/uk/home-news/king-charles-cancer-statement-treatment-b2494190.html">500% increase in people visiting their website</a>. However, he has chosen to not to divulge information about his cancer diagnosis beyond the fact that he is receiving treatment. This is his right.</p> <p>While revealing further information might stop speculation and rumours about his health, it is not the king’s duty to divulge private, medical information. However, if his health begins to impact his ability to act as monarch, the situation could change.</p> <p>It might be that the press finds more information about his health without his knowledge, but unless they have a genuine public interest in publishing this information, privacy should prevail.</p> <p>You would no doubt want your private medical information kept secret, not shared around your workplace and speculated on unless it was absolutely necessary. It is thanks to these laws and court precedent that you don’t have to worry about this. The royal family, regardless of their position, should expect the same standard.<!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><a href="https://theconversation.com/profiles/gemma-horton-1515949"><em>Gemma Horton</em></a><em>, Impact Fellow for Centre for Freedom of the Media, <a href="https://theconversation.com/institutions/university-of-sheffield-1147">University of Sheffield</a></em></p> <p><em>Image credits: Getty Images</em></p> <p><em>This article is republished from <a href="https://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/does-the-royal-family-have-a-right-to-privacy-what-the-law-says-224881">original article</a>.</em></p>

Legal

Placeholder Content Image

Aussie mum's outrage over neighbour's "creepy" act

<p>An Aussie mum has slammed her neighbour for being a "creep" after spotting a surveillance camera which she claims is pointed directly into her bathroom window. </p> <p>A photo taken of the set-up showed the camera poking out from underneath the blinds behind a window on the property next door. </p> <p>"It was facing the car park, and now it's facing my window [and it has] been there for the last four days," she wrote in the Facebook post, adding that she lives on private property and is not sure what to do. </p> <p>"It's facing my bathroom window. Disgusting. I have two young kids here."</p> <p>The post blew up, with hundreds of locals urging the mum-of-two to speak to her neighbour, put privacy screens, or tint her windows, to which the mum responded: "I shouldn't have to tint my windows to feel safe enough to have a shower." </p> <p> "I live on private property, he comes off as a creep."</p> <p>Despite revealing that she had issues with the neighbour in the past over her dog, the woman went and talked to the neighbour. </p> <p>"[I] went and spoke with them," she wrote. </p> <p>"Apparently it's not facing my backyard, only theirs, but clearly it is, so I will be taking it further.</p> <p>"It isn't for a backyard, it's for a car park that never gets used, only during the weekdays, but it's not even pointing anywhere near that direction anymore. It's legit right into my windows."</p> <p>Property lawyer Monica Rouvella told <em>Yahoo News</em> that there are several things the woman could do if this continues.</p> <p>"One of them is to contact the local police and they can come out and actually request to view that person's footage to see exactly what's been looked at," she said. </p> <p> "And then the police can actually, I believe, request that the camera be taken down or repositioned."</p> <p>She also said the Hunter Valley mum could try going through local councils, but they might refer back to the police. </p> <p>"The other takeaway is, you know, these days everybody has a camera on their house," she told the publication. </p> <p>"So you know, if you don't like that then don't do things you shouldn't be doing. But yeah, if it is directed at a person's house or window then that's a violation of that person's privacy." </p> <p><em>Images: Facebook</em></p> <p> </p>

Legal

Placeholder Content Image

Kate Ritchie hits out at the Daily Mail for invasion of privacy

<p dir="ltr">Kate Ritchie has hit out at the Daily Mail for invading her privacy and publishing photos of her leaving a mental health facility.</p> <p dir="ltr">The former <em>Home and Away</em> star recently announced she will be taking a break from her radio show to focus on her mental health.</p> <p dir="ltr">The 43-year-old confirmed that she will be back in 2023 alongside co-hosts Joel Creasey and Tim Blackwell.</p> <p dir="ltr">In a lengthy post on Instagram, the mother-of-one confessed that she is seeking help after realising she was relying on alcohol too much.</p> <p dir="ltr">However, things became too much when the Daily Mail published photos of her leaving a mental health facility, invading her privacy.</p> <p dir="ltr">“As announced previously, I am taking a break until next year,” her post began.</p> <p dir="ltr">“The last year has been incredibly emotionally challenging, as well as a relentless schedule, stress, and a lack of sleep. I came to realise that this led to an unhealthy reliance on alcohol.</p> <p dir="ltr">“So I decided to use this time to do something positive by getting the help I need from professionals who specialise in this area.</p> <p dir="ltr">“As everyone would understand, this is a very big step for me to take. I want to sincerely thank everybody who is supporting me.</p> <blockquote class="instagram-media" style="background: #FFF; border: 0; border-radius: 3px; box-shadow: 0 0 1px 0 rgba(0,0,0,0.5),0 1px 10px 0 rgba(0,0,0,0.15); margin: 1px; max-width: 540px; min-width: 326px; padding: 0; width: calc(100% - 2px);" data-instgrm-captioned="" data-instgrm-permalink="https://www.instagram.com/p/Cl4ytUJy_jB/?utm_source=ig_embed&amp;utm_campaign=loading" data-instgrm-version="14"> <div style="padding: 16px;"> <div style="display: flex; flex-direction: row; align-items: center;"> <div style="background-color: #f4f4f4; border-radius: 50%; flex-grow: 0; height: 40px; margin-right: 14px; width: 40px;"> </div> <div style="display: flex; flex-direction: column; flex-grow: 1; justify-content: center;"> <div style="background-color: #f4f4f4; border-radius: 4px; flex-grow: 0; height: 14px; margin-bottom: 6px; width: 100px;"> </div> <div style="background-color: #f4f4f4; border-radius: 4px; flex-grow: 0; height: 14px; width: 60px;"> </div> </div> </div> <div style="padding: 19% 0;"> </div> <div style="display: block; height: 50px; margin: 0 auto 12px; width: 50px;"> </div> <div style="padding-top: 8px;"> <div style="color: #3897f0; font-family: Arial,sans-serif; font-size: 14px; font-style: normal; font-weight: 550; line-height: 18px;">View this post on Instagram</div> </div> <div style="padding: 12.5% 0;"> </div> <div style="display: flex; flex-direction: row; margin-bottom: 14px; align-items: center;"> <div> <div style="background-color: #f4f4f4; border-radius: 50%; height: 12.5px; width: 12.5px; transform: translateX(0px) translateY(7px);"> </div> <div style="background-color: #f4f4f4; height: 12.5px; transform: rotate(-45deg) translateX(3px) translateY(1px); width: 12.5px; flex-grow: 0; margin-right: 14px; margin-left: 2px;"> </div> <div style="background-color: #f4f4f4; border-radius: 50%; height: 12.5px; width: 12.5px; transform: translateX(9px) translateY(-18px);"> </div> </div> <div style="margin-left: 8px;"> <div style="background-color: #f4f4f4; border-radius: 50%; flex-grow: 0; height: 20px; width: 20px;"> </div> <div style="width: 0; height: 0; border-top: 2px solid transparent; border-left: 6px solid #f4f4f4; border-bottom: 2px solid transparent; transform: translateX(16px) translateY(-4px) rotate(30deg);"> </div> </div> <div style="margin-left: auto;"> <div style="width: 0px; border-top: 8px solid #F4F4F4; border-right: 8px solid transparent; transform: translateY(16px);"> </div> <div style="background-color: #f4f4f4; flex-grow: 0; height: 12px; width: 16px; transform: translateY(-4px);"> </div> <div style="width: 0; height: 0; border-top: 8px solid #F4F4F4; border-left: 8px solid transparent; transform: translateY(-4px) translateX(8px);"> </div> </div> </div> <div style="display: flex; flex-direction: column; flex-grow: 1; justify-content: center; margin-bottom: 24px;"> <div style="background-color: #f4f4f4; border-radius: 4px; flex-grow: 0; height: 14px; margin-bottom: 6px; width: 224px;"> </div> <div style="background-color: #f4f4f4; border-radius: 4px; flex-grow: 0; height: 14px; width: 144px;"> </div> </div> <p style="color: #c9c8cd; font-family: Arial,sans-serif; font-size: 14px; line-height: 17px; margin-bottom: 0; margin-top: 8px; overflow: hidden; padding: 8px 0 7px; text-align: center; text-overflow: ellipsis; white-space: nowrap;"><a style="color: #c9c8cd; font-family: Arial,sans-serif; font-size: 14px; font-style: normal; font-weight: normal; line-height: 17px; text-decoration: none;" href="https://www.instagram.com/p/Cl4ytUJy_jB/?utm_source=ig_embed&amp;utm_campaign=loading" target="_blank" rel="noopener">A post shared by Kate Ritchie (@kateritchieofficial)</a></p> </div> </blockquote> <p dir="ltr">“It is a shocking invasion of my privacy that the Daily Mail, through their unrelenting stalking of me, has forced me to issue this public statement, in their blatant attempt to publicly shame me on a private health matter.”</p> <p dir="ltr">Her post was met with extreme support from fellow actors, comedians and hosts who wished Kate the best in getting better.</p> <p dir="ltr">“Much love,” comedian Tommy Little wrote.</p> <p dir="ltr">“Love love love you sista! Do what you gotta do to put your health and happiness first. Cheering you on always and excited for all that lies ahead x,” fellow radio host Ash London commented.</p> <p dir="ltr">“There’s so much strength to be found in vulnerability. Luckily you are a very strong woman and I have no doubt this time of healing will reveal an even better version of you! We love you @kateritchieofficial,” Aussie swimmer Leisel Jones wrote.</p> <p dir="ltr"><em>Images: Instagram</em></p>

Caring

Placeholder Content Image

“Have a second phone”: Aussie spy chief’s warning on social media use

<p dir="ltr">MPs have been urged to use a second phone if they want to access social media apps such as TikTok, after one of Australia’s top spy bosses spoke about how these apps use our personal information.</p> <p dir="ltr">Rachel Noble, the Director-General of the Australian Signals Directorate (ASD), recommended that politicians and their staff should adopt the practice during a Senate estimates hearing.</p> <p dir="ltr">She also said that having a phone without access to social media was the only way to have “absolute certainty” of data privacy.</p> <p dir="ltr">“Our advice was, frankly, for people who are members of parliament who might be particularly targets of espionage … that if you wanted absolute certainty that your social media app couldn’t have access to those things … would be to have a second phone which you exclusively use for that,” Ms Noble said.</p> <p dir="ltr">The warning comes after it was reported earlier this year that the ASD had confidential meetings with politicians and their staff to warn them that some apps undertake excessive data collection and request access to contact lists, location data and photos.</p> <p dir="ltr">Last year, the Department of Home Affairs restricted TikTok use on work phones, joining the Department of Defence in doing so.</p> <p dir="ltr">During the hearing, Ms Noble said that in some cases social media apps were collecting additional information extending “beyond the content of messages, videos and voice recordings”.</p> <p dir="ltr">“Social media apps are monetising what you do on your phone, what you access, what you look at for how long, who your friends are – they will seek to get demographics of your friends in order to push you the information and get you to buy things,” she said.</p> <p dir="ltr">With some apps headquartered outside Australia, such as China, Ms Noble said the information collected could be accessed legally or be subject to covert collection.</p> <p dir="ltr">Sectors of the Australian public service aren’t the only ones restricting use of social media apps on work phones, with parliaments in the United States and New Zealand warning against using TikTok on government devices.</p> <p><span id="docs-internal-guid-4a365f66-7fff-12a0-c84b-6e36f0ce1003"></span></p> <p dir="ltr"><em>Image: Getty Images</em></p>

