Peter A Clarke

Categories

  • Blogs

  • Civil Liberties & rights

  • Current Affairs

  • Data security

  • Legal blogs

  • Newspapers

  • Overseas legal sites

  • Oz Legal

  • Politics

  • Privacy sites

  • Technology

    • New Zealand Privacy Commissioner releases report showing that data breaches are on the increase, like in Australia

    December 9, 2024

    New Zealand has a Privacy Commissioner and a Privacy Act. The regulator has quite limited powers and the legislation is inadequate compared to other common law and European countries. The Commissioner has released the annual report (found here).

    The Commissioner reported that the office:

    • received a total of 1,003 privacy complaints, up 15% from the previous year, with 279 of those complaints received for investigation.
    • there were 2,751 in-house privacy inquiries.
    • there were 864 privacy breach notifications, of which 414 were serious privacy breaches.
    Read the rest of this entry »

    Posted in New Zealand Privacy Commissioner, Privacy | Post a comment »

    Amendments to the Privacy Act commenced on 30 November 2024. No date proclaimed for commencement of Schedule 2, the statutory tort, so it will commence on 29 May 2025

    December 3, 2024

    Most of the amendments to the Privacy Act 1988 through the Privacy and Other Legislation Amendment Bill 2024 commenced on 30 November 2024. There has been no date proclaimed for Schedule 2 as yet.  In the normal course it would be very surprising if the Government was to, at some stage in the future, actually specify a commencement date if it did not do so immediately. 

    Posted in Privacy | Post a comment »

    Attorney gives insight into Privacy at Law Council of Australia Gala Dinner

    At a Law Council Dinner on Sunday 1 December 2024 the Attorney General waxed lyrical about matters pertaining to his portfolio. In the the course of his speechifying discussed the statutory tort and the anti doxxing provisions.  His defence of the journalist exception is wrong headed.  He claims it is necessary to protect freedom of the press.  That is nonsense.  There is no such exemption in any jurisdiction where there is a tort of privacy and somehow the press thrives in those places.  It was a political not policy decision. It is a terrible mistake.  That said having a tort even if in a weakened form is better than no tort.

    His speech provides:

    Acknowledgements

    Thank you to the Law Council of Australia for hosting yet another wonderful dinner, a dinner I’m delighted to be attending for my third consecutive year since returning as Attorney-General in 2022.

    I acknowledge the traditional owners of the land on which we meet, the Ngunnawal people, and pay my respects to their Elders, past and present. I extend that respect to all Aboriginal and Torres Strait Islander people here today. 

    I thank the President of the Law Council, Greg McIntyre SC, for inviting me to speak tonight. I congratulate and welcome the incoming President, Ms Juliana Warner.

    I also acknowledge

      • Her Excellency the Honourable Sam Mostyn AC, Governor-General of the Commonwealth of Australia, and His Excellency Simeon Beckett SC;
      • My parliamentary colleagues;
      • Current and former members of the judiciary; and
      • Members of the legal profession.

    Legal assistance services

    On 6 September this year First Ministers reached a landmark agreement for a new five year National Access to Justice Partnership.

    And I am very pleased to say that yesterday, 28 November, the final signature from an Attorney-General was obtained, and it has been published today.

    This agreement provides $3.9 billion in support for legal assistance services over five years – the largest Commonwealth funding contribution to the legal assistance sector ever.

    It is a vast improvement on the previous agreement, which expires on 30 June next year.

    Every single part of the legal assistance sector will get more funding.

    The agreement contains nearly $800 million in additional funding, including $500 million to support frontline legal assistance services delivered by Community Legal Centres, Women’s Legal Services, Aboriginal and Torres Strait Islander Legal Services, Legal Aid Commissions and Family Violence Prevention and Legal Services.

    Critically, funding will be ongoing. This means an end to a rolling five-year funding cliff. Instead of fighting for its very existence, the sector will be able to plan for the future. It will be able to more easily attract and retain employees because there is job security. This change may be an underreported element of the new agreement but its significance cannot be underestimated.

    The new agreement also addresses long-standing pay parity issues in the sector. For the first time, the Commonwealth is acting to lift rates of pay for the community legal assistance sector, bringing them closer to Legal Aid Commissions – again increasing the ability of services to attract and retain good lawyers.

    Unlike the previous agreement, with its inadequate fixed rate of indexation, funding will be increased in line with the Wage Cost Index – meaning Commonwealth funding will not go backwards in real terms over the life of the agreement.

