As the saying goes, the road to hell is paved with good intentions.  That may be the sombre story of education apps used during the Pandemic.   The Human Rights Watch has undertaken a detailed study, How Dare They Peep into My Private Life.  Of particular interest is some of the practices of EdTech.  The EdTech apps were used by students in Australia during the lockdowns.  The Victorian and New South Wales Governments have announced inquiries.  The Victorian Information Commissioner raised concerns about education apps as far back as August 2020 stating in a report that “..we consider that schools are at risk of breaching the [Information Privacy Principles] IPPs when using apps and web?based learning tools that handle student personal information.” 

The report has been reported in Itnews with Edtech vendors invaded student privacy: Human Rights Watch,  InnovationAus in ‘Dystopian’: Govt-endorsed education apps surveilling Australian children and the ABC with Investigation reveals tracking by EdTech of millions of Australian school students during COVID lockdowns.

Some interesting findings from the Report Read the rest of this entry »

Artificial Intelligence (“AI”) is revolutionising the way we consume, the way work is done, the way things are built.  The productivity gains have been extraordinary.  It also poses significant public policy challenges.  The problems include a lack of transparency in decision making, the skewed results with potentially poor quality algorithms and the “black box” effect where the path of reasoning is obscured or completely unknown. And it can have a dystopian potential, skewing results against minorities for example.  That is a problem with facial recognition technology and predictive analytics in insurance and criminal investigations.  All of those matters concern the public.  There is a dearth of regulation for the good reason that legislatures are not sure how to properly regulate without harming the positive potential of AI. 

The Singapore Privacy Commissioner has launched AI Verify – An AI Governance Testing Framework and Toolkit.  It is ostensibly designed to allow companies to demonstrate responsible AI.  It is a voluntary scheme. It is certainly a step in the right direction.

The press release by the Infocomm Media Development Authority, Singapore launches world’s first AI testing framework and toolkit to promote transparency; Invites companies to pilot and contribute to international standards development provides Read the rest of this entry »

The US Federal Trade Commission has taken action against Twitter for allowing advertisers to use its customers’ phone numbers and emails for targeted ads.  Customers provided that information to Twitter to protect their accounts.  The practice was reasonably long standing, from at least May 2013 until at least September 2019.  The practice affected more than 140 million Twitter users. 

It is interesting to note that in 2011 the FTC claimed Twitter misrepresented the extent to which it protected its customers privacy and the security of their non public information.  The FTC settled that complaint. 

The complaint states:

From at least May 2013 until at least September 2019, Twitter misrepresented to users of its online communication service the extent to which it maintained and protected the security and privacy of their nonpublic contact information. Specifically, while Twitter represented to users that it collected their telephone numbers and email addresses to secure their accounts, Twitter failed to disclose that it also used user contact information to aid advertisers in reaching their preferred audiences. Twitter’s misrepresentations violate the FTC Act and the 2011 Order, which specifically prohibits the company from making misrepresentations regarding the security of nonpublic consumer information. Plaintiff therefore seeks civil penalties for Twitter’s violations, as well as a permanent injunction and other equitable relief, to ensure Twitter’s future compliance with the law.

and Read the rest of this entry »

A brief review of this website will reveal that there is a constant development of privacy laws throughout the world to meet changes in data handling practices and challenges from those who would interfere with privacy.  Development and improvement of privacy regulation in Australia has been slow, tepid and fitful despite regular recommendations for reform from law reform commissions. 

In Australia the last Federal election did not reveal an enthusiasm for privacy reform as a platform for any major party according to InnovationAus with No privacy reform commitments from major parties.  The article was written last week, prior to the poll.  So in a sense Read the rest of this entry »

On 16 May the European Council approved the Data Governance Act.  It is a complicated and involved document

The Act is designed to provide procedures to facilitate the appropriate reuse of certain protected public sector data, within the EU.

A key element is to define and regulate a model for data intermediation services that would serve as trusted environments for organizations or individuals to share data. Those intermediation services are designed to:

• support voluntary data sharing between companies
• facilitate the fulfillment of data sharing obligations set by law
• permit organisations share data without fear of it being misused or losing competitive advantage
• enable individuals to gain control over their data and allow them to share it with trusted companies

Individuals will have control over how they share their data through novel personal information management tools, such as personal data spaces and/or data wallets.

Data intermediation service providers will be prohibited from profiting from the data that they handle, however they will be able to charge a fee for their services.