Technology

Placeholder Content Image

3 times you should never “accept cookies” on a site

<p><strong>To cookie or not to cookie?</strong></p> <p>Cookie-consent pop-ups are one of the biggest annoyances on the Internet. Almost every site you visit has a notice saying, “This website uses cookies to improve your experience. Do you agree?” or something similar. Typically, we click “yes” or “agree” without even thinking about it because we’re eager to get to the content. But should we? Not necessarily.</p> <p><strong>What are cookies, exactly?</strong></p> <p>Before we delve into the dos and don’ts of cookie consent, here’s a little refresher on this Web tool: Cookies are essentially information collectors and trackers in the form of small text files stored on your browser by the sites you visit. Some are useful. For example, a cookie saved on your browser makes it so you don’t have to re-enter your log-in information every time you visit one of your favourite websites. Cookies can also remember your shopping preferences so that you get a personalised experience when you visit the website. Others, however, track how you use a website, how often you go there, your IP address, your phone number, what types of things you look at and buy, and other information you may not want to share.</p> <p><strong>Do you have to accept cookies?</strong></p> <p>Many companies have you click “yes” so that they’re compliant with current privacy laws. This means that once you click, you’ve given the company permission to use your information as they see fit without the worry of legal backlash. Most of the time, cookies are no big deal. There are a few occasions, though, where you should decline cookies. Don’t worry – if you find yourself in a situation where you need to decline or simply want to decline for whatever reason, most websites will work just fine without collecting your information. With that said, here’s when saying no to the cookies is a good idea.</p> <p><strong>Sketchy sites</strong></p> <p>Beware when you’re on an unencrypted website (these websites will have an unlocked lock icon by the web address) while using a public Wi-Fi network. The information collected by cookies can be intercepted by hackers because there isn’t any security to stop them. Your best bet when borrowing Wi-Fi from your local coffee shop or fast-food joint is to use your browser’s private or incognito mode. While in this mode, cookies aren’t collected by default (though you can manually turn off cookie blocking on some browsers), no matter where your Internet journeys take you.</p> <p><strong>Third-party cookies</strong></p> <p>If the cookie-consent pop-up mentions third-party cookies, click “decline.” Accepting gives the website the right to sell your browsing behaviour to a data broker. The broker then combines your behaviour on one website with information from other websites and builds an extremely detailed profile of you as a consumer. “The broker then sells that profile to other third parties who want to market to people like you,” says Harry Maugans, CEO of Privacy Bee, a proactive privacy management tool for consumers. “As you can imagine, this chain extends infinitely. Once you lose control of your personal data, it gets packaged and repackaged in all kinds of ways. It’s scary but true.”</p> <p>According to Maugans, some third-party cookies are even nefarious. You could become a victim of “cookie stealing” or “session hijacking.” This is when a hacker gains access to a browser and mimics users to be able to steal cookies from that browser. This can put you at risk of identity theft if hackers manage to steal cookies that store your personal information or credit card information.</p> <p>If you’re worried that you might accidentally accept third-party cookies, there’s an easy way to make things fool-proof. Go into your browser and choose to allow only required cookies or “first party” cookies. These cookies are the helpful ones mentioned earlier and are usually only used by the website you’re visiting.</p> <p><strong>When you’re using private information</strong></p> <p>If you don’t feel comfortable sharing the information you’re using or accessing on a website with a stranger, don’t use cookies on that site. According to Jeremy Tillman, president of the privacy company Ghostery, you should avoid cookies on sites where you do your banking, access your medical information, or use other private information.</p> <p>If you’re afraid that you’ve already accepted cookies on websites where you wouldn’t want your information gathered, go into your browser and use the “clear cookies” option. This will prevent sites from collecting your information in the future, as long as you decline the next time a site asks you to accept its cookies.</p> <p><em><span id="docs-internal-guid-ab23c7bc-7fff-94d0-086f-61fdae71f0de">Written by Alina Bradford. This article first appeared in <a href="https://www.readersdigest.com.au/true-stories-lifestyle/science-technology/3-times-you-should-never-accept-cookies-on-a-site" target="_blank" rel="noopener">Reader’s Digest</a>. For more of what you love from the world’s best-loved magazine, <a href="http://readersdigest.innovations.com.au/c/readersdigestemailsubscribe?utm_source=over60&amp;utm_medium=articles&amp;utm_campaign=RDSUB&amp;keycode=WRA87V" target="_blank" rel="noopener">here’s our best subscription offer.</a></span></em></p> <p><em>Image: Getty Images</em></p>

Technology

Placeholder Content Image

A class action against Optus could easily be Australia’s biggest

<p>With the Optus data breach exposing almost 10 million current and former customers to identity theft, law firms are circling for what could end up being the biggest – and most valuable – class action case in Australian legal history.</p> <p>A settlement could well be worth billions, eclipsing the current record of <a href="https://www.abc.net.au/news/2014-07-15/black-saturday-bushfire-survivors-secure-record-payout/5597062" target="_blank" rel="noopener">$494 million</a> paid to 10,000 victims of Victoria’s 2009 Black Saturday bushfires.</p> <p>Two class-action specialists, <a href="https://www.lawyersweekly.com.au/biglaw/35625-maurice-blackburn-investigates-action-against-optus" target="_blank" rel="noopener">Maurice Blackburn</a> and <a href="https://www.slatergordon.com.au/class-actions/current-class-actions/optus-data-breach" target="_blank" rel="noopener">Slater &amp; Gordon</a>, are considering suing, and it’s possible others will follow. (Maurice Blackburn also has another case against Optus on its books over a 2019 data breach involving 50,000 customers.)</p> <p>To proceed they’ll need to sign up at least seven people – one of whom acts as the “representative” or lead plaintiff. This shouldn’t be hard. They’ll then need to file a statement of claim for financial, economic or other loss.</p> <p>Multiple class actions are possible if those claims pursue different issues. Or the firms could work together, as they have in the past.</p> <h2>Things to know about class actions</h2> <p>There have been about 700 class actions in Australia in the past 30 years. Class actions can be pursued through state or federal courts. Most go to the Federal Court, which has been empowered to hear class actions since 1992.</p> <p>Less <a href="https://www.alrc.gov.au/wp-content/uploads/2019/08/alrc_report_134_webaccess_2.pdf" target="_blank" rel="noopener">than 5%</a> of Federal Court actions have progressed to a judgement. About 60% have ended in a court-approved settlement, with the balance dismissed or discontinued.</p> <p>The most common type of class action is by shareholders for loss of earnings. These account for about a third of Federal Court class actions.</p> <p>The biggest shareholder settlement so far is $200 million, paid by Centro Property Group to almost 6,000 shareholders in 2012 over misleading and deceptive conduct by Centro’s board. This followed the Australian Securities and Investments Commission <a href="https://www.smh.com.au/business/asic-wins-case-against-centro-directors-20110627-1gmk5.html" target="_blank" rel="noopener">successfully prosecuting</a> Centro (also in the Federal Court).</p> <p>Class actions account for less than 1% of claims lodged with the Federal Court, but their scale and complexity means they take a disproportionate amount of court time, as well as media attention.</p> <p>Because of their cost, many class actions are funded by third parties as a type of business venture. This enables the law firms running the action to sign up plaintiffs on a “no win, no fee”. The litigation funder then takes a share of the settlement (as does the law firm for its legal fees).</p> <p>According to <a href="https://www.alrc.gov.au/wp-content/uploads/2019/08/alrc_report_134_webaccess_2.pdf" target="_blank" rel="noopener">Australian Law Reform Commission</a> data for settled cases, the median percentage of any settlement going to plaintiffs is 57%, with law firms taking 17% and funders taking 22%.</p> <h2>What would a class action against Optus involve?</h2> <p>Based on what is currently known, there are two main ways a class action (or class actions) could proceed against Optus.</p> <p>First, it could argue negligence, with the scope of liability outlined in state or territory legislation. Second, it could argue breach of privacy, in contravention of the federal <a href="https://www.legislation.gov.au/Details/C2014C00076" target="_blank" rel="noopener">Privacy Act</a>, in the Federal Court.</p> <p>To succeed in negligence, a court would have to find Optus had a duty of care to its customers to protect their personal information, that it breached its duty, and that customers suffered damage or loss.</p> <p>To succeed on a breach of privacy, the Federal Court would have to find that personal information held by Optus was subject to unauthorised access or disclosure, or lost, and that the company failed to comply with the “privacy principles” enshrined in the Privacy Act.</p> <p>A second basis for a class action in the Federal Court could be to argue a breach of the <a href="https://www.legislation.gov.au/Details/C2018C00385" target="_blank" rel="noopener">Telecommunications Act</a>. This legislation says carriers and carriage service providers “must to do their best” to protect telecommunications networks and facilities from unauthorised interference or unauthorised access.</p> <h2>What are the precedents?</h2> <p>The closest precedent in Australia to a successful class action for a mass breach of privacy is a 2019 case in the NSW Supreme court. This involved a claim by 108 NSW ambulance service employees against the NSW Health Department.</p> <p>The employees, represented by the firm <a href="https://www.centenniallawyers.com.au/nsw-ambulance-class-action/" target="_blank" rel="noopener">Centennial Lawyers</a>, had their personnel files sold to a personal injury law firm by a contractor (who was convicted of unlawfully disclosing information and carried out community service for the crime).</p> <p>The court ordered NSW Health to pay the sum of <a href="http://www8.austlii.edu.au.ezproxy.newcastle.edu.au/cgi-bin/viewdoc/au/cases/nsw/NSWSC/2019/1781.html" target="_blank" rel="noopener">$275,000 in compensation</a>) – $10,000 for the lead plaintiff and about $2,400 for the others.</p> <h2>How much could the Optus case be worth?</h2> <p>Given the Optus data leak is established, there’s a strong basis to believe a class action would be successful.</p> <p>If so, a court could award compensatory damages for the time and cost of replacing identification documents, as well as exemplary (or punitive) damages, to send a message to corporations handling citizens’ private information.</p> <p>In determining damages, a court will take into account what efforts Optus has made to remedy the leak, mitigate the potential impact on those affected and pay for the costs of replacing drivers’ licences, Medicare cards or passports.</p> <p>Though the economic loss per customer may be relatively small, multiplied by the potential class-action pool size – up to 10 million plaintiffs – compensatory damages could easily be billions of dollars, even without exemplary damages.</p> <p>That makes this a hugely attractive prospect for a law firm or class-action funder.</p> <p><strong>This article originally appeared on <a href="https://theconversation.com/a-class-action-against-optus-could-easily-be-australias-biggest-heres-what-is-involved-191515" target="_blank" rel="noopener">The Conversation</a>. </strong></p> <p><em>Image: Shutterstock</em></p>

Legal

Placeholder Content Image

This law makes it illegal for companies to collect third-party data to profile you but they do anyway