    The previous agreement did not provide funding security for individual parts of the sector. States and territories could, if they wished, move money from one part to another, reducing the effective value of the Commonwealth contribution. The new agreement requires jurisdictions to maintain their investment for each part of the sector over the life of the agreement.

    This both maintains the value of the Commonwealth contribution and provides funding certainty to each part of the legal assistance sector.

    As some in this room may remember, the new agreement was announced at a meeting of First Ministers focused on gender-based violence, and appropriately so.

    Access to justice is vital for women and children trying to escape gender-based violence. It can be the difference between leaving and staying in a violent situation. It can be the difference between life and death.

    I’m proud that the largest relative funding increase for legal assistance in the new agreement was for Family Violence Prevention and Legal Services – a 112 per cent increase in Commonwealth funding compared to the preceding five years.

    We know that First Nations women experience disproportionate rates of family violence.

    Nationally, First Nations women are seven times more likely to be homicide victims than non-Indigenous women, and of those women, 75 per cent are killed by a current or former partner.

    First Nations women are 33 times more likely to be hospitalised due to family and domestic violence than non-Indigenous women.

    As my colleague Senator Malarndirri McCarthy, the Minister for Indigenous Australians, has said, this is a national shame.

    Doubling the funding for legal assistance services which help First Nations women escape domestic violence will not solve this problem on its own, but it is an important step forward.

    Let me be clear – I know there will always be unmet need in the sector.

    But I believe the new National Access to Justice Partnership is a momentous step forward.

    That’s why I have been disappointed to see some misrepresentation of what the new Agreement delivers.

    I expect demands from the legal profession for government to do more for the legal assistance sector.

    But misrepresenting facts helps no one, least of all those in the sector.

    Further, it makes little sense to make demands of the Commonwealth only.

    Legal assistance is a shared responsibility, and demands on government should not focus on the national government alone.

    For those in the audience who work in the community legal sector, I would like to say thank you.

    You are among the most talented, committed and hardworking lawyers in the country. The Australian Government values your work. I value your work.

    Privacy

    You may have noticed we passed a few bills last night and early this morning.

    I will go to just two of those tonight.

    The first enacts tranche one of our privacy reform agenda.

    The legislation does a great deal. It:

      • Creates a new statutory tort for serious invasions of privacy;
      • Creates a new criminal offence for the malicious release of personal data online, known as doxxing; and
      • Establishes provisions to enable the development of a new Children’s Online Privacy Code.

    A privacy tort is not a new idea. In fact, that is something of an understatement.

    In his 1969 Boyer Lectures Sir Zelman Cowen endorsed legislation to create an actionable right to seek redress for breaches of privacy.

    The bill provides for a new statutory cause of action for individuals who have suffered a serious invasion of their privacy, and applies it to both physical privacy and information privacy. Read the rest of this entry »

    Posted in Legal, Privacy | Post a comment »

    First the celebration about Privacy Reform quickly followed by a more assessment of the Privacy Commissioner’s resources to exercise her newly granted powers. The reality is sobering

    November 29, 2024

    Following the passage of the Privacy and Other Legislation Amendment Bill 2024 this morning it is not surprising that the Attorney General will take a victory lap with a press release titled Delivering stronger privacy protections for Australians. The sobering reality is that the Office of the Information Commissioner is currently under resourced. Innovation Aus reports in OAIC slashes staff to meet $11m budget crunch that the Office is sacking staff to comply with a 23% budget cut from the government.

    Not surprisingly the Privacy Commissioner took a moment to welcome her increased powers. She made the point of saying it was only the first step. And never a truer word was said.

    It makes little sense to provide enhanced powers to the Commissioner, presumably expecting her to exercise those powers, while cutting the resources necessary to exercise those powers. Unfortunately it is a familiar story with the Privacy Commissioner then Information Commissioner’s office.  That is not to say that the Office has occasionally used this problem as an excuse to be a timid regulator when more action was called for.

    The Attorney General’s media release provides:

    The Albanese Government has delivered landmark legislation to strengthen privacy protections for all Australians and outlaw doxxing.

    Australians want their privacy respected. When they are asked to hand over their personal data Australians expect it will be protected.

    The Privacy and Other Legislation Amendment Bill 2024 implements a first tranche of recommendations from the Privacy Act Review, including:

      • a new statutory tort to address serious invasions of privacy
      • a Children’s Online Privacy Code to better protect children from a range of online harms, including $3 million over three years for the Office of the Australian Information Commissioner to support its development
      • greater transparency for individuals affected by automated decisions
      • streamlined information sharing in the case of an emergency data breach, while ensuring that information is appropriately protected
      • stronger enforcement powers for the Australian Information Commissioner The legislation also introduces new criminal offences to outlaw doxxing with serious criminal penalties of up to 7 years imprisonment. Doxxing is a form of abuse that can affect all Australians but is often used against women in the context of domestic and family violence.

