Government announces continued interest in decryption legislation

May 18, 2018

ZdNet reports that the Commonwealth Government is still intent on legislating a power to access encrypted communications.  It will be fascinating to see how this is done legally. But legality is just the easy bit.  How does an Australian Government force an offshore entity to hand over its key or require Read the rest of this entry »

The UK Information Commissioner raises the concerns about the “staggeringly inaccurate” face recognition systems used by the police

May 16, 2018

Facial recognition technology has long been touted as an effective tool in crime prevention and investigation as well as important for national security.  It is also touted as a way of improving efficiency in business and through social media.  Unfortunately the hype does not match the facts.  The algorithms and the quality of images that power facial recognition technology are often below par leading to many false positives.  The technology is also plagued by Read the rest of this entry »

Byrd v United States: a further decision by the US Supreme Court on reasonable expectation of privacy under the Fourteenth Amendment

The US Supreme Court in Byrd v United States, by a unanimous decision, restated that a strong belief in the privacy rights under the Fourteenth Amendment.  It is an important decision on reasonable expectations of privacy but does not change the approach taken by the court on such issues.


In September 2014, Pennsylvania State Troopers pulled over a car driven by  Terrence Byrd. Byrd was the only person in the car. In the course of the traffic stop the troopers learned that the car was rented and that Byrd was not listed on the rental agreement as an authorized driver. The car had been rented by a Latasha Reed.  The car was searched where in the trunk the troopers found body armour and 49 bricks of heroin.  The troopers did not believe they needed consent to search the car.

Read the rest of this entry »

Government announces the opt out window of 16 July – 15 October 2-18 and the guide to the secondary use of My Health Record system data

May 14, 2018

The My Health Record program, providing a summary of one’s personal health information which can be shared with health providers, has not been a public policy success story. The pick up rate has been poor, with about 20% covered but according to the article in last year’s Conversation  Why aren’t more people using the My Health Record? it has only been used by a small percentage of consumers and not even to its intended capacity.  It is not popular with the likely users of the system, general practitioners and hospitals who regard it as not fit for purpose.  The privacy concerns regarding the My Health Records system have been long standing with articles highlighting the problems in 2015.  There is considerable distrust of the system and its vulnerability to data breaches. particularly given Read the rest of this entry »

UK Information Privacy Commissioner releases comprehensive guide for lawful basis for processing data under the General Data Protection Regulation

The issue of consent is very significant under all data protection acts, not least the Australian Privacy Act 1988.  The UK Information Commissioner has released its guidance on consent.  While it is directly applicable to the obligations under the General Data Protection Regulation (the GDPR) the contents will be of use in the Australian context.  Issues relating to consent are common across jurisdictions and the UK Information Commissioner’s guidances are generally Read the rest of this entry »

Another way one of the big Tech companies, this time Google, harvest data exposed

It is trite to say that Google lives off data.  That is the blood that flows through its veins and makes it the financial behemoth it is today.  It is not particularly discerning about how it gets data as Oracle has highlighted to the Australian in quite an impressive exclusive report We’re paying telcos to help Google spy on us.  Those using Android devices on smart phones have, according to Oracle, been transferring data to Google.  Worse still, telcos appear to be transferring data to Google for payment.  Google claims there has been consent, a truly vexed issue in privacy documents and permissions.  That side of the story needs more information. The story has also been covered by Read the rest of this entry »

Major data breach of Family Planning New South Wales with dilatory notice to those affected

Family Planning NSW has had its database of personal information of all clients who contacted it for the past two and a half years compromised by a cyber attack.

The nature of the data could not be more sensitive, and is defined as sensitive information in the Privacy Act, being not only health information but that which relates to contraception and fertility.  The nature of the breach was a bitcoin ransom demand Read the rest of this entry »

Re Mossgreen Pty Ltd (in liquidation) [2018] VSC 230 (9 May 2018): rights to owners of goods held by liquidator under Australian Consumer and Fair Trading Act 2012

In Re Mossgreen Pty Ltd (in liquidation) [2018] VSC 230 Robson J considered the application of the Australian Consumer Law as against the operation of the Corporations Act and powers of liquidators.


The auction house operating through the entity Mossgreen Pty Ltd (in liq) (‘Mossgreen’) went into liquidation on 4 May 2018. Administrators had been appointed on 21 December 2017 [1].

As an auctioneer, Mossgreen held a large quantity of goods (the ‘consigned goods’) belonging to other people (the ‘consignors’) described as being:

(a) goods delivered to it to be auctioned, but which had not yet been auctioned;

(b) goods delivered for auction, but which had failed to sell and which were awaiting collection by their owners; and

(c) goods which, although successfully sold at auction, had not been collected by the successful bidders [2].

which were stored in  three warehouses [3].

Sobraz Pty Ltd (‘Sobraz’), the plaintiff, is the landlord of one of the warehouses, situated at 1 Torteval Place, Clayton [3].

The administrators’ stocktake of the goods cost in excess of $1 million [4]. The administrators sought to levy each consignor with the sum of $353.20 per lot as a condition for releasing the lot to the consignor, asserting an equitable lien [5]. The administrators application for Read the rest of this entry »

Federal Trade Commission settles with mobile device retailer for misleading and deceptive conduct about its privacy policies and data security.

May 7, 2018

The Federal Trade Commissioner announced that it had settled with BLU Products arising from a complaint that it had deceived its customers regarding its privacy policies and data security practices.

Under the decision BLU and any business that it controls will need to Read the rest of this entry »

UK Data Protection Bill will require businesses to hand over information to the Information Commissioner Office within 24 hours

The overhaul/replacement of the UK’s Data Protection Act so as to be compliant with the incoming General Data Protection Regulation (GDPR) will result in increased powers of the Information Commissioner designed to deal quickly with urgent situations, known as urgent information notices from 7 days to 24 hours and empower the information commissioner to obtain a court order to require disclosure of the information referred to in the notice where there has been a failure to comply. There will also be a new offence which would criminalise the destruction, disposal, concealment, blocking or falsification of information and documents the subject of a formal request by  the information commissioner.

When enacted the new look Data Protection Act will be an even more superior piece of regulation to the Australian Privacy Act 1988.  More to the point the UK Information Commissioner has proven to be an effective regulator, using the powers available to her. In Australia the Information Commissioner has been careful not to use his enforcement powers and Read the rest of this entry »