<p>A little-known provision of the Privacy Act makes it illegal for many companies in Australia to buy or exchange consumers’ personal data for profiling or targeting purposes. It’s almost never enforced. In a published <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4224653" target="_blank" rel="noopener">research paper</a>, I argue that needs to change.</p> <p>“Data enrichment” is the intrusive practice of companies going behind our backs to “fill in the gaps” of the information we provide.</p> <p>When you purchase a product or service from a company, fill out an online form, or sign up for a newsletter, you might provide only the necessary data such as your name, email, delivery address and/or payment information.</p> <p>That company may then turn to other retailers or <a href="https://www.oracle.com/au/cx/advertising/data-enrichment-measurement/#data-enrichment" target="_blank" rel="noopener">data brokers</a> to purchase or exchange extra data about you. This could include your age, family, health, habits and more.</p> <p>This allows them to build a more detailed individual profile on you, which helps them predict your behaviour and more precisely target you with ads.</p> <p>For almost ten years, there has been a law in Australia that makes this kind of data enrichment illegal if a company can “reasonably and practicably” request that information directly from the consumer. And at least <a href="https://consultations.ag.gov.au/rights-and-protections/privacy-act-review-discussion-paper/consultation/view_respondent?_b_index=60&amp;uuId=926016195" target="_blank" rel="noopener">one major data broker</a> has asked the government to “remove” this law.</p> <p>The burning question is: why is there not a single published case of this law being enforced against companies “enriching” customer data for profiling and targeting purposes?</p> <h2>Data collection ‘only from the individual’</h2> <p>The relevant law is Australian Privacy Principle 3.6 and is part of the federal <a href="https://www.legislation.gov.au/Details/C2022C00199" target="_blank" rel="noopener">Privacy Act</a>. It applies to most organisations that operate businesses with annual revenues higher than A$3 million, and smaller data businesses.</p> <p>The law says such organisations:</p> <blockquote> <p>must collect personal information about an individual only from the individual […] unless it is unreasonable or impracticable to do so.</p> </blockquote> <p>This “direct collection rule” protects individuals’ privacy by allowing them some control over information collected about them, and avoiding a combination of data sources that could reveal sensitive information about their vulnerabilities.</p> <p>But this rule has received almost no attention. There’s only one published determination of the federal privacy regulator on it, and that was against the <a href="https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/AICmr/2020/69.html" target="_blank" rel="noopener">Australian Defence Force</a> in a different context.</p> <p>According to Australian Privacy Principle 3.6, it’s only legal for an organisation to collect personal information from a third party if it would be “unreasonable or impracticable” to collect that information from the individual alone.</p> <p>This exception was intended to apply to <a href="https://www.oaic.gov.au/privacy/australian-privacy-principles-guidelines/chapter-3-app-3-collection-of-solicited-personal-information#collecting-directly-from-the-individual" target="_blank" rel="noopener">limited situations</a>, such as when:</p> <ul> <li>the individual is being investigated for some wrongdoing</li> <li>the individual’s address needs to be updated for delivery of legal or official documents.</li> </ul> <p>The exception shouldn’t apply simply because a company wants to collect extra information for profiling and targeting, but realises the customer would probably refuse to provide it.</p> <h2>Who’s bypassing customers for third-party data?</h2> <p>Aside from data brokers, companies also exchange information with each other about their respective customers to get extra information on customers’ lives. This is often referred to as “data matching” or “data partnerships”.</p> <p>Companies tend to be very vague about who they share information with, and who they get information from. So we don’t know for certain who’s buying data-enrichment services from data brokers, or “matching” customer data.</p> <p>Major companies such as <a href="https://www.amazon.com.au/gp/help/customer/display.html?nodeId=202075050&amp;ref_=footer_iba" target="_blank" rel="noopener">Amazon Australia</a>, <a href="https://www.ebay.com.au/help/policies/member-behaviour-policies/user-privacy-notice-privacy-policy?id=4260&amp;mkevt=1&amp;mkcid=1&amp;mkrid=705-53470-19255-0&amp;campid=5337590774&amp;customid=&amp;toolid=10001#section4" target="_blank" rel="noopener">eBay Australia</a>, <a href="https://www.facebook.com/privacy/policy/?subpage=1.subpage.4-InformationFromPartnersVendors" target="_blank" rel="noopener">Meta</a> (Facebook), <a href="https://www.viacomcbsprivacy.com/en/policy" target="_blank" rel="noopener">10Play Viacom</a> and <a href="https://twitter.com/en/privacy#twitter-privacy-1" target="_blank" rel="noopener">Twitter</a> include terms in the fine print of their privacy policies that state they collect personal information from third parties, including demographic details and/or interests.</p> <p><a href="https://policies.google.com/privacy?hl=en-US#infocollect" target="_blank" rel="noopener">Google</a>, <a href="https://preferences.news.com.au/privacy" target="_blank" rel="noopener">News Corp</a>, <a href="https://www.sevenwestmedia.com.au/privacy-policies/privacy" target="_blank" rel="noopener">Seven</a>, <a href="https://login.nine.com.au/privacy?client_id=smh" target="_blank" rel="noopener">Nine</a> and others also say they collect personal information from third parties, but are more vague about the nature of that information.</p> <p>These privacy policies don’t explain why it would be unreasonable or impracticable to collect that information directly from customers.</p> <h2>Consumer ‘consent’ is not an exception</h2> <p>Some companies may try to justify going behind customers’ backs to collect data because there’s an obscure term in their privacy policy that mentions they collect personal information from third parties. Or because the company disclosing the data has a privacy policy term about sharing data with “trusted data partners”.</p> <p>But even if this amounts to consumer “consent” under the relatively weak standards for consent in our current privacy law, this is not an exception to the direct collection rule.</p> <p>The law allows a “consent” exception for government agencies under a separate part of the direct collection rule, but not for private organisations.</p> <h2>Data enrichment involves personal information</h2> <p>Many companies with third-party data collection terms in their privacy policies acknowledge this is personal information. But some may argue the collected data isn’t “personal information” under the Privacy Act, so the direct collection rule doesn’t apply.</p> <p>Companies often exchange information about an individual without using the individual’s legal name or email. Instead they may use a unique advertising identifier for that individual, or <a href="https://help.abc.net.au/hc/en-us/articles/4402890310671" target="_blank" rel="noopener">“hash” the email address</a> to turn it into a unique string of numbers and letters.</p> <p>They essentially allocate a “code name” to the consumer. So the companies can exchange information that can be linked to the individual, yet say this information wasn’t connected to their actual name or email.</p> <p>However, this information should still be treated as personal information because it can be linked back to the individual when combined with other <a href="https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/FCAFC/2017/4.html" target="_blank" rel="noopener">information about them</a>.</p> <h2>At least one major data broker is against it</h2> <p>Data broker <a href="https://www.experian.com.au/business/solutions/audience-targeting/digital-solutions-sell-side/digital-audiences-ss" target="_blank" rel="noopener">Experian Australia</a> has asked the government to “remove” Australian Privacy Principle 3.6 “altogether”. In its <a href="https://consultations.ag.gov.au/rights-and-protections/privacy-act-review-discussion-paper/consultation/view_respondent?_b_index=60&amp;uuId=926016195" target="_blank" rel="noopener">submission</a> to the Privacy Act Review in January, Experian argued:</p> <blockquote> <p>It is outdated and does not fit well with modern data uses.</p> </blockquote> <p>Others who profit from data enrichment or data matching would probably agree, but prefer to let sleeping dogs lie.</p> <p>Experian argued the law favours large companies with direct access to lots of customers and opportunities to pool data collected from across their own corporate group. It said companies with access to fewer consumers and less data would be disadvantaged if they can’t purchase data from brokers.</p> <p>But the fact that some digital platforms impose extensive personal data collection on customers supports the case for stronger privacy laws. It doesn’t mean there should be a data free-for-all.</p> <h2>Our privacy regulator should take action</h2> <p>It has been three years since the consumer watchdog recommended <a href="https://www.accc.gov.au/system/files/Digital%20platforms%20inquiry%20-%20final%20report.pdf" target="_blank" rel="noopener">major reforms</a> to our privacy laws to reduce the disadvantages consumers suffer from invasive data practices. These reforms are probably still years away, if they eventuate at all.</p> <p>The direct collection rule is a very rare thing. It is an existing Australian privacy law that favours consumers. The privacy regulator should prioritise the enforcement of this law for the benefit of consumers.</p> <p><strong>This article originally appeared on <a href="https://theconversation.com/this-law-makes-it-illegal-for-companies-to-collect-third-party-data-to-profile-you-but-they-do-anyway-190758" target="_blank" rel="noopener">The Conversation</a>.</strong></p> <p><em>Image: Shutterstock</em></p>

Legal

Placeholder Content Image

Instagram and Facebook are stalking you on websites accessed through their apps. What can you do about it?