    The Government is committed to ensuring the Privacy Act works for all Australians and is fit for purpose in the digital age.

    The legislation builds on the significant steps already taken by the Albanese Government on privacy, including:

      • significantly increased penalties for repeated or serious privacy breaches
      • greater powers for the Australian Information Commissioner to resolve privacy breaches and quickly share information about data breaches
      • restoration of the standalone position of the Australian Privacy Commissioner

    The legislation passed today is just the first stage of the Albanese Government’s commitment to provide individuals with greater control over their personal information.

    The Albanese Government will continue to consult the Australian community on further privacy reforms.

    The Privacy Commissioner’s media release provides:

    The Office of the Australian Information Commissioner (OAIC) welcomes the passing of the Privacy and Other Legislation Amendment Bill 2024 as a significant step forward in advancing privacy protections for the Australian community.

    The Bill contains significant measures including:

      • the introduction of a statutory tort for serious invasions of privacy, giving individuals a route to seek redress for privacy harms in the courts
      • the expansion of the OAIC’s enforcement and investigation powers, including new tiers of civil penalties and the ability to issue infringement notices
      • a mandate for the OAIC to develop a Children’s Online Privacy Code, which will cover not only social media platforms but any online services likely to be accessed by children
      • a new mechanism to prescribe a ‘white list’ of countries and binding schemes with adequate privacy protections to facilitate cross-border data transfers
      • a requirement that privacy policies contain information about substantially automated decisions which significantly affect individuals’ rights or interests, including the kinds of decisions and kinds of personal information used.

    “These new powers and functions come at a critical time, as privacy harms increase and the Australian community demands more power over their personal information,” Australian Privacy Commissioner Carly Kind said.

    “They have had a long gestation. Many have campaigned for reform – in some cases for more than a decade – so their efforts need to be recognised today.

    “The reforms are an important first step. More needs to be done of course, and we appreciate the government’s commitment to further action.”

    The Innovation article provides:

    The privacy and information watchdog has slashed dozens of staff in response to a 23 per cent budget cut by government and a review by management consultants, sparking fears it will be ill equipped to deal with key policy changes like the social media ban.

    Senior officials confirmed the cuts on Wednesday and said a new  structure at the Office of the Australian Information Commissioner (OAIC) will in place from early next month. Read the rest of this entry »

    Posted in Privacy | Post a comment »

    Privacy and Other Legislation Amendment Bill 2024 passes Senate. It has passed both houses of Parliament and upon receiving Royal Assent will become law

    November 28, 2024

    The Privacy and Other Legislation Amendment Bill 2024 passed the Senate at  9:13PM on Thursday 28 November 2024.  The final vote was 31 ayes and 23 noes.

    With that the the substantive Bill passed both houses of Parliament. The relatively few amendments to the Bill, from recommendations of the Senate Committee Report, will be passed by the House in a special sitting this morning.

    The Statutory tort will be enacted.  It will come into effect on a date fixed by proclamation.  If no such date is fixed it will commence 6 months after the Act receives Royal Assent.  Royal assent occurs when the Bill is signed by the Governor General.  The process is that a certificate is signed by the Attorney-General which is sent to the Governor-General. The Governor-General gives the Royal Assent to the Bill by signing 2 copies of the Bill.

    Royal Assent will take place very soon.

    The Attorney General may advise when the statutory tort will commence but if he doesn’t and there is no specific date fixed by proclamation then it is a fair assumption that the statutory tort will come into effect in early June 2025.

    Posted in Privacy | Post a comment »

    Cyber Security Bill passed into Law on Wednesday

    November 27, 2024

    The Cyber Security Bill has had very quick progress through the Parliament. It was introduced last month, on 9 October 2024, had its second reading debate in the House of Representatives on 19 November, and was passed in the Senate on Monday 25 November 2024. It is part of a parcel of bills, the others being the Intelligence Services and Other Legislation Amendment (Cyber Security) Bill and the Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Bill, to amend the Security of Critical Infrastructure Act 2018.

    The Bills were supported by the Coalition.

    The Ministers Second Reading speech states:

    That this bill be now read a second time.

