ABC story on drones, technology, lack of regulation and privacy threat raises relevant issues that have been around since drones started flying

July 15, 2022

The ABC’s quite lengthy piece Drone regulation ‘not keeping up with technology’, lawyers concerned about stalking risks highlights the capability of drones to be used to invade privacy, be used for overt and covert surveillance and be used as an instrument of stalking.  The problem has been present for many years and nothing meaningful has been done to address it.  On 14 July 2014 the House of Representatives Standing Committee on Social Policy and Legal Affairs tabled a report Eyes in the Sky about drone technology with:

  • Chapter 2 titled Our Drone Future
  • Chapter 2 – Safety in the air
  • Chapter 4 – Drones and Privacy

I did a post, House of Representatives hands down report on drones, “Eyes in the Sky”, on the day it was tabled. 

That was 6 years ago to the day plus one.  The recommendations to enhance privacy protection were ignored.  Recommendations 3 – 6  (at pages 48 – 50 of the Report) recommended:

Recommendation 3
The Committee recommends that the Australian Government consider introducing legislation by July 2015 which provides protection against privacy-invasive technologies (including remotely piloted aircraft), with particular emphasis on protecting against intrusions on a person’s seclusion or private affairs.
The Committee recommends that in considering the type and extent of protection to be afforded, the Government consider giving effect to the Australian Law Reform Commission’s proposal for the creation of a tort of serious invasion of privacy, or include alternate measures to achieve similar outcomes, with respect to invasive technologies including remotely piloted aircraft.

Recommendation 4
The Committee recommends that, at the late-2014 meeting of COAG’s Law, Crime and Community Safety Council, the Australian Government initiate action to simplify Australia’s privacy regime by introducing harmonised Australia-wide surveillance laws that cover the use of:
? listening devices
? optical surveillance devices
? data surveillance devices, and
? tracking devices
The unified regime should contain technology neutral definitions of the kinds of surveillance devices, and should not provide fewer protections in any state or territory than presently exist.

Recommendation 5
The Committee recommends that the Australian Government consider the measures operating to regulate the use or potential use of RPAs by Commonwealth law enforcement agencies for surveillance purposes in circumstances where that use may give rise to issues regarding a person’s seclusion or private affairs. This consideration should involve both assessment of the adequacy of presently existing internal practices and procedures of relevant Commonwealth law enforcement agencies, as well as the adequacy of relevant provisions of the Surveillance Devices Act 2004 (Cth) relating but not limited to warrant provisions.
Further, the Committee recommends that the Australian Government initiate action at COAG’s Law, Crime and Community Safety Council to harmonise what may be determined to be an appropriate and approved
use of RPAs by law enforcement agencies across jurisdictions.

Recommendation 6
The Committee recommends that the Australian Government coordinate with the Civil Aviation Safety Authority and the Australian Privacy Commissioner to review the adequacy of the privacy and air safety regimes in relation to remotely piloted aircraft, highlighting any regulatory issues and future areas of action. This review should be
publicly released by June 2016.

The recommendations couldn’t be clearer.  Recommendation 3 specifically called for a tort of serious invasion of privacy.  That is consistent with 2 Australian Law Reform Commission reports since Read the rest of this entry »

Two cases highlight how a statutory tort of interference with privacy would fill a gap in the existing law

Two recent stories highlight the inadequate privacy protections we have in Australia and how technology is making this situation worse.  In  Former model Tziporah Malkah breaks down over nude photos  the Age reports that Tziporah Atarah Malkah, formerly known as Kate Fischer complained of her naked and hardly blurred image being televised without her consent.  The image was secretly filmed by a man she has been in a relationship with.  Her privacy was clearly breached but she had little civil recourse. 