<p>Social media platforms have had some bad <a href="https://theconversation.com/concerns-over-tiktok-feeding-user-data-to-beijing-are-back-and-theres-good-evidence-to-support-them-186211" target="_blank" rel="noopener">press</a> in recent times, largely prompted by the vast extent of their data collection. Now Meta, the parent company of Facebook and Instagram, has upped the ante.</p> <p>Not content with following every move you make on its apps, Meta has reportedly devised a way to also know everything you do in external websites accessed <em>through</em> its apps. Why is it going to such lengths? And is there a way to avoid this surveillance?</p> <p><strong>‘Injecting’ code to follow you</strong></p> <p>Meta has a custom in-app browser that operates on Facebook, Instagram and any website you might click through to from both these apps.</p> <p>Now ex-Google engineer and privacy researcher Felix Krause has discovered this proprietary browser has additional program code inserted into it. Krause developed a tool that <a href="https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser?utm_source=tldrnewsletter" target="_blank" rel="noopener">found</a> Instagram and Facebook added up to 18 lines of code to websites visited through Meta’s in-app browsers.</p> <p>This “code injection” enables user tracking and overrides tracking restrictions that browsers such as Chrome and Safari have in place. It allows Meta to collect sensitive user information, including “every button and link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses and credit card numbers”.</p> <p>Krause published his <a href="https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser?utm_source=tldrnewsletter" target="_blank" rel="noopener">findings</a> online on August 10, including samples of the <a href="https://connect.facebook.net/en_US/pcm.js" target="_blank" rel="noopener">actual code</a>.</p> <p>In response, Meta has said it isn’t doing anything users didn’t consent to. A Meta spokesperson said:</p> <blockquote> <p>We intentionally developed this code to honour people’s [Ask to track] choices on our platforms […] The code allows us to aggregate user data before using it for targeted advertising or measurement purposes.</p> </blockquote> <p>The “code” mentioned in the case is <a href="https://connect.facebook.net/en_US/pcm.js" target="_blank" rel="noopener">pcm.js</a> – a script that acts to aggregate a user’s browsing activities. Meta says the script is inserted based on whether users have given consent – and information gained is used only for advertising purposes.</p> <p>So is it acting ethically? Well, the company has done due diligence by informing users of its intention to collect <a href="https://www.facebook.com/privacy/policy" target="_blank" rel="noopener">an expanded range</a> of data. However, it stopped short of making clear what the full implications of doing so would be.</p> <p>People might give their consent to tracking in a more general sense, but “informed” consent implies full knowledge of the possible consequences. And, in this case, users were not explicitly made aware their activities on other sites could be followed through a code injection.</p> <blockquote class="twitter-tweet"> <p dir="ltr" lang="en">Facebook reached out to me, saying the system they’ve built honours the user’s ATT choice. </p> <p>However, this doesn’t change anything about my publication: The Instagram iOS app is actively injecting JavaScript code into all third party websites rendered via their in-app browser. <a href="https://t.co/9h0PIoIOSS">pic.twitter.com/9h0PIoIOSS</a></p> <p>— Felix Krause (@KrauseFx) <a href="https://twitter.com/KrauseFx/status/1557777320546635776?ref_src=twsrc%5Etfw">August 11, 2022</a></p></blockquote> <p><strong>Why is Meta doing this?</strong></p> <p>Data are the central commodity of Meta’s business model. There is astronomical value in the amount of data Meta can collect by injecting a tracking code into third-party websites opened through the Instagram and Facebook apps.</p> <p>At the same time, Meta’s business model is being threatened – and events from the recent past can help shed light on why it’s doing this in the first place.</p> <p>It boils down to the fact that Apple (which owns the Safari browser), Google (which owns Chrome) and the Firefox browser are all actively placing restrictions on Meta’s ability to collect data.</p> <p>Last year, Apple’s iOS 14.5 update came alongside a <a href="https://www.apple.com/au/privacy/control/" target="_blank" rel="noopener">requirement</a> that all apps hosted on the Apple app store must get users’ explicit permission to track and collect their data across apps owned by other companies.</p> <p>Meta has <a href="https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser?utm_source=tldrnewsletter" target="_blank" rel="noopener">publicly</a> said this single iPhone alert is costing its Facebook business US$10 billion each year.</p> <p>Apple’s Safari browser also applies a default setting to block all third-party “cookies”. These are little chunks of <a href="https://www.trendmicro.com/vinfo/us/security/definition/cookies" target="_blank" rel="noopener">tracking code</a> that websites deposit on your computer and which tell the website’s owner about your visit to the site.</p> <p>Google will also soon be phasing out third-party cookies. And Firefox recently announced “total cookie protection” to prevent so-called cross-page tracking.</p> <p>In other words, Meta is being flanked by browsers introducing restrictions on extensive user data tracking. Its response was to create its own browser that circumvents these restrictions.</p> <p><strong>How can I protect myself?</strong></p> <p>On the bright side, users concerned about privacy do have some options.</p> <p>The easiest way to stop Meta tracking your external activities through its in-app browser is to simply not use it; make sure you’re opening web pages in a trusted browser of choice such as Safari, Chrome or Firefox (via the screen shown below).</p> <p><img src="https://images.theconversation.com/files/478879/original/file-20220812-20-6je7m8.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=237&amp;fit=clip" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px" srcset="https://images.theconversation.com/files/478879/original/file-20220812-20-6je7m8.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=600&amp;h=548&amp;fit=crop&amp;dpr=1 600w, https://images.theconversation.com/files/478879/original/file-20220812-20-6je7m8.png?ixlib=rb-1.1.0&amp;q=30&amp;auto=format&amp;w=600&amp;h=548&amp;fit=crop&amp;dpr=2 1200w, https://images.theconversation.com/files/478879/original/file-20220812-20-6je7m8.png?ixlib=rb-1.1.0&amp;q=15&amp;auto=format&amp;w=600&amp;h=548&amp;fit=crop&amp;dpr=3 1800w, https://images.theconversation.com/files/478879/original/file-20220812-20-6je7m8.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;h=689&amp;fit=crop&amp;dpr=1 754w, https://images.theconversation.com/files/478879/original/file-20220812-20-6je7m8.png?ixlib=rb-1.1.0&amp;q=30&amp;auto=format&amp;w=754&amp;h=689&amp;fit=crop&amp;dpr=2 1508w, https://images.theconversation.com/files/478879/original/file-20220812-20-6je7m8.png?ixlib=rb-1.1.0&amp;q=15&amp;auto=format&amp;w=754&amp;h=689&amp;fit=crop&amp;dpr=3 2262w" alt="" /></p> <p><em><span class="caption" style="color: #999999; text-align: center;">Click ‘open in browser’ to open a website in a trusted browser such as Safari.</span><span style="color: #999999; text-align: center;"> </span><span class="attribution" style="color: #999999; text-align: center;">screenshot</span></em></p> <figure class="align-right "><figcaption></figcaption></figure> <p>If you can’t find this screen option, you can manually copy and paste the web address into a trusted browser.</p> <p>Another option is to access the social media platforms via a browser. So instead of using the Instagram or Facebook app, visit the sites by entering their URL into your trusted browser’s search bar. This should also solve the tracking problem.</p> <p>I’m not suggesting you ditch Facebook or Instagram altogether. But we should all be aware of how our online movements and usage patterns may be carefully recorded and used in ways we’re not told about. Remember: on the internet, if the service is free, you’re probably the product. <!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/188645/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/david-tuffley-13731" target="_blank" rel="noopener">David Tuffley</a>, Senior Lecturer in Applied Ethics &amp; CyberSecurity, <a href="https://theconversation.com/institutions/griffith-university-828" target="_blank" rel="noopener">Griffith University</a></em></p> <p><em>This article is republished from <a href="https://theconversation.com" target="_blank" rel="noopener">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/instagram-and-facebook-are-stalking-you-on-websites-accessed-through-their-apps-what-can-you-do-about-it-188645" target="_blank" rel="noopener">original article</a>.</em></p> <p><em>Image: Getty Images</em></p>

Technology

Placeholder Content Image

Shops that don’t use facial recognition

<p dir="ltr">Some of Australia’s biggest retailers have landed themselves in hot water after it was revealed that they are <a href="https://oversixty.com.au/entertainment/technology/bunnings-and-kmart-investigated-for-use-of-potentially-unethical-tech" target="_blank" rel="noopener">potentially invading customer privacy</a> with facial recognition technology. </p> <p dir="ltr">Shoppers now can breathe a sigh of relief with 17 popular retailers confirming to consumer group CHOICE that they are not using the technology and don’t have plans to introduce it. </p> <p dir="ltr">“CHOICE is really pleased to confirm that a number of big Australian retailers aren’t using facial recognition on their customers, and have no plans to introduce it,” CHOICE consumer data advocate, Kate Bower said. </p> <p dir="ltr">“Woolworths, Coles, Aldi, Target and Big W, among others, have all told us that they aren’t using this highly controversial technology in their stores, and don’t plan to.”  </p> <p dir="ltr">“This commitment from the 17 retailers to avoid the use of facial recognition technology will be strongly welcomed by their customers. </p> <p dir="ltr">“We know the community are really worried about the use of facial recognition, with some describing it as ‘creepy and invasive’. </p> <p dir="ltr">“Consumers will be pleased to know they can go into a store like Woolworths or Myer without having their sensitive personal information captured by facial recognition technology.” </p> <p dir="ltr">The good news comes as Kmart and Bunnings, who were previously called out for using the facial recognition technology, have confirmed they will temporarily pause the use of it. </p> <p dir="ltr"> The two retailers will pause using the controversial technology while the Office of the Australian Information Commissioner (OAIC) considers a complaint made by CHOICE against Kmart, Bunnings and The Good Guys for their use of facial recognition technology in store.  </p> <p dir="ltr">“Customers will welcome the decision from Bunnings and Kmart to pause the use of facial recognition technology, but we know what the community really wants is for these retailers to dump the technology for good,” Ms Bower continued. </p> <p dir="ltr">“CHOICE eagerly awaits the Information Commissioner’s decision on whether Kmart and Bunnings have breached the Privacy Act in their use of facial recognition technology. </p> <p dir="ltr">“This will be a landmark decision that will guide the use of controversial facial recognition technology in Australia.” </p> <p dir="ltr">A full list of all shops not using the technology identified by CHOICE include: Woolworths, Coles, Aldi, Target, Big W, Myer, David Jones, Officeworks, Dan Murphys, BWS, First Choice Liquor, Liquor Land, Vintage Cellars, Rebel, BCF, Supercheap Auto and Macpac. </p> <p dir="ltr"><em>Images: Twitter</em></p>

Money & Banking

Placeholder Content Image

After Roe v Wade, here’s how women could adopt ‘spycraft’ to avoid tracking and prosecution

<p>The art of concealing or misrepresenting one’s identity in the physical world has long been practised by spies engaged in espionage. In response, intelligence agencies designed techniques and technologies to identify people attempting to hide behind aliases.</p> <p>Now, following the US Supreme Court ruling overturning Roe v Wade, women in the United States seeking assistance with unwanted pregnancies have joined the ranks of spies.</p> <p>The ruling has resulted in several trigger laws coming into effect in conservative states to outlaw abortions in those states. These laws, coupled with groups targeting women’s reproductive rights protests, have raised fear among women of all ages about their data being used against them.</p> <p>Thousands have engaged with online posts calling on women to <a href="https://www.theguardian.com/world/2022/jun/28/why-us-woman-are-deleting-their-period-tracking-apps" target="_blank" rel="noopener">delete their period tracking apps</a>, on the premise that data fed to these apps could be used to prosecute them in states where abortion is illegal. At the same time, abortion clinics in New Mexico (where abortion remains legal) are <a href="https://www.reuters.com/world/us/new-mexico-shields-abortion-providers-ahead-expected-patient-surge-2022-06-27/" target="_blank" rel="noopener">reportedly</a> bracing for an influx of women from US states.</p> <p>As someone who has served as a special agent for the United States Army and Federal Bureau of Investigation, and as a Senior Intelligence Officer with the US Defense Intelligence Agency, I can tell you deleting period tracking apps may not be enough for vulnerable women now.</p> <p>But there are some tools women can use to conceal their identities, should this be necessary – the same tools once reserved for professional spies.</p> <blockquote class="twitter-tweet"> <p dir="ltr" lang="en">Menstrual tracking app Stardust is one of Apple’s top three most-downloaded free apps right now. It’s also one of few apps that has said it will voluntarily—without being legally required to—comply with law enforcement if it’s asked to share user data. <a href="https://t.co/sJ17VAiLvp">https://t.co/sJ17VAiLvp</a></p> <p>— Motherboard (@motherboard) <a href="https://twitter.com/motherboard/status/1541456351414583297?ref_src=twsrc%5Etfw">June 27, 2022</a></p></blockquote> <p><strong>The privacy myth</strong></p> <p>Apart from espionage, the emergence of the internet created a new impetus for widespread data collection by data aggregators and marketers. The modern surveillance economy grew out of a desire to target products and services to us as effectively as possible.</p> <p>Today, massive swathes of personal information are extracted from users, 24/7 – making it increasingly difficult to remain unmasked.</p> <p>Data aggregation is used to assess our purchasing habits, track our movements, find our favourite locations and obtain detailed demographic information about us, our families, our co-workers and friends.</p> <p>Recent events have demonstrated how tenuous our privacy is. <a href="https://www.theverge.com/2019/10/22/20926585/hong-kong-china-protest-mask-umbrella-anonymous-surveillance" target="_blank" rel="noopener">Protests in Hong Kong</a> have seen Chinese authorities use cameras to identify and arrest protesters, while police in the US deployed various technologies to identify <a href="https://theconversation.com/police-surveillance-of-black-lives-matter-shows-the-danger-technology-poses-to-democracy-142194" target="_blank" rel="noopener">Black Lives Matter</a> protesters.</p> <p>Articles appeared in Australian <a href="https://www.crikey.com.au/2022/06/29/protests-police-government-surveillance-how-to-avoid/" target="_blank" rel="noopener">media outlets</a> with advice on how to avoid being surveilled. And people were directed to websites, such as the <a href="https://www.eff.org/wp/behind-the-one-way-mirror" target="_blank" rel="noopener">Electronic Frontier Foundation</a>, dedicated to informing readers about how to avoid surveillance and personal data collection.</p> <p>What we’ve learned from both spy history and more recent events is that data collection is not always overt and obvious; it’s often unseen and opaque. Surveillance may come in the form of <a href="https://theconversation.com/surveillance-cameras-will-soon-be-unrecognisable-time-for-an-urgent-public-conversation-118931" target="_blank" rel="noopener">cameras</a>, <a href="https://theconversation.com/how-to-hide-from-a-drone-the-subtle-art-of-ghosting-in-the-age-of-surveillance-143078" target="_blank" rel="noopener">drones</a>, automated number plate readers (<a href="https://theconversation.com/number-plate-recognition-the-technology-behind-the-rhetoric-17572" target="_blank" rel="noopener">ANPR/ALPR</a>), <a href="https://www.q-free.com/reference/australia/" target="_blank" rel="noopener">toll payment devices</a>, <a href="https://www.dhs.gov/publication/acoustic-surveillance-devices" target="_blank" rel="noopener">acoustic collectors</a> and of course any internet-connected <a href="https://theconversation.com/smartphone-data-tracking-is-more-than-creepy-heres-why-you-should-be-worried-91110" target="_blank" rel="noopener">device</a>.</p> <p>In some cases when your fellow protesters upload images or videos, crowd-sourced intelligence becomes your enemy.</p> <p><strong>Data deleted, not destroyed</strong></p> <p>Recently, a lot of the focus has been on phones and apps. But deleting mobile apps will not prevent the identification of an individual, nor will turning off location services.</p> <p>Law enforcement and even commercial companies have the ability to access or track certain metrics including:</p> <ul> <li>international mobile subscriber identity (IMSI), which is related to a user’s mobile number and connected to their SIM card</li> <li>international mobile equipment identity (IMEI), which is directly related to their device itself.</li> </ul> <p>Ad servers may also exploit device locations. Private companies can create advertisements targeting devices that are specific to a location, such as a women’s health clinic. And such “geofenced” ad servers can identify a user’s location regardless of whether their location settings are disabled.</p> <p>Further, anonymised phone track data (like call signals pinging off nearby towers) can be purchased from telecommunications providers and de-anonymised.</p> <p>Law enforcement can use this data to trace paths from, say, a fertility clinic to a person’s home or “bed down” location (the spy term for someone’s residence).</p> <p>The bottom line is your phone is a marker for you. A temporary cell phone with an overseas SIM card has been the choice for some people wishing to avoid such tracking.</p> <p>Adding to that, we recently saw headlines about <a href="https://theconversation.com/bunnings-kmart-and-the-good-guys-say-they-use-facial-recognition-for-loss-prevention-an-expert-explains-what-it-might-mean-for-you-185126" target="_blank" rel="noopener">facial recognition technology</a> being used in Australian retail stores – and America is no different. For anyone trying to evade detection, it’s better to swap bank cards for cash, stored-value cards or gift cards when making purchases.</p> <p>And using public transport paid with cash or a ride-share service provides better anonymity than using a personal vehicle, or even a rental.</p> <p>In the spy world, paying attention to one’s dress is critical. Spies change up their appearance, using what they call “polish”, with the help of reversible clothing, hats, different styles of glasses, scarves and even masks (which are ideally not conspicuous these days). In extreme cases, they may even use “appliances” to <a href="https://www.wsj.com/articles/the-cias-former-chief-of-disguise-drops-her-mask-11576168327" target="_blank" rel="noopener">alter their facial characteristics</a>.</p> <p>Then again, while these measures help in the physical world, they do little to stop online detection.</p> <p><strong>Digital stealth</strong></p> <p>Online, the use of a virtual private network (<a href="https://theconversation.com/explainer-what-is-a-virtual-private-network-vpn-12741" target="_blank" rel="noopener">VPN</a>) and/or the onion browser, <a href="https://theconversation.com/explainer-what-is-the-dark-web-46070" target="_blank" rel="noopener">Tor</a>, will help improve anonymity, including from internet service providers.</p> <p>Online you can create and use multiple personas, each with a different email address and “personal data” linked to it. Aliases can be further coupled with software that removes cookies and browser history, which will help conceal one’s online identity.</p> <p>One example is <a href="https://www.ccleaner.com/ccleaner/download" target="_blank" rel="noopener">CCleaner</a>. This program removes privacy-violating cookies and internet history from your device, while improving your device’s privacy.</p> <p>There are also plenty of online applications that allow the use of <a href="https://theconversation.com/dont-be-phish-food-tips-to-avoid-sharing-your-personal-information-online-138613" target="_blank" rel="noopener">temporary email addresses</a> and phone numbers, and even temporary accommodation addresses for package deliveries.</p> <p>To some, these may seem like extreme privacy measures. However, given the widespread collection of identity data by commercial companies and governments – and the resultant collaboration between the two – there’s reason to be concerned for anyone wanting to fly under the radar.</p> <p>And for women seeking abortions in the US, these measures may be necessary to avoid prosecution.</p> <blockquote class="twitter-tweet"> <p dir="ltr" lang="en">Not to be that guy but it seems like it really should be bigger news that the national guard is now helping crack down on abortion protests <a href="https://t.co/DGh83in0Cm">https://t.co/DGh83in0Cm</a></p> <p>— Read Wobblies and Zapatistas (@JoshuaPotash) <a href="https://twitter.com/JoshuaPotash/status/1541527897273409536?ref_src=twsrc%5Etfw">June 27, 2022</a><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p></blockquote> <p><em><a href="https://theconversation.com/profiles/dennis-b-desmond-1252874" target="_blank" rel="noopener">Dennis B Desmond</a>, Lecturer, Cyberintelligence and Cybercrime Investigations, <a href="https://theconversation.com/institutions/university-of-the-sunshine-coast-1068" target="_blank" rel="noopener">University of the Sunshine Coast</a></em></p> <p><em>This article is republished from <a href="https://theconversation.com" target="_blank" rel="noopener">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/after-roe-v-wade-heres-how-women-could-adopt-spycraft-to-avoid-tracking-and-prosecution-186046" target="_blank" rel="noopener">original article</a>.</em></p> <p><em>Image: Getty Images</em></p>