    In introducing this legislation, I acknowledge the work done in its development from the former Minister for Home Affairs, now the Minister for Housing, and also acknowledge the work of the very large number of members of the Department of Home Affairs in the cybersecurity section, who have worked for some years in the development of the legislation in the national interest that I present to the House today.

    This bill, alongside the Intelligence Services and Other Legislation Amendment (Cyber Security) Bill and the Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Bill, form the cybersecurity legislative reforms package. This package will collectively strengthen our national cyber defences and build cyber-resilience across the Australian economy.

    This suite of legislative reforms will implement key initiatives under the 2023-2030 Australian Cyber Security Strategy. This is a significant step in achieving the Australian government’s vision of becoming a world leader in cybersecurity by 2030. Read the rest of this entry »

    Posted in Privacy | Post a comment »

    The Senate Legal and Constitutional Affairs Legislation Committee releases its report on Privacy and Other Legislation Amendment Bill 2024 [Provisions]

    November 15, 2024

    The Senate Legal and Constitutional Affairs Legislation Committee yesterday released its report on Privacy and Other Legislation Amendment Bill 2024.  It is overwhelmingly supportive of the Bill. 

    Its recommendations are:

    Recommendation 1
     The committee recommends that the minimum consultation period for the Children’s Online Privacy Code is extended to at least 60 days.
    Recommendation 2
    The committee recommends that the bill is amended to include a requirement for the Information Commissioner to consult with relevant industry bodies or organisations when developing the Children’s Online Privacy Code.
    Recommendation 3
    The committee recommends the exclusion for media organisations from accessing personal information during declared emergencies is extended to exclude national broadcasters such as the ABC and Special Broadcasting Service.
    Recommendation 4
    The committee recommends that the bill is amended to empower the Information Commissioner to issue a discretionary notice to an entity to remedy an alleged breach of one or more of the provisions in section 13K before issuing an infringement notice.
    Recommendation 5
    The committee recommends that the Explanatory Memorandum to the bill is amended to make clear that the level of information required in privacy policies is not expected to compromise commercial-in-confidence information about automated decision-making systems.
    Recommendation 6
    The committee recommends that the Commonwealth government considers amending clause 7 of the bill to:
    • require a court to consider the matters of public interest that justify the invasion of the plaintiff’s privacy;
    • not require a defendant to adduce evidence of public interest in every case; and
    •provide that ‘artistic expression’ is a form of freedom of expression.
    Recommendation 7
    The committee recommends that the Commonwealth government considers amending Schedule 2 of the bill to ensure that the journalism exemption applies to a person involved in the publication, re-publication or distribution of journalistic material.
    Recommendation 8
    The committee recommends that Schedule 2 of the bill is amended to make clear that the concept of ‘journalistic material’ for the serious invasions of privacy tort includes ‘editorial’ material.
    Recommendation 9
    The committee recommends that Schedule 2 is amended to make clear that the power conferred on a court to issue an injunction is not limited to an ‘interim’ injunction.
    Recommendation 10
    Subject to the preceding recommendations, the committee recommends that the Senate passes the bill.

    What is notable about the Report is that Read the rest of this entry »

    Posted in Privacy | Post a comment »

    The Australian Information Commissioner publishes a guidance on tracking pixels

    November 5, 2024

    Tracking pixels are HTML code snippets which is loaded when someone visits a website. It is used for tracking user behaviour. Advertisers can use this data for online marketing and web analysis. In the latest of a surge of guidances the Office of the Australian Information Commissioner (“OAIC”) has published guidance on tracking pixels.

    Given the increased powers proposed in the Privacy and Other Amendments Bill 2024 organisations covered by the Privacy Act 1988 need to consider their use of tracking pixels before the amendments come into force.

    The media release provides:

    The Office of the Australian Information Commissioner (OAIC) has released guidance for private sector organisations to ensure they meet their obligations under the Australian Privacy Act when using third-party tracking pixels on their website.

    Publication of the guidance responds to industry demand for greater detail on the application of the Privacy Act to tracking technologies, as well as interest in the topic across government, media and the community.

    Many social media companies and other digital platforms offer tracking pixels. A tracking pixel is a piece of code generated by a third-party provider that can be placed on an organisation’s website to collect information about a user’s activity. When a user visits a webpage with a tracking pixel, the pixel loads and sends certain types of data to the server of the third-party provider.

    Pixels are one of many tracking tools, including cookies, that permit granular user surveillance across the internet and social media platforms. They can be important to business for analysis, advertising and measurement of return on investment.