The Act introduces safeguards against the unlawful transfer of non-personal data similar to how personal data transfers are regulated under the GDPR.  The European Commission would be able to Read the rest of this entry »

During the recent election campaign the opposition announced that it would hold a Royal Commission into the Government practice of data matching to recover government overpayments described as Robodebt.  The media release on 30 April 2022 provided:

The election has been held and the opposition is now the Government.  InnovationAU reports in Robodebt Royal Commission to be launched this year that a Royal Commission will be established and Read the rest of this entry »

The UK Information Commissioner has imposed a significant fine of £7,552,800 on Clearview AI for illegally collecting personal data of UK residents. The facial images of UK residents were scraped from the internet and fed into Clearview’s database where, with the aide of artificial intelligence, it could use that data to identify those people and monitor them.

Clearview AI continues to maintain that it has done nothing wrong, saying that its technology and intentions have been “misinterpreted.” and claimed that Clearview AI is not subject to the ICO’s jurisdiction.

Clearview has already been the subject of act ion by other regulators. In March 2022 the Italian data protection agency fined Clearview €20 million penalty for breaches of EU law.  In December last year France’s data watchdog, CNIL,found that Clearview had committed two breaches of the the GDPR.    Similarly in February 2021 Canadian privacy commissioners stated that Clearview violated Canadian Privacy laws .  In the United States Cook County, effectively Chicago, and Clearview entered into agreement in settlement of a suit whereby Clearview has agreed to stop providing its technology to most private clients and doing business in Illinois. 

The use of facial recognition technology by police, is belatedly being scrutinised Read the rest of this entry »

The National Institute of Standards and Technology has released  CMVP Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759 and CMVP Approved Sensitive Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759. 

Both documents are more in the way of process than Read the rest of this entry »

In A & J Morphett Nominees Pty Ltd v JBT Lawyers Pty Ltd & Anor [2022] VSC 238 Justice Dixon in upholding an appeal made important statements for practitioners on the role of stakeholders.

FACTS

On 26 November 2018 the appellant and Chloe Estelle Pty Ltd entered into the contract with the appellant paying the deposit of $42,000 to the respondent on 6 December 2018 [4].

On 21 March 2019, the appellant by written notice terminated the contract and requested that the respondent repay the deposit to it [4].

The appellant, A & J Morphett Nominees Pty Ltd, commenced proceedings against Chloe Estelle Pty Ltd, as first defendant, and the respondent, JBT Lawyers Pty Ltd, as second defendant in the Magistrates Court.  In its defence the respondent admitted that it received the deposit sum as a stakeholder as alleged by the appellant [6].

On 24 June 2019, the appellant entered default judgment in the proceeding against Chloe Estelle Pty Ltd, which included an amount for interest and costs [7]. The appellant did not recover against Chloe Estelle Pty Ltd as it was and on 18 July 2019, an administrator was appointed and it was subsequently ordered to be wound up. The liquidators made no claim for the deposit.

It was never been in dispute that the respondent received that sum as a stakeholder for the appellant and Chloe Estelle Pty Ltd [3].

On 29 March 2019, the Federal Circuit Court, per Small J,made an order in a Family Law dispute between different parties.  It relevantly Read the rest of this entry »

As part of the Queen’s Speech, read by the Prince of Wales, the UK government announced that it would introduce a Data Reform Bill.

The Bill proposes to provide the Information Commissioner’s Office with greater powers to take  “stronger action” against businesses that breach data rules.

The background and briefing notes states that the Bill will focus on a flexible, “outcomes-focused” approach rather than “box-ticking,” and will simplify the rules relating to the use of personal data for research purposes.

While the UK government complained that the UK General Data Protection Regulation (“GDPR”) and the Data Protection Act of 2018 as “highly complex and prescriptive” legislation that imposes excessive administrative burdens on business it will nonetheless seek renewal of the European Commission’s adequacy decision  upon its automatic expiry in 2025.  This will permit personal data to continue to flow uninhibited between the EU and the UK.

In the United States the US House of Representatives passed the Promoting Digital Privacy Technologies Act on 11 May 2022. It provides for the Director of the Office of Science and Technology Policy, acting through the Networking and Information Technology Research and Development Program, to coordinate with the Director of the National Science Foundation, the Director of the National Institute of Standards and Technology, the Federal Trade Commission, and the heads of other federal agencies, as appropriate, to accelerate the development, deployment, and adoption of privacy enhancing technologies. This is one way of dealing with privacy intrusions and one that is finding some favour given the disappointing performance of regulators and privacy intrusive legislation that is enacted from time to time.

The bill defines privacy enhancing technology as Read the rest of this entry »