In the second case, as reported by the ABC in Melbourne woman featured in viral TikTok video without consent says she feels ‘dehumanised’ and the Guardian in Melbourne woman ‘dehumanised’ by viral TikTok filmed without her consent  a woman, who gave her name as Maree, was used as a prop for a tik tok video by a Harrison Pawluk.  Harrison approached Maree who was minding her own business at a public shopping centre and asked her to hold a bunch of flowers while he put on his jacket. Then he wished her a good day and walked away, leaving her with the flowers.  She was visibly shocked by the approach and the conclusion.  Harrison had the exchange videotaped and posted it onto tik tok where it has had 57 million views to date.  He posted the video with the line “I hope this made her day better.”  It was a smug and cynical gesture with no shortage of dishonesty attached. It was done to get a post on tik tok, not make a person happy.  Maree was used from start to finish.  She wasn’t Read the rest of this entry »

Canadian Government to regulate use of artificial intelligence as well as enhance privacy protections

July 14, 2022

The Canadian government has introduced a bill titled “An Act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other Acts” which establishes ten principles of a Digital Charter.

It will be interesting to see whether this proposed reform influences the Australian Government’s review of Read the rest of this entry »

Queensland Government releases consultation Paper for reform of Information Privacy legislation

The Queensland Government has issued a consultation paper on proposed reforms to the privacy and right to information legislation.

The announcement relevantly states:

The Queensland Government is seeking your views about proposed reforms to Queensland’s Information privacy and right to information framework.

Queensland’s Information Privacy Act 2009 (IP Act) protects individuals’ privacy by regulating how their personal information is collected and managed by Queensland agencies. The IP Act also provides a right of access to, and amendment of, personal information held by Queensland agencies and ministers.

Queensland’s Right to Information Act 2009 (RTI Act) provides a right of access to information held by Queensland agencies and ministers unless, on balance, it is contrary to the public interest to release the information.

A number of reports have recommended changes to the IP Act and RTI Act. These include the:

Most of the reforms being considered were recommended in these reports.

Reforms being considered include whether:

    • Queensland should have a mandatory data breach notification scheme
    • Queensland’s 2 sets of privacy principles should be replaced with a single set of principles: the Queensland Privacy Principles.

Only focusing on the privacy reforms the proposals can best be described as modest.  To a large extent it hopes to bring the legislation in line with the Commonwealth and other state laws. 

The timing of this paper is curious.  The consultation specifically notes that the Commonwealth is reviewing its Privacy Act 1988 and the Commonwealth Attorney General has suggested the amendments will be significant.  The net result may be that Queensland will amend its legislation to bring it in line with current Commonwealth legislation which will be amended because that legislation is currently inadequate.  In effect the Queensland legislation may be again out of sync with the Commonwealth legislation but more importantly will be definitively inadequate. It is an unusual way to conduct public policy.

The main proposed reforms Read the rest of this entry »

Bank of Queensland fined $133,200 for breach of Consumer Data Rights Rules

July 13, 2022

The Australian Competition and Consumer Commission (ACCC) issued the Bank of Queensland with a penalty of the $133,200 for breaching the Consumer Data Right Rules in failing to have available a service to enable consumers to share their data. The breach was that the BOQ failed to meet its implementation deadline.The ACCC is a practiced litigant and active in enforcing legislation for which it is responsible. So while the breach is actual it relates to a technical breach rather than a breach resulting in material prejudice to any one consumer.  The fine plus the publicity acts as a deterrent against others breaching the Rules. 

The statement from the ACCC relevantly Read the rest of this entry »

Deakin University hit by cyber attack resulting in theft of details of 46,980 current and former students.

Deakin University has been hit with a cyber attack on 10 July affecting 47,000 current and past students.  Yesterday it released a statement under the heading Deakin has been targeted in a cyber attack this week – here’s what happened and what you should do which provides:

Deakin University was recently targeted in a data security breach earlier this week. Deakin sincerely apologises to those impacted by this incident and wants to assure the Deakin community that it is conducting a thorough investigation to prevent a similar incident from occurring again.

What happened?