Legal

Placeholder Content Image

“You are disgusting”: Prince William accuses man of stalking his children

<p dir="ltr">The Cambridges seem to be embroiled in a row with YouTube, after the family claim a video that breaches their privacy has been viewed thousands of times despite attempts to block it.</p> <p dir="ltr">The video, which clocked 20,000 views on Monday according to the <em><a href="https://www.nzherald.co.nz/lifestyle/you-are-disgusting-duke-of-cambridge-confronts-stalker-who-came-looking-for-his-children/G2V23LT2HCTYNTOZKGGDJBUQ44/" target="_blank" rel="noopener">NZ Herald</a></em>, shows Prince William confronting a photographer after he was filmed on a bike ride with his family near Sandringham, Norfolk, sometime last year.</p> <p><span id="docs-internal-guid-a49da7cc-7fff-6cab-c9d3-8092ba55f520"></span></p> <p dir="ltr">William is seen reproaching the man, who was videoing the prince, while Kate and their three children are off-camera nearby.</p> <blockquote class="twitter-tweet"> <p dir="ltr" lang="en">Obsessed with Prince William kicking off <a href="https://t.co/NgKgyU5eLZ">pic.twitter.com/NgKgyU5eLZ</a></p> <p>— I Don't Know Her (@l_dont_know_her) <a href="https://twitter.com/l_dont_know_her/status/1541554976689897474?ref_src=twsrc%5Etfw">June 27, 2022</a></p></blockquote> <p dir="ltr">“If you want to have this altercation we can have this altercation,” William says in the clip, while appearing to be calling someone on his mobile phone.</p> <p dir="ltr">Kate can be heard in the background, telling the man, “We came with our children.”</p> <p dir="ltr">“I know, I know, I just realised who it was and I’ve stopped,” the man said.</p> <p dir="ltr">“You didn’t, you’re out here looking for us,” William replied.</p> <p dir="ltr">“You drove past us outside our house, I saw you,” Kate said, which the man denied doing. </p> <p dir="ltr">The man claimed he wasn’t following the family, to which William replies: “Yes you are, you are stalking around here looking for our children”.</p> <p dir="ltr">The Duke of Cambridge then references the incident where the man followed the family while on a bike ride, lashing out when the man denies following them.</p> <p dir="ltr">“You are outrageous, you are disgusting, you really are. How dare you behave like that,” William says.</p> <p dir="ltr">The short clip was uploaded over the weekend, over a year after the incident occurred.</p> <p dir="ltr">Kensington Palace has responded by claiming the clip is a breach of the family’s privacy, with William shown to be on a private bike ride with his family, who were blurred out in the video.</p> <p dir="ltr">It is understood that staff are seeking the removal of the video in line with their usual policy about privacy, which seems to have been successful as of publication.</p> <p dir="ltr">However, versions of the clip continue to circulate on other social media platforms, including TikTok and Twitter.</p> <p dir="ltr">The balance between William’s family’s privacy and their roles in the public eye is something he has spent many years negotiating with the British media, in which he has authorised a small number of photographs of the children to be released each year while insisting on otherwise total privacy.</p> <p dir="ltr">Traditional British print media doesn’t publish videos or photos of the royal family in private situations, particularly when Prince George, Princess Charlotte and Prince Louis are involved.</p> <p dir="ltr">But images are often posted on social media and sold to European publications working under different laws.</p> <p dir="ltr">A spokesperson for YouTube is yet to comment on the situation.</p> <p dir="ltr"><span id="docs-internal-guid-7133d0e2-7fff-91e7-880d-93501fb7d3c1"></span></p> <p dir="ltr"><em>Image: Twitter</em></p>

Legal

Placeholder Content Image

Bunnings and Kmart investigated for use of potentially "unethical" tech

<p dir="ltr">Some of Australia’s biggest retailers are being investigated for potentially invading customer privacy with facial recognition technology. </p> <p dir="ltr">Kmart, Bunnings and The Good Guys have been found to be using facial recognition technology on unsuspecting customers.</p> <p dir="ltr">CHOICE has referred the retailers to the Office of the Australian Information Commissioner (OAIC) to investigate potential breaches of the Privacy Act.</p> <p dir="ltr">Facial recognition analyses images from video cameras to capture each person’s unique facial features, known as a faceprint. </p> <p dir="ltr">“The use of facial recognition by Kmart, Bunnings and The Good Guys is a completely inappropriate and unnecessary use of the technology,” CHOICE consumer data advocate Kate Bower said. </p> <p dir="ltr">“To make matters worse, we found 76% of Australians aren’t aware that retailers are capturing their unique facial features in this way.”</p> <p dir="ltr">Ms Bower slammed the use of the technology which she said is unethical and affects consumer’s trust. </p> <p dir="ltr">“Using facial recognition technology in this way is similar to Kmart, Bunnings or The Good Guys collecting your fingerprints or DNA every time you shop,” she went on. </p> <p dir="ltr">“Businesses using invasive technologies to capture their customers’ sensitive biometric information is unethical and is a sure way to erode consumer trust.”</p> <p dir="ltr">After conducting a survey, CHOICE found that four in five respondents agreed that retailers must inform consumers about the use of facial recognition.</p> <p dir="ltr">Four in five people had concerns about how the biometric data was stored, and three in four respondents were concerned that retailers would use the data to create customer profiles for marketing or profit purposes. </p> <p dir="ltr">“CHOICE observed that Kmart and Bunnings display small signs at the entrance of stores where the technology is in use. However, discreet signage and online privacy policies are not nearly enough to adequately inform shoppers that this controversial technology is in use,” Ms Bower said. </p> <p dir="ltr">“The technology is capturing highly personal data from customers, including infants and children.</p> <p dir="ltr">“CHOICE is concerned that Australian businesses are using facial recognition technology on consumers before Australians have had their say on its use in our community. </p> <p dir="ltr">“With the government currently undergoing a review of the Privacy Act, now is the perfect time to strengthen measures around the capture and use of consumer data, including biometric data.” </p> <p dir="ltr"><em>Images: Shutterstock/Twitter</em></p>

Technology

Placeholder Content Image

ACCC says consumers need more choices about what online marketplaces are doing with their data