    “However, many of these tracking tools are harmful, invasive and corrosive of online privacy,” Australian Privacy Commissioner Carly Kind said.

    “This is a real concern in the community with our Australian Community Attitudes to Privacy Survey 2023 finding that 69% of adults did not think it fair and reasonable that their personal information was used for online tracking, profiling and targeted advertising, with that rising to 89% when material was targeted at children.”

    The guidance makes clear that it is the responsibility of the organisation seeking to deploy a third-party tracking pixel on their website to ensure it is configured and used in a way that is compliant with the Privacy Act.

    Before deploying a third-party pixel, organisations should ensure they understand how the product works, identify the potential privacy risks involved and implement measures to mitigate those risks, and not adopt a ‘set and forget’ approach.

    Failing to conduct appropriate due diligence can create a range of privacy compliance and other legal risks.

    Consistent with the OAIC’s recent guidance on the use of generative AI products, the OAIC is seeking to expand its range of guidance for organisations so that they can continue to grow their businesses while meeting privacy obligations in a way that builds community trust.

    The guidance Read the rest of this entry »

    Posted in Commonwealth Privacy Commissioner, Privacy | Post a comment »

    Information Commissioner releases Annual Report

    November 1, 2024

    It is a annual report season for Government agencies and authorities. And that includes that of the Office of the Australian Information Commissioner.Yesterday the Commissioner released its 194 page Annual Report for 2023 – 24. 

    Given the significant amendments to the Privacy Act 1988 it is better to look forward to how the Privacy Commissioner approaches her responsibilities with new found powers rather than poring over the activities of the Privacy Commissioner over the past year.  On that note the work rate improved but it remained a timid regulator by any measure.   Which is a pity given the the Information Commissioner’s remuneration was $576,174 and Deputy Commissioner Elizabeth Hampton was $380,091. The relatively newly appointed Privacy Commissioner, Carly Kind is on $109,239.

    In relation to privacy complaints the the Commissioner stated:

    Privacy has been very much in the spotlight, with the continuing incidence of major data breaches. In 2023–24, we received 13% more notifications under the Notifiable Data Breaches (NDB) scheme than the year prior, when there was a 4% increase. We lifted our response rate, closing 84% of notifications within 60 days (compared to 77% last reporting year). In the 2022–23 financial year we received a 34% increase in privacy complaints. This year, complaints have remained relatively high, with a slight decrease of 5% year on year. We successfully responded to this high demand, finalising 20% more privacy complaints (3,104 in total), building on last year’s increase of 17% (2,576 finalised in total).
    We continued our focus on clearing longer-standing, generally more complex and resource-intensive complaints, finalising 84% (271) of the 322 matters that were over 12 months old as at June 2023. At the same time, more recent complaints increased in age over the reporting period. The volume of complaints, combined with the focus on the longest-standing, meant that by the year’s end there was an overall increase in matters older than 12 months to 729. The OAIC will continue to focus on aging cases through process efficiencies and the strategic application of resources.

     What is quite unusual is that Read the rest of this entry »

    Posted in Commonwealth Privacy Commissioner, Legal, Privacy | Post a comment »

    Irish Data Protection Commission fines LinkedIn Ireland 310 Euros for breaches of the GDPR in its processing of personal data.

    October 25, 2024

    The Australian Government has put forward a Bill to increase penalties for breaches of the Privacy Act. That is to be welcomed. However the penalties available to the regulators under the GDPR dwarf anything the Australian authorities could levy and the obligations are far stricter. That is demonstrated by the Irish Data Protection Commission fining Linked In Ireland 310 million euros for breaches of the GDPR for processing personal data to use it for behavioural analysis and targeted advertising.

    The Commission’s media release:

    The Irish Data Protection Commission (DPC) has today announced its final decision following an inquiry into LinkedIn Ireland Unlimited Company (LinkedIn). This inquiry was launched by the DPC, in its role as the lead supervisory authority for LinkedIn, following a complaint initially made to the French Data Protection Authority.

    The inquiry examined LinkedIn’s processing of personal data for the purposes of behavioural analysis and targeted advertising of users who have created LinkedIn profiles (members). The decision, which was made by the Commissioners for Data Protection, Dr Des Hogan and Dale Sunderland, and notified to LinkedIn on 22 October 2024, concerns the lawfulness, fairness and transparency of this processing. The decision includes a reprimand, an order for LinkedIn to bring its processing into compliance, and administrative fines totalling €310 million. Read the rest of this entry »

    Posted in Privacy | Post a comment »

    « Previous Entries
    Next Entries »