(Transcript from World News Radio)
While millions of Australians log on each day to social media websites, are they fully aware of who can access their personal information both in Australia and overseas?
Who can they turn to if they feel their privacy has been breached?
And when they apply for a credit card or a home loan, do they know who can access their personal credit history and what information is being stored about them?
These are some of the questions being raised as new privacy laws are set to be introduced next month after being passed by federal parliament last November.
As Michael Kenny reports, some civil libertarians and privacy advocates believe the new laws don’t go far enough to protecting the rights of consumers in the digital era.
Under the new laws, to be introduced next month, large organisations and agencies that collect personal data would be required to take reasonable steps to notify consumers about the collection and why they are collecting it.
Individuals will also be able to request access to their personal information held by large organisations and agencies and request a correction to that personal information.
Large organisations that send personal data overseas would also be bound by new principles requiring them to take reasonable steps to ensure the data is used in a responsible way.
The Australian Council of Civil Liberties says the laws needed to be updated to recognise the growth of social media websites over recent years where many users are posting personal information about themselves online.
The President of the Council’s New South Wales branch, Stephen Blanks, says it is critical for privacy laws to keep pace with the latest developments in information technology.
“Consumers really need to be given the right to control how information about them is used and sold. These laws will go some way towards that- perhaps more will need to be done to do with social media. But these laws are a good first step.”
The new laws also include more comprehensive credit reporting which will allow the reporting of information about an individual’s credit history over the previous two years to credit providers.
Individuals who fail to make loan or credit card payments on time, may struggle to obtain credit in the future as a result of the changes.
The Australian Privacy Foundation says it welcomes some key aspects of the new laws which it believes will help to strengthen consumers’ rights.
It is particularly pleased with the move to grant individuals the right to request information from large organisations that hold personal information.
It says this may allow consumers to submit requests to large companies like Facebook and Google, allowing them to find out how much personal information they are holding on them and whether they have passed on that information to other parties.
It is unclear at this stage whether large companies may request a fee from consumers to access this information.
Privacy Foundation board member, Associate Professor Katina Michael believes the new laws covering personal data could fail if companies send information to countries with weak privacy laws and regulations.
“Maybe I’m thinking idealistically here, but I’d love for my personal data to at least go to a country abroad, if it is to go to a country at all, where there is some sort of agreement or treaty or some formulated protocol of how that data is to be handled.”
Dr Michael, who lectures in information technology at the University of Wollongong, believes small businesses should not have been exempted from the new privacy laws.
“I think when you look at the makeup of Australia’s businesses- 80 per cent of Australia’s businesses are small businesses hiring a quarter of Australia’s population. Then you’ve got to think, the modern day capability of working with computing- it doesn’t really matter if you’re a small business- you can reach out globally, you have the ability to generate revenue, you have the ability to work with large players in the industry and sometimes these third parties who are actually on the back of these large organisations- they’re not larger than ten persons- they’re very small organisations that for their size are punching above their weight. So I think all organisations whether it’s small, medium or large, need to play by the same rules.”
That’s a view shared by the Executive Director of the consumer lobby group, Electronic Frontiers Australia, John Lawrence.
“The reach of the Privacy Act isn’t broad enough. It really only applies to, in general, large organisations with annual turn-overs of three million dollars or more. There are some exceptions to that in terms of people who deal with credit reporting and other sensitive information. But that’s a kind of general concern that we have about the privacy regime is that it just doesn’t capture the vast majority of organisations and businesses in the country.”
Stephen Blanks from the NSW Council for Civil Liberties takes a different view.
He believes it makes sense to exempt small businesses because they have more limited budgets.
But Mr Blanks says the new laws should have gone further in the social media area.
“People do need to be given a statutory right to be able to delete material that they have posted on social media. At the moment, that right doesn’t exist. I think there are ways in which foreign based social media organisations can be required to comply with Australian law. Google and Facebook and a lot of the other companies have got a business presence in Australia, they’re taking money from businesses in Australia and so they should be required to comply with Australian laws for the products and services that they provide.”
John Lawrence from Electronic Frontiers Australia believes there are a number of positive changes in the new privacy laws, including enhanced powers for the Australian Information Commissioner.
These expanded powers would give the commissioner the power to seek civil penalties in the case of serious or repeated breaches of privacy and seek penalties of up to 1.7 million dollars.
Mr Lawrence believes this should act as a powerful deterrent.
“Some of the penalties are certainly increased significantly which we would hope would start to create the incentive for organisations to put privacy and to put information security as well at the core of their operational practices which is where it really needs to belong.”
But Australian Privacy Foundation board member Dr Katina Michael is more sceptical about the planned penalties, claiming the fines may not go far enough in deterring big profit-making companies.
“I don’t want to cast all doubt on the new amendments, but let’s see some action. Let’s see some action from today onwards. The bill is no longer a bill now. The amendments are through and let’s see the enforcement occurring by the Privacy Commissioner and if I see that action, I’ll say ‘Well that’s great! The commissioner’s powers have been increased and they are actually utilising those powers.”
The new rules will apply to all personal information that a large organisation or agency holds records for on 12 March and not just new information collected after the laws are introduced.