Law Reform Commission seeks input on data privacy

The Australian Law Reform Commission has kicked off its inquiry into serious invasions of privacy in the digital era, with a paper highlighting the privacy issues thrown up by social media, big data, cloud services and drones.

The inquiry was initiated by former Attorney-General Mark Dreyfus and seeks recommendations on legal remedies to reduce serious invasions of privacy in the face of rapid growth in surveillance and communication technologies.

The inquiry is particularly concerned with “the rapidly expanded technological capacity of organisations to track the physical location and activities of individuals, to collect and use information from social media, to aggregate data from many sources, and to intercept and interpret the details of communications”.

The paper cites the information storage capability of consumer devices, the move by consumers to cloud services, the rapid information sharing capabilities of social media platforms, and big data as technologies that are challenging the effectiveness of existing privacy laws.

Individuals are often unaware of the scope of information collected about them without their knowledge, according to the ALRC, and while they may have accepted the terms and conditions imposed by the provider of an online service or application, are often unaware of how the data they have provided might be used.

Possible remedies suggested by the Commission include a “right to be forgotten and to erasure” proposal similar to that being considered in Europe. If this were to be implemented, social media service providers would be required to permanently delete information at the request of the individual.

The paper also discusses increasing concerns about the use of metadata, arguing it is often excluded from the privacy protection that applies to other data.

“It may be appropriate for some existing prohibitions about unauthorised data disclosure to be reviewed,” the paper states.

Data aggregation is also highlighted as an issue, along with the likelihood future technologies and increases in available data may change the risk of re-identification of what was thought to be anonymous data.

On the issue of drones, the paper states the increase in the use of drones by civilians for targeted surveillance may raise privacy concerns that existing air navigation laws and regulations do not address.

“It may be appropriate to consider how existing laws and regulations could better prevent or redress serious invasion of privacy by deliberate aerial surveillance activities, including the use of RPAs.”

Submissions in response to the paper close November 11.