Peter A Clarke

Even after writing about privacy for a decade and more, it still never ceases to amaze me that media write in breathless tones about the problem with organisations using and misusing data and personal information as if it was some form of revelation.  The only thing that has changed has been the great efficiency in the misuse.  The latest offering is the Australian’s piece Giants’ data haul sparks call to reform privacy act which is a bit of a spruik dressed up as an article for a conference to be hosted by the Consumer Policy Research Centre on 19 November 2019.

The chief executive is calling for “urgent reform of the Privacy Act” to better protect consumers.  She also wants a Consumer Data Right.  The call to reform the Privacy Act is misconceived.  There is no point increasing the powers of the Information Commissioner when the Information Commissioner remains a culturally weak regulator.  The current powers are not being properly utilised.  Adding another weapon or three into the regulators arsenal will assist not one jot if it will not be used.  A statutory cause of action permitting an individual bring action against an organisation and agency is a necessary first step. To enable groups to bring class actions would be even better.  But those reforms must bypass the Information Commissioner acting as a gatekeeper to taking action.  Properly resourcing the Information Commissioner’s office is also necessary.  That said, even when properly resourced the Office was a poor regulator.  The problems run much, much deeper.  There is a cultural malaise.  To really tackle that requires appointing a new Commissioner from outside who has a knowledge of litigation and an understanding of poor corporate behaviour.  That should be followed by a clean out of the senior ranks generally.  It has been a sleepy hollow for too long.

The collection, aggregation and anlysis of consumer data has been a problem for more than a decade.  It is acute now because the power to process that data is so much cheaper, the algorithms are so much more effective and the linking of data from one organisation to another is some much more pervasive.

Unfortunately the civil society in the privacy space is weak and ineffectual, good at calling for things, not so good at lobbying and effecting changes.

The article says nothing new but it is worth saying it again.  What is interesting is the Australian taking an interest in this issue.  The Oz has been traditionally ferociously opposed to anything that vaguely hints at increasing privacy protections.

The article provides:

Ms Solomon is hosting a Melbourne data conference, dubbed Data (R)Evolution, later this month alongside ACCC chair Rod Sims and eSafety Commissioner Julie Inman Grant, an event she hopes will shift the needle on consumer protections.

She is calling for the introduction of a Consumer Data Right, which will aim to empower more Australian consumers with control over their data.

“We need to raise awareness of these issues,” Ms Solomon said. “We need to bring in different communities and get a shared understanding. These issues are multidimensional and require collective input from a lot of different people.

“From our perspective we need swift privacy reform as a matter of urgency.”

Ms Solomon said currently, consumers might think they have a relationship with one company, but in turn their data is being sold to a whole host of other companies, called data brokers, and the consumer is often not even aware of their existence.

“They’ll take data points like location, biometrics, transaction data, and when the data is combined, companies can make really granular inferences about consumers, things like their marital status, stress levels, and personal interests.

“There needs to be an investigation into data brokers in Australia, we really haven’t got a grip on this issue and we need to come to terms with the reality of what’s going on behind the scenes.”

Ms Solomon pointed to Woolworths and its loyalty card as an example of data misuse. CPRC research found the company collected transaction data not just when a Rewards card is scanned, but also when a user’s credit or debit card is scanned, given it matches to their Rewards account. She said this results in a much larger data collection that extends beyond Woolworths Rewards related purchases.

Personal data is the fuel powering the growth engines of today’s tech behemoths and according to Ms Solomon, consumers are mostly in the dark about the footprints they leave behind every time they are on the web.

From streaming TV shows, podcasts and songs to checking the train timetable, every interaction on the internet leaves behind a trace. These individual footprints can be pieced together to create a map of an individual’s daily habits, their behaviour and their preferences.

According to Ms Solomon, data tracking is now an inescapable part of the internet, with tireless trackers working at all times, both offline and online.

While the data collected is used to provide a gamut of targeted services to consumer, Ms Solomon says the entire architecture of data collection is almost entirely opaque.

“Companies often know an awful lot about a consumer but the consumer doesn’t know much about them.”

“It’s not transparent what data is being collected, and who it’s being shared with,” she said.

“Companies use terms like ‘we share with trusted partners and third parties’, but we have no way of identifying who they are.

She added that most technology companies play lip service to privacy, relying on convoluted policy documents to befuddle consumers.

“Trust is critical to the digital economy and we need to be empowered with our data to have better control and choice. We also need greater protections against exploitation, because as companies gather far more data on people, the power imbalance between consumers and companies increases and therefore the scope for exploitation is greater.

Google is facing a multimillion-dollar fine in Australia, after the consumer watchdog launched federal court action alleging the tech giant misled consumers about the location data it hoovered up.

Location data powers everything from Uber and Deliveroo to Google Maps but the benefits enjoyed by the public comes at a cost.

Child image protection and photo storage solution, Pixevety’s chief marketing officer Tammy Anson says the data is being hoovered up without the express consent of users.

“Location data is collected to assist in targeting ads and search results, for commercial gain but this data is collected without consent or appropriate disclosure.

According to Ms Anson, collecting people’s location data without consent is like stalking.

“Surveying someone’s life 24 hours a day 365 days of the year without their consent or knowledge has to be one of the biggest invasions of privacy ever undertaken by a commercial entity.”