On Sunday 10 July, Deakin University became aware of an incident in which a staff member’s username and password was hacked and used by an unauthorised person to access information held by a third-party provider.

This third-party has been engaged by Deakin to forward messages prepared by the University to students via SMS. The information accessed by the unauthorised person was then used to send an SMS, as if from Deakin, to 9,997 Deakin students with the following text:

Screenshot of SMS scam

Anyone who clicked on the link was taken to a form which asked for additional information including credit card details.

In addition to sending the SMS, the unauthorised person downloaded the contact details of 46,980 current and past Deakin students. Read the rest of this entry »

Australian Information Commissioner opens investigatoin into Bunnings and Kmart regarding use of facial recognition technology

In light of the finding of a breach of the Privacy Act 1988 by Clearview AI regarding its use of facial recognition technology in Commissioner initiated investigation into Clearview AI, Inc. (Privacy) [2021] AICmr 54 there was always a reasonable chance that the Information Commissioner would respond to the comprehensive complaint made by Choice against Bunnings, Kmart and the Good Guys regarding their use of facial recognition technology.  

Today the Commissioner announced that her office had opened an investigation into Bunnings and Kmart.

The statement provides:

The Office of the Australian Information Commissioner (OAIC) has opened investigations into the personal information handling practices of Bunnings Group Limited and Kmart Australia Limited, focusing on the companies’ use of facial recognition technology.

The investigations follow a report from consumer advocacy group CHOICE about the retailers’ use of facial recognition technology. Read the rest of this entry »

The UK Information Commissioner provides a report to Parliament “Behind the screens” regarding the use of private emails and messaging apps within government & issues of data security and transparency

July 12, 2022

The UK Information Commissioners Office has just released a significant and detailed report titled Behind the screens: ICO calls for review into use of private email and messaging apps within government on the use messaging apps and technologies within government with the associated the issues of privacy, data security and transparency.  The flexibility that comes with using messaging apps has unwelcome consequences when used for official business.  The lack of record of important exchanges goes to proper transparency.  The use of apps and texts have real security issues.  Private exchanges for public business can be problematical.

The media release provides:

The Information Commissioner’s Office (ICO) has today called for a government review into the systemic risks and areas for improvement around the use of private correspondence channels – including private email, WhatsApp and other similar messaging apps. Read the rest of this entry »

Federal Trade Commission issues a warning about the collection and misuse of highly sensitive personal data taken from devices and apps.

The Federal Trade Commission has written an article on its website titled Location, health, and other sensitive information: FTC committed to fully enforcing the law against illegal use and sharing of highly sensitive data regarding the collection of data from smartphones, apps, connected cars and smart home products and then the misuse of of that data by onselling the to aggregators and data brokers. It clearly highlights how the collection of this data can act as a form of surveillance but more specifically identify places where individuals would not wish to be publicised to the third parties.  Aggregators and data brokers are not a chronic problem as in the United States of America however that doesn’t mean there isn’t a problem.  Organisations and government agencies collect masses of data and it is questionable whether they have a requirement for that personal information and the storage of that information is often not properly protected.  There remains a significant problem with the extent to which people consent to the collection of their data. Organisations almost invariably bury consents into the middle of a privacy policy or at the base of a page, physically or on line, which is difficult to read let alone properly understand.

The FTC article should be read by all privacy practitioners.  While it references US law the principles are universal.  It is also cheering that the FTC will crackdown on these unsavoury practices. Hopefully Read the rest of this entry »

UK Information Commissioner’s Office and the National Cyber Security Centre write to the Law Society advising against paying ransomware demands

July 11, 2022

To pay or not to pay ransomware demands, that is a vexed question for organisations.  And what advice should their legal representatives give. As far as the Information Commissioner’s Office (“ICO”) is concerned ransomware demands should be paid. The ICO and the UK National Cyber Security Centre (the”NCSC”) wrote to the UK Law Society and as a reminder that lawyers in the UK should not advise Read the rest of this entry »