<p>Consumers using online retail marketplaces such as eBay and Amazon “have little effective choice in the amount of data they share”, according to the <a href="https://www.accc.gov.au/publications/serial-publications/digital-platform-services-inquiry-2020-2025/digital-platform-services-inquiry-march-2022-interim-report" target="_blank" rel="noopener">latest report</a> of the Australian Competition &amp; Consumer Commission (ACCC) Digital Platform Services Inquiry.</p> <p>Consumers may benefit from personalisation and recommendations in these marketplaces based on their data, but many are in the dark about how much personal information these companies collect and share for other purposes.</p> <p><a href="https://www.accc.gov.au/media-release/concerning-issues-for-consumers-and-sellers-on-online-marketplaces" target="_blank" rel="noopener">ACCC chair Gina Cass-Gottlieb</a> said:</p> <blockquote> <p>We believe consumers should be given more information about, and control over, how online marketplaces collect and use their data.</p> </blockquote> <p>The report reiterates the ACCC’s earlier calls for amendments to the Australian Consumer Law to address unfair data terms and practices. It also points out that the government is considering <a href="https://www.ag.gov.au/integrity/consultations/review-privacy-act-1988" target="_blank" rel="noopener">proposals for major changes to privacy law</a>.</p> <p>However, none of these proposals is likely to come into effect in the near future. In the meantime, we should also consider whether practices such as obtaining information about users from third-party data brokers are fully compliant with existing privacy law.</p> <p><strong>Why did the ACCC examine online marketplaces?</strong></p> <p>The ACCC examined competition and consumer issues associated with “general online retail marketplaces” as part of its <a href="https://www.accc.gov.au/focus-areas/inquiries-ongoing/digital-platform-services-inquiry-2020-2025" target="_blank" rel="noopener">five-year Digital Platform Services Inquiry</a>.</p> <p>These marketplaces facilitate transactions between third-party sellers and consumers on a common platform. They do not include retailers that don’t operate marketplaces, such as Kmart, or platforms such as Gumtree that carry classified ads but don’t allow transactions.</p> <p>The ACCC report focuses on the four largest online marketplaces in Australia: Amazon Australia, Catch, eBay Australia and Kogan. In 2020–21, these four carried sales totalling $8.4 billion.</p> <figure class="align-center "><em><img src="https://images.theconversation.com/files/460716/original/file-20220502-18-4pvx0.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px" srcset="https://images.theconversation.com/files/460716/original/file-20220502-18-4pvx0.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=600&amp;h=401&amp;fit=crop&amp;dpr=1 600w, https://images.theconversation.com/files/460716/original/file-20220502-18-4pvx0.jpg?ixlib=rb-1.1.0&amp;q=30&amp;auto=format&amp;w=600&amp;h=401&amp;fit=crop&amp;dpr=2 1200w, https://images.theconversation.com/files/460716/original/file-20220502-18-4pvx0.jpg?ixlib=rb-1.1.0&amp;q=15&amp;auto=format&amp;w=600&amp;h=401&amp;fit=crop&amp;dpr=3 1800w, https://images.theconversation.com/files/460716/original/file-20220502-18-4pvx0.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;h=503&amp;fit=crop&amp;dpr=1 754w, https://images.theconversation.com/files/460716/original/file-20220502-18-4pvx0.jpg?ixlib=rb-1.1.0&amp;q=30&amp;auto=format&amp;w=754&amp;h=503&amp;fit=crop&amp;dpr=2 1508w, https://images.theconversation.com/files/460716/original/file-20220502-18-4pvx0.jpg?ixlib=rb-1.1.0&amp;q=15&amp;auto=format&amp;w=754&amp;h=503&amp;fit=crop&amp;dpr=3 2262w" alt="" /></em><figcaption><em><span class="caption">Online marketplaces such as Amazon, eBay, Catch and Kogan facilitate transactions between third-party buyers and sellers.</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/new-york-usa-november-1-2018-1219079038" target="_blank" rel="noopener">Shutterstock</a></span></em></figcaption></figure> <p>According to the report, eBay has the largest sales of these companies. Amazon Australia is the second-largest and the fastest-growing, with an 87% increase in sales over the past two years.</p> <p>The ACCC examined:</p> <ul> <li>the state of competition in the relevant markets</li> <li>issues facing sellers who depend on selling their products through these marketplaces</li> <li>consumer issues including concerns about personal information collection, use and sharing.</li> </ul> <p><strong>Consumers don’t want their data used for other purposes</strong></p> <p>The ACCC expressed concern that in online marketplaces, “the extent of data collection, use and disclosure … often does not align with consumer preferences”.</p> <p>The Commission pointed to surveys about <a href="https://www.accc.gov.au/system/files/Consumer%20Policy%20Research%20Centre%20%28CPRC%29%20%2818%20August%202021%29.pdf" target="_blank" rel="noopener">Australian consumer attitudes to privacy</a> which indicate:</p> <ul> <li>94% did not feel comfortable with how digital platforms including online marketplaces collect their personal information</li> <li>92% agreed that companies should only collect information they need for providing their product or service</li> <li>60% considered it very or somewhat unacceptable for their online behaviour to be monitored for targeted ads and offers.</li> </ul> <p>However, the four online marketplaces analysed:</p> <ul> <li>do not proactively present privacy terms to consumers “throughout the purchasing journey”</li> <li>may allow advertisers or other third parties to place tracking cookies on users’ devices</li> <li>do not clearly identify how consumers can opt out of cookies while still using the marketplace.</li> </ul> <p>Some of the marketplaces also obtain extra data about individuals from third-party data brokers or advertisers.</p> <p>The <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3432769" target="_blank" rel="noopener">harms from increased tracking and profiling</a> of consumers include decreased privacy; manipulation based on detailed profiling of traits and weaknesses; and discrimination or exclusion from opportunities.</p> <p><strong>Limited choices: you can’t just ‘walk out of a store’</strong></p> <p>Some might argue that consumers must not actually care that much about privacy if they keep using these companies, but the choice is not so simple.</p> <p>The ACCC notes the relevant privacy terms are often spread across multiple web pages and offered on a “take it or leave it” basis.</p> <p>The terms also use “bundled consents”. This means that agreeing to the company using your data to fill your order, for example, may be bundled together with agreeing for the company to use your data for its separate advertising business.</p> <p>Further, as my research has shown, there is <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3905693" target="_blank" rel="noopener">so little competition on privacy</a> between these marketplaces that consumers can’t just find a better offer. The ACCC agrees:</p> <blockquote> <p>While consumers in Australia can choose between a number of online marketplaces, the common approaches and practices of the major online marketplaces to data collection and use mean that consumers have little effective choice in the amount of data they share.</p> </blockquote> <p>Consumers also seem unable to require these companies to delete their data. The situation is quite different from conventional retail interactions where a consumer can select “unsubscribe” or walk out of a store.</p> <p><strong>Does our privacy law currently permit all these practices?</strong></p> <p>The ACCC has reiterated its earlier calls to amend the Australian Consumer Law to prohibit unfair practices and make unfair contract terms illegal. (At present unfair contract terms are just void, or unenforceable.)</p> <p>The report also points out that the government is considering proposals for major changes to privacy law, but <a href="https://theconversation.com/a-new-proposed-privacy-code-promises-tough-rules-and-10-million-penalties-for-tech-giants-170711" target="_blank" rel="noopener">these changes</a> are uncertain and may take more than a year to come into effect.</p> <p>In the meantime, we should look more closely at the practices of these marketplaces under current privacy law.</p> <p>For example, under the <a href="https://www.legislation.gov.au/Series/C2004A03712" target="_blank" rel="noopener">federal Privacy Act</a> the four marketplaces</p> <blockquote> <p>must collect personal information about an individual only from the individual unless … it is unreasonable or impracticable to do so.</p> </blockquote> <p>However, <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3905693" target="_blank" rel="noopener">some online marketplaces</a> say they collect information about individual consumers’ interests and demographics from “<a href="https://www.ebay.com.au/help/policies/member-behaviour-policies/user-privacy-notice-privacy-policy?id=4260&amp;mkevt=1&amp;mkcid=1&amp;mkrid=705-53470-19255-0&amp;campid=5338596835&amp;customid=&amp;toolid=10001#section4" target="_blank" rel="noopener">data providers</a>” and <a href="https://www.amazon.com.au/gp/help/customer/display.html?nodeId=202075050&amp;ref_=footer_iba" target="_blank" rel="noopener">other third parties</a>.</p> <p>We don’t know the full detail of what’s collected, but demographic information might include our age range, income, or family details.</p> <p>How is it “unreasonable or impracticable” to obtain information about our demographics and interests directly from us? Consumers could ask online marketplaces this question, and complain to the <a href="https://www.oaic.gov.au/privacy/privacy-complaints" target="_blank" rel="noopener">Office of the Australian Information Commissioner</a> if there is no reasonable answer.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important;" src="https://counter.theconversation.com/content/182134/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/katharine-kemp-402096" target="_blank" rel="noopener">Katharine Kemp</a>, Senior Lecturer, Faculty of Law &amp; Justice, UNSW, <a href="https://theconversation.com/institutions/unsw-sydney-1414" target="_blank" rel="noopener">UNSW Sydney</a></em></p> <p><em>This article is republished from <a href="https://theconversation.com" target="_blank" rel="noopener">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/accc-says-consumers-need-more-choices-about-what-online-marketplaces-are-doing-with-their-data-182134" target="_blank" rel="noopener">original article</a>.</em></p> <p><em>Image: Getty Images</em></p>

Technology

Placeholder Content Image

How does Spotify use your data? Even experts aren’t sure

<p dir="ltr">Spotify has revolutionised the music industry, and its ability to recommend music tailored to your personal taste has been a standout feature.</p> <p dir="ltr">But it isn’t the only app to provide this kind of personalised experience, with Artificial Intelligence being used to create your personalised newsfeeds on Facebook and Twitter, recommend purchases on Amazon, or even the order of search results on Google.</p> <p dir="ltr">To achieve this, these apps and websites use our data in their recommendation algorithms - but they are so secretive about these algorithms that we don’t fully know how they work.</p> <p dir="ltr">In a search for answers, a team of New Zealand legal and music experts <a href="https://www.scimex.org/newsfeed/tinder-and-spotifys-fine-print-arent-clear-about-how-they-use-our-data-for-recs" target="_blank" rel="noopener">pored over</a> several versions of the privacy policies and Terms of Use used by Spotify and Tinder to determine how our data is being used as new features have been rolled out.</p> <p dir="ltr">Their work, published in the <em><a href="https://doi.org/10.1080/03036758.2022.2064517" target="_blank" rel="noopener">Journal of the Royal Society of New Zealand</a></em>, found that Spotify’s privacy policy has nearly doubled since its launch in 2012, which reflects an increase in the amount of data the platform now collects.</p> <p dir="ltr"><strong>The algorithm hungers for data</strong></p> <p dir="ltr">Originally, Spotify collected basic information such as the kinds of songs played, the playlists created, and the email address, age, gender, and location of a user, as well as their profile picture, and the pictures and names of their Facebook friends if their profile was linked.</p> <p dir="ltr">In the 2021 policy, Spotify collects voice data, users’ photos, and location data - and the team of experts have connected this expansion to the patents the company owns.</p> <p dir="ltr">That same year, “Spotify was granted a patent that allows the company to promote ‘personalised content’ based on the ‘personality traits’ it detects from voice data and background noise,” the authors wrote, suggesting the algorithm has changed to capture voice data.</p> <p dir="ltr">As for its Terms of Use, the authors found both Spotify and Tinder used ambiguous wording and vague language, despite expectations that it would be somewhat transparent because it is a legal agreement between the platform and its users.</p> <p dir="ltr">They noted that the opaque style of the Terms of Use made analysis more difficult.</p> <p dir="ltr">Despite this, they found that from 2015, Spotify’s recommendations were also influenced by “commercial considerations”, including third-party agreements Spotify had with other companies.</p> <p dir="ltr">The team of experts argue that this particular change “provides ample room for the company to legally highlight content to a specific user based on a commercial agreement”.</p> <p dir="ltr">Meanwhile, Spotify has also started offering artists the option to lower their royalty rate “in exchange for an increased number of recommendations”.</p> <p dir="ltr">Taken together, the authors argue that this means that the playlists made specifically for us could be influenced by factors outside of our control, “like commercial deals with artists and labels”.</p> <p dir="ltr"><strong>Users deserve answers</strong></p> <p dir="ltr">Though they made these findings, the authors note that some will still be speculative while companies stay tight-lipped about how their algorithms work.</p> <p dir="ltr">“When companies are uncooperative, and typical academic inquiry cannot be complete without breaching contractual agreements, we maintain that scholarly investigation can have a speculative character,” they wrote.</p> <p dir="ltr">“This suggestion does not mean that a less academic rigour can be expected or granted about making assumptions on the basis of partial, observable data. Instead, we propose that it is the companies’ remit and burden to refute such assumptions and communicating the clarity of their systems.”</p> <p dir="ltr">With many of us using services like Spotify, Tinder, Google and Amazon on a daily basis, it’s up to these companies to become more transparent in how they use our information with the understanding that we deserve to know what happens to the data that makes us, us.</p> <p><span id="docs-internal-guid-22451cbe-7fff-7512-7ed6-c621fbd456c7"></span></p> <p dir="ltr"><em>Image: Getty Images</em></p>

Technology

Placeholder Content Image

Meghan Markle asks for urgent court ruling over “breach of privacy”

<p><span>Meghan Markle’s lawyers have asked a judge to settle her lawsuit against a newspaper before it goes to trial.</span><br /><br /><span>The 39-year-old Royal is suing Associated Newspapers for an invasion of privacy and copyright infringement over five articles published in the<em> Mail on Sunday</em> and the <em>MailOnline</em> through February of 2019.</span><br /><br /><span>Her legal team have asked a British judge to rule that the publication released a "deeply personal" letter to her estranged father that was "a plain and a serious breach of her rights of privacy".</span><br /><br /><span>The publications included portions of a handwritten letter to her father, Thomas Markle, after her marriage to Prince Harry in 2018.</span><br /><br /><span>Associated Newspapers is contesting the claim, and a full trial is due to be held in the autumn at the High Court.</span><br /><br /><span>It is set to be one of London's highest-profile civil court showdowns for years.</span><br /><br /><span>The Duchess is seeking a summary judgement that would find in her favour and dismiss the newspaper's defence case.</span><br /><br /><span>Her lawyer, Justin Rushbrooke, has that the publisher has "no real prospect" of winning the case.</span><br /><br /><span>"At its heart, it's a very straightforward case about the unlawful publication of a private letter," he said at the start of a two-day hearing, held remotely because of coronavirus restrictions.</span><br /><br /><span>Rushbrooke said Meghan had an understanding that "a heartfelt plea from an anguished daughter to her father" would remain private.</span><br /><br /><span>Lawyers for the Duchess say Thomas Markle, a retired television cinematographer, caused anguish for Meghan and Harry before their May 2018 wedding.</span><br /><br /><span>He gave multiple media interviews and posed for wedding-preparation shots taken by a paparazzi agency.</span><br /><br /><span>He did not attend the wedding ceremony after suffering a heart attack.</span><br /><br /><span>Rushbrooke said Meghan's letter was "a message of peace" and it’s aim was "to stop him talking to the press."</span><br /><br /><span>He said the Duchess took steps to ensure the five-page, 1,250-word letter would not be intercepted.</span><br /><br /><span>She sent it by FedEx through her accountant to her father's home.</span><br /><br /><span>The letter begged Thomas Markle to stop speaking to the media, saying: "Your actions have broken my heart into a million pieces."</span><br /><br /><span>The last sentences, read out in court, were: "I ask for nothing other than peace. And I wish the same for you."</span><br /><br /><span>Lawyers for Associated Newspapers however have argued that Meghan likely knew the letter would one day be published.</span></p>

Legal

Placeholder Content Image

Alex Pullin’s girlfriend leaves heartbreaking note on door: “Respect my privacy”

<p><span>Alex Pullin's mourning girlfriend has left a tear-jerking note on her front door just a day after losing her partner in a tragedy on the the Gold Coast.</span><br /><br /><span>Alex, 32, was a world champion snowboarder who lost his life after going spearfishing in the water at Palm Beach.</span><br /><br /><span>He suffered a blackout at about 10:30 am on Wednesday and did not wake up despite paramedics performing CPR for 45 minutes on Pullin.</span><br /><br /><span>On Thursday his girlfriend Ellidy Vlug honoured her boyfriend with a handwritten letter that she taped to a front door on the Gold Coast home.</span></p> <p><img style="width: 500px; height: 281.25px;" src="https://oversixtydev.blob.core.windows.net/media/7836881/pullin-1.jpg" alt="" data-udi="umb://media/5e2df3ca0b75477091fab15d77f55414" /><br /><br /><span>“Dear media, thank you for your thoughts, this is a very difficult time for me and I ask that you respect my privacy during this period of grief,” Ms Vlug wrote.</span><br /><br /><span>“Know that Chumpy absolutely loved life and lived life to the full.</span><br /><br /><span>“He lived for us – his family, our puppy Rummi, our amazing friends and the home we made together.</span><br /><br /><span>“He was living his dream, our dream.</span><br /><br /><span>“I am eternally grateful that I have lived my life with him and I am deeply saddened that his life has been cut short.</span><br /><br /><span>“Rest in peace my beautiful man.</span><br /><br /><span>“Kind regards, Ellidy.”</span><br /><br /><span>Earlier that day, Ms Vlug told Daily Mail Australia she last saw her boyfriend alive moments before he'd decided to go for a dive, telling him: “Love you, watch out for sharks.”</span><br /><br /><span>Ms Vlug then went for a walk by herself, and when she returned home, she was met by a neighbour at her door telling her a spear fisher had been pulled from the ocean.</span><br /><br /><span>She then raced to the beach with her mother, where she was told the body belonged to her boyfriend of eight years.</span><br /><br /><span>It's been little more than 24 hours since his death, and Ms Vlug and the couple's friends and family can still hardly believe their loss.</span><br /><br /><span>“I don't know what I'm going to do without him,” she said.</span><br /><br /><span>But the 28-year-old model and business owner says she is determined to make him proud.</span></p> <p><span><img style="width: 500px; height: 281.25px;" src="https://oversixtydev.blob.core.windows.net/media/7836880/pullin-2.jpg" alt="" data-udi="umb://media/25ca6ac77f89425786952b2c6085cb9d" /></span></p> <p><span>The couple were parents to one-year-old Rummi, their beloved Kelpie puppy, and Ms Vlug said Pullin absolutely adored her.</span><br /><br /><span>“He was a family man through and through. Me, and his sister and parents and Rummi were his world,” she said.</span><br /><br /><span>Ms Vlug shares a tight-knit relationship with Pullin's parents and sister.</span><br /><br /><span>They all live in New South Wales, so were physically separated during the COVID-19 lockdown, but remained in close contact with each other.</span></p>

Caring

Placeholder Content Image

Beware: Your private data could be shared with strangers

<p>Just to remind us that even the world’s biggest and wealthiest tech companies are not immune to privacy breaches, Google made worldwide headlines recently after a glitch that sent thousands of users’ private videos backed up on Google Photos to complete strangers.</p> <p>Google Takeout is a service that allows Google Photo users to backup their personal data or use it with other apps. <a href="https://www.businessinsider.com.au/google-photos-accidentally-sent-users-private-videos-to-strangers-report-2020-2?r=US&amp;IR=T">Google mixed up user-data</a> and sent many Take-out users’ personal videos to random people.</p> <p>While the issue lasted several days, Google says it only affected 0.01% of users – but with the number of users in excess of 1 billion, the number is believed to run into the thousands.</p> <p>The way big tech companies like Google and Facebook collect, store and share user-data has <a href="https://www.sydneycriminallawyers.com.au/blog/facebook-defiant-in-the-face-of-data-scandal/">come under scrutiny in recent years.</a></p> <p><strong>The ACCC has taken legal action against Google</strong></p> <p>Last year, the Australian consumer watchdog, the Australian Competition and Consumer Commission (ACCC) filed legal proceedings against Google, accusing it of misleading smartphone users about how it collects and uses personal location data.</p> <p>It’s the ACCC’s first lawsuit against a global tech giant, but one which the Commission hopes will send a clear message that tech companies are legally required to inform users of how their data is collected, and how users can stop it from being collected.</p> <p>Other countries are said to be watching the proceedings closely, as they too consider how to keep tech companies accountable.</p> <p>In a nutshell, <a href="https://www.reuters.com/article/us-australia-google-regulator/australian-regulator-files-privacy-suit-against-google-alleging-location-data-misuse-idUSKBN1X804X">the ACCC alleges that Google breached the Australian Consumer Law (ACL)</a> by misleading its users during the years 2017 and 2018 by:</p> <ul> <li>not properly disclosing that two different settings need to be switched off if consumers do not want Google to collect, keep and use their location data, and</li> <li>not disclosing to consumers on which pages personal location data can be used for a purposes unrelated to the consumer’s use of Google services.</li> </ul> <p>Some of the alleged breaches carry penalties of up to A$10 million or 10% of annual turnover.</p> <p>According to the ACCC, Google’s account settings on Android phones and tablets have led consumers to believe that changing a setting on the “Location History” page stops the company from collecting, storing and using their location data. It alleges that Google failed to make clear to consumers that they would actually need to change their choices on a separate setting titled “Web &amp; App Activity” to prevent this from occurring.</p> <p>It is well known that Google collects and uses consumers’ personal location data for purposes other than providing Google services to consumers, although users are often surprised to realise just how much information these tech giants have and profit from.</p> <p>For example, Google uses location data for its navigation platforms, using the data to work out demographic information for the sole purposes of selling targeted advertising. And, as it has become increasingly clear, digital platforms have the ability to track consumers when they are <a href="https://www.sydneycriminallawyers.com.au/blog/smile-facebook-may-soon-be-filming-you/">both online and offline</a> to create highly detailed personal profiles.</p> <p>These profiles are then used to sell products and services, but companies like the ACCC believe the way the information is gathered is misleading or deceptive, and could also breach <a href="http://www.sydneycriminallawyers.com.au/blog/police-hacking-in-australia-a-case-of-breach-of-privacy/">privacy laws</a>.</p> <p><strong>No ‘blanket’ protection for users globally</strong></p> <p>The closest thing to a cross-jurisdiction set of rules regarding privacy rights is the General Data Protection Regulation (EU) 2016/679 (GDPR), which were introduced in 2018 and govern data protection and privacy in the European Union (EU) and the European Economic Area (EEA).</p> <p>The regulation also addresses the transfer of personal data outside the EU and EEA areas. The instrument aims to give individuals control over their personal data and to simplify the regulatory environment for international business by unifying the rules within the EU.</p> <p>Not all companies and organisations have adopted the GDPR. Rather, only those with offices in an EU country or that collect, process or store the personal data of anyone located within an EU country are required to comply with the rules.</p> <p>But because many businesses have an international focus and reach, <a href="https://www.oaic.gov.au/privacy/guidance-and-advice/australian-entities-and-the-eu-general-data-protection-regulation/">many Australian businesses have adopted the regulations</a> and given consumers some assurances regarding privacy.</p> <p>And the GDPR laws do have teeth. In January, a French regulator fined Google 50 million euros (about AUD$82 million) for breaches of privacy laws. And Ireland’s Data Protection Commissioner is currently investigating Google over contravening the privacy rules.</p> <p>Facebook is also under fire for privacy breaches as well as for misuse of data. Last year, it was fined a record-breaking $5 billion in the United States over the misuse of data and inadequate vetting of misinformation campaigns, which were used together to help sway the 2016 presidential election in favour of Donald Trump.</p> <p><strong>Beware of posting or uploading information</strong></p> <p>In the meantime, the ACCC has not yet specified the nature and scope of the corrective notices and other orders it is seeking against Google.</p> <p>However, the regulator has sent warnings to <a href="https://www.sydneycriminallawyers.com.au/blog/thinking-of-getting-a-digital-assistant-device-think-again/">all technology users to be vigilant</a> in updating their privacy settings and being aware the information they provide when setting up devices and apps can be used and, indeed, profited from by tech companies.</p> <p><em>Written by Sonia hickey and Ugur Nedim. Republished with permission of <a href="https://www.sydneycriminallawyers.com.au/blog/beware-your-private-data-could-be-shared-with-strangers/">Sydney Criminal Lawyers.</a> </em></p> <p> </p>

Art

Placeholder Content Image

Australian privacy laws must be strengthened

<p>The Department of Human Services fields thousands of requests for Pharmaceutical Benefits Scheme (PBS) and Medicare Benefits Schedule (MBS) data from state and federal policing agencies each year, complying with the vast majority of them.</p> <p>The information released can, if detailed enough, paint a picture of a person’s medical history, including, for example, any history of mental health issues, HIV, abortion or sexually transmitted diseases.</p> <p><strong>No warrant required</strong></p> <p>And unlike <a href="https://www.sydneycriminallawyers.com.au/blog/my-health-record-a-further-erosion-of-civil-liberties/">My Heath Record</a>, no warrant or court order is needed for the Department to release the information. Instead, it uses its own internal guidelines to decide how it will respond to a police request. These guidelines, which were created more than a decade ago, have not been updated and are not available to public.</p> <p>Until recently, there has been no imperative to release these guidelines until <a href="http://medicalrepublic.com.au/polices-secret-access-to-our-health-data/24892">The Medical Republic</a>, a specialist media publication, won a freedom of information battle to have them brought out into the open.</p> <p>According to the guidelines, department officials are required to consider whether the disclosure of private health data is necessary, and not merely convenient or helpful. They are also meant to check whether the information is available through other channels.</p> <p>Department officials are also supposed to consider whether releasing the private health information is in the public interest as distinct from any private interests of the person seeking the information.</p> <p>In the guidelines, the “public interest” is broadly defined as anything relating to national security, major crime, the administration of <a href="https://www.sydneycriminallawyers.com.au/criminal/">criminal law</a>, or public safety.</p> <p>The guidelines give concrete examples of situations where disclosing private health data to police is in the public interest, such as to assist with police investigations into <a href="https://www.sydneycriminallawyers.com.au/criminal/offences/">serious criminal offences,</a> but also states that “these examples are not to be read as in any way limiting the circumstances in which the release of information may be regarded as necessary in the public interest”.</p> <p><strong>Vague guidelines spark privacy concerns</strong></p> <p>It is precisely the vague nature of the guidelines that has privacy and civil liberties advocates concerned. While the Department says it takes it’s privacy responsibilities “very seriously” and complies with all the relevant legislation, many remain at risk of having personal information disclosed without their consent or even knowledge.</p> <p>There are calls for the guidelines to be updated in line with legislation which governs My Health Record privacy and disclosure. In that regard, laws were introduced in 2009 which require police to obtain a court order to access My Health Record data.</p> <p>The <a href="https://www.servicesaustralia.gov.au/organisations/about-us/publications-and-resources/privacy-policy">Department of Human Services </a> website, which covers the agencies: Centrelink, Medicare and Child Support, outlines its privacy policy as follows:</p> <p>“We are bound by strict confidentiality and secrecy provisions in social security, families, health, child support, redress and disability services law. These provisions limit how we use your information and when and to whom it can be released. We also have obligations under the Privacy Act 1988.”</p> <p>When you dig deeper into the  policy by following relevant page links, the Department discloses how it collects information (including via monitoring the website pages you visit as well as social media), <a href="https://www.servicesaustralia.gov.au/organisations/about-us/publications-and-resources/privacy-policy">and who it shares that information with</a>. The list is extensive.</p> <p><strong>Your right to privacy</strong></p> <p>The <a href="https://www.legislation.gov.au/Details/C2014C00076">Privacy Act 1988</a> (Privacy Act) was introduced to promote and protect the privacy of individuals and to regulate how Australian Government agencies and other businesses and organisations handle our personal information.</p> <p>The Act contains 13 Australian Privacy Principles which regulate collection, storage, access to and disclosure of personal information.</p> <p>Under the Act, personal information is only meant to be collected for a lawful purpose, and your stated rights include:</p> <ul> <li>Being informed what kind of information is being collected about you and how that information is collected.</li> <li>Understanding why your personal data is collected</li> <li>Being able to access your personal information, review it and have it corrected if it is incorrect.</li> <li>To have your data stored securely, protected from interference or misuse, and to be informed of any data breaches that affect you.</li> </ul> <p>The Freedom of Information Act 1982 enables individuals to access their personal information that is held by a business or a government organisation.</p> <p><em>Written by Sonia Hickey. Republished with permission of <a href="https://www.sydneycriminallawyers.com.au/blog/australian-privacy-laws-must-be-strengthened/">Sydney Criminal Lawyers.</a> </em></p> <p><em> </em></p>

Legal

Placeholder Content Image

Robots and drones: The new age of toys

<p>I’m a geek. And as a geek, I love my tech toys. But over time I’ve noticed toys are becoming harder to understand.</p> <p>Some modern toys resemble advanced devices. There are flying toys, walking toys, and roving toys. A number of these require “configuring” or “connecting”.</p> <p>The line between toy, gadget and professional device is blurrier than ever, as manufacturers churn out products including <a href="https://www.t3.com/features/best-kids-drones">drones for kids</a> and <a href="https://www.amazon.com/Hidden-Spy-Nanny-Camera-Wi-fi/dp/B07P7BCYZT">plush toys with hidden nanny cams</a>.</p> <p>With such a variety of sophisticated, and sometimes over-engineered products, it’s clear manufacturers have upped their game.</p> <p>But why is this happening?</p> <p><strong>The price of tech</strong></p> <p>Toys these days seem to be designed with two major components in mind. It’s all about the smarts and rapid manufacture.</p> <p>In modern toys, we see a considerable level of programmed intelligence. This can be used to control the toy’s actions, or have it respond to input to provide real time feedback and interaction – making it appear “smarter”.</p> <p>This is all made possible by the falling price of technology.</p> <p>Once upon a time, placing a microcontroller (a single chip microprocessor) inside a toy was simply uneconomical.</p> <p>These days, they’ll <a href="https://au.rs-online.com/web/c/semiconductors/processors-microcontrollers/microcontrollers/">only set you back a few dollars</a> and allow significant computing power.</p> <p>Microcontrollers are often WiFi and Bluetooth enabled, too. This allows “connected” toys to access a wide range of internet services, or be controlled by a smartphone.</p> <p>Another boon for toy manufacturers has been the rise of prototype technologies, including 3D modelling, 3D printing, and low cost CNC (computer numerical control) milling.</p> <p>These technologies allow the advanced modelling of toys, which can help design them to be “tougher”.</p> <p>They also allow manufacturers to move beyond simple (outer) case designs and towards advanced multi-material devices, where the case of the toy forms an active part of the toy’s function.</p> <p>Examples of this include hand grips (found on console controls and toys including Nerf Blasters), advanced surface textures, and internal structures which support shock absorption to protect internal components, such as wheel suspensions in toy cars.</p> <p><strong>Bot helpers and robot dogs</strong></p> <p>Many recent advancements in toys are there to appease our admiration of automatons, or self operating machines.</p> <p>The idea that an inanimate object is transcending its static world, or is “thinking”, is one of the magical elements that prompts us to attach emotions to toys.</p> <p>And manufacturers know this, with some toys designed specifically to drive emotional attachment. My favourite example of this is roaming robots, such as the artificially intelligent <a href="https://www.anki.com/en-us/vector.html">Anki Vector</a>.</p> <p>With sensors and internet connectivity, the Vector drives around and interacts with its environment, as well as you. It’s even <a href="https://www.amazon.com/Vector-Robot-Anki-Hangs-Helps/dp/B07G3ZNK4Y">integrated with Amazon Alexa</a>.</p> <p>Another sophisticated toy is Sony’s Aibo. This robot pet shows how advanced robotics, microelectronics, actuators (which allow movement), sensors, and programming can be used to create a unique toy experience with emotional investment.</p> <p><span class="attribution"><a href="https://www.shutterstock.com/image-photo/ho-chi-minh-city-vietnam-apr-1095006827" class="source"></a></span><strong>Screens not included</strong></p> <p>Toy manufacturers are also leveraging the rise of smartphones and portable computing.</p> <p>Quadcopters (or drones) and other similar devices often don’t need to include their own display in the remote control, as video can be beamed to an attached device.</p> <p>Some toys even use smartphones as the only control interface (used to control the toy), usually via an app, saving manufacturers from having to provide what is arguably the most expensive part of the toy.</p> <p>This means a smartphone becomes an inherent requirement, without which the toy can’t be used.</p> <p>It would be incredibly disappointing to buy a cool, new toy - only to realise you don’t own the very expensive device required to use it.</p> <p><strong>My toys aren’t spying on me, surely?</strong></p> <p>While spying may be the last thing you consider when buying a toy, there have been several reports of talking dolls <a href="https://www.npr.org/sections/alltechconsidered/2016/12/20/506208146/this-doll-may-be-recording-what-children-say-privacy-groups-charge">recording in-home conversations</a>.</p> <p>There are similar concerns with smart-home assistants such as Amazon Alexa, Google Assistant and Apple’s Siri, which store <a href="https://www.politifact.com/truth-o-meter/statements/2018/may/31/ro-khanna/your-amazon-alexa-spying-you/">your voice recordings in the cloud</a>.</p> <p>These concerns might also be warranted with toys such as the Vector, and Aibo.</p> <p>In fact, anything that has a microphone, camera or wireless connectivity can be considered a privacy concern.</p> <p><strong>Toys of the future</strong></p> <p>We’ve established toys are becoming more sophisticated, but does that mean they’re getting better?</p> <p><a href="https://www.gartner.com/smarterwithgartner/gartner-top-10-strategic-technology-trends-for-2020/">Various</a> <a href="https://www.accenture.com/us-en/insights/technology/technology-trends-2019">reports</a> indicate in 2020, artificial intelligence (AI) and machine learning will continue to be pervasive in our lives.</p> <p>This means buying toys could become an even trickier task than it currently is. There are some factors shoppers can consider.</p> <p>On the top of my list of concerns is the type and number of batteries a toy requires, and how to charge them.</p> <p>If a device has <a href="https://theconversation.com/nearly-all-your-devices-run-on-lithium-batteries-heres-a-nobel-prizewinner-on-his-part-in-their-invention-and-their-future-126197">in-built lithium batteries</a>, can they be easily replaced? And if the toy is designed for outdoors, <a href="https://theconversation.com/why-batteries-have-started-catching-fire-so-often-68602">can it cope with the heat?</a> Most lithium-ion batteries degrade quickly in hot environments.</p> <p>And does the device require an additional screen or smartphone?</p> <p>It’s also worth being wary of what personal details are required to sign-up for a service associated with a toy - and if the toy can still function if its manufacturer should cease to exist, or the company should go bust.</p> <p>And, as always, if you’re considering an advanced, “connected” toy, make sure to prioritise your security and privacy.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important; text-shadow: none !important;" src="https://counter.theconversation.com/content/127503/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: http://theconversation.com/republishing-guidelines --></p> <p><em><a href="https://theconversation.com/profiles/andrew-maxwell-561482">Andrew Maxwell</a>, Senior Lecturer, <a href="http://theconversation.com/institutions/university-of-southern-queensland-1069">University of Southern Queensland</a></em></p> <p><em>This article is republished from <a href="http://theconversation.com">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/robots-ai-and-drones-when-did-toys-turn-into-rocket-science-127503">original article</a>.</em></p>

Technology

Our Partners