Adsense HTML

Showing posts with label privacy. Show all posts
Showing posts with label privacy. Show all posts

New Californian Privacy Law: CPRA to effectively replace CCPA

On U.S. Election Day, 3 November 2020, voters in the State of California overwhelmingly voted in favour of Proposition 24—a ballot measure that creates the California Privacy Rights Act (CPRA). The CPRA revises and expands the California Consumer Privacy Act (CCPA), creating new industry requirements, consumer privacy rights and enforcement mechanisms. 

The CPRA's new obligations for businesses will come into effect on 1 January 2023.  At that time, the CPRA will effectively replace the CCPA.  In the meantime, the CPRA requires that a new California privacy agency be established and that it adopts implementing regulations.

Australian Privacy Act - government review

The Australian Government is undertaking a complete review of The Australian Privacy Act.

Unfortunately, after a year of work, the government is only giving 4 weeks to make submissions in respect of a very detailed issues paper.

One topic for consideration is whether to legislate and create a privacy tort in Australia.

Further information available here.

Using Covid registration data for marketing is alleged privacy breach

It was only a matter of time.  The restaurant chain Wagamama has been reported to the UK Information Commissioner’s Office (ICO) for allegedly using contact details provided for Covid track and trace to send surveys to customers.

See The Times

Is Facebook carrying on business in Australia

 A recent decision in Australia, concerning whether Facebook could be served in California, was decided by the Federal Court of Australia.  This case arises out of a privacy action brought against Facebook by ACMA in relation to the Cambridge Analytics issues.

"It might be added that the means by which entities carry on business are constantly evolving. Much of the case law in which the concept has been discussed was decided long before the technological advances which underpin many modern forms of commerce. Ultimately, the question whether a particular entity carries on business, and does so in a particular place, is determined by reference to the particular facts. 

The Commissioner submitted that she had established a prima facie case that Facebook Inc carried on business in Australia through a combination of two matters: first, through the agency of Facebook Ireland; and secondly, through certain activities for which Facebook Inc was directly responsible in Australia. ...

Rather, the evidence on this application suggests that, to the extent Facebook Ireland carried on business in Australia, it was carrying on its own businessThe evidence adduced on this application and the inferences available to be drawn do not sufficiently allow for a possible conclusion that Facebook Ireland was also carrying on Facebook Inc’s business to warrant permitting service out of the jurisdiction.

However, for the reasons given next, the Commissioner has established a sufficient prima facie case to warrant exposing Facebook Inc to litigation in Australia on the basis that Facebook Inc directly carried on business in Australia. On its case, a part of Facebook Inc’s business was to provide services to Facebook Ireland, including the processing activities referred to earlier. I am satisfied that there is a prima facie case that Facebook Inc carried out sufficient activity in Australia in its business of providing services to Facebook Ireland for a conclusion to be available that Facebook Inc carried on business in Australia within the meaning of s 5B(3)(b) of the Privacy Act. ...

I am satisfied that the Commissioner has established a prima facie case, in the required sense, that Facebook Inc carried on business in Australia within the meaning of s 5B(3)(b). In summary, the Commissioner has established a sufficient prima facie case that Facebook Inc carried on business in Australia which included providing services to Facebook Ireland."

Australian Information Commissioner v Facebook Inc (No 2) [2020] FCA 1307

Queensland Privacy Review and Law Reform Report

Today, the Queensland Law Reform Commission published a final report, Report No 77Review of Queensland’s laws relating to civil surveillance and the protection of privacy in the context of current and emerging technologies.

The Report includes a draft bill:  DRAFT SURVEILLANCE DEVICES BILL 2020

Facebook in Australia?

Facebook claims it can’t be sued by Aussie privacy watchdog

In a court hearing on Friday, 26 June 202, US-based Facebook has argued that it does not carry on business in Australia despite users in Australia accessing its website, calling for the dismissal of action brought by the Australian Information Commissioner over alleged privacy breaches and Cambridge Analytics.

Facebook in Court over Cambridge Analytics

This recent Australian judgment concerns substituted service on Facebook.  It relates to Cambridge Analytics breach.  Interestingly, it discusses COVID-19.  Facebook did not appear in court.
Australian Information Commission v Facebook Inc [2020] FCA 531

Facebook in Court

In a surprising move, the Australian Information Commissioner has sued Facebook in Australia over giving access to personal information of thousands of Australians to Cambridge Analytica.

https://www.abc.net.au/news/2020-03-09/facebook-privacy-oaic-information-commissioner/12039642

https://www.businessnewsaus.com.au/articles/australian-information-commissioner-takes-facebook-to-court.html

"We consider the design of the Facebook platform meant that users were unable to exercise reasonable choice and control about how their personal information was disclosed," says Australian Information Commissioner and Privacy Commissioner Angelene Falk.

Assaults on Privacy in the USA

A good article in Harvard Magazine titled "How surveillance changes people's behaviour: assaults on privacy in America."  See article here.

EU ePrivacy

On 10 January 2017, the European Commission published a Proposal for a Regulation could have significant implications for Internet-based services and technologies.
The Proposal seeks to revise the current EU ePrivacy Directive.  It creates strict new rules regarding confidentiality of electronic communications, including content and metadata. In addition, the Proposal amends the current rules on the use of cookies and similar technologies, and direct marketing. The rules apply to EU and non-EU companies providing services in the EU, and are backed up by significant enforcement powers—fines of up to four percent of a company's global turnover.
The Proposal is the next major step in the EU's review of its data protection legal framework and follows the adoption of the General Data Protection Regulation (GDPR) in April 2016.

Apple Store Privacy Issues

Do you trust Apple Store employees when they take away your phone to fix it?

Staff in a Brisbane Apple Store reportedly lifted photos from some Apple customers' iPhones and took more than 100 close-up and explicit photos of female customers and staff without their knowledge.

This raises both privacy and copyright issues.  It is also creepy.

See Brisbane Times

Personal Information

The Australian Administrative Appeals Tribunal has decided that companies who collect operational data about services they provide to individual end users, is not personal information about customers.

See Telstra Corporation Limited and Privacy Commissioner [2015] AATA 99 (18 December 2015)

Dallas Buyers Club decision - who won?

The Australian Federal Court decided today that ISP iiNet was required to identify some of its customers who have downloaded the movie "Dallas Buyers Club".  The court imposed restrictions and costs on the copyright holder.  No email addresses were ordered to be disclosed.  Dallas Buyers Club LLC v iiNet Limited [2015] FCA 317.

See Court Decision and SMH Article.

Recommended Reading

I recommend these recent books, which relate to law and technology.  Kindle editions are available.






Privacy

The Australian Privacy Commissioner has released a revised guide to "reasonable steps" to protect personal information.

Comments due 27 August.

"Effective ICT security requires protecting both computer hardware (the physical devices that make up a computer system) as well as the data (including personal information) that the computer hardware holds from misuse, interference, loss, unauthorised access, modification and disclosure. However, ICT security measures should also ensure that the hardware and the information stored on it remain accessible and useful to legitimate users."


However, absolute security is not only impossible but undesirable.  See for example, here and here

Privacy in the Digital Era

The Australian Government announces the release of the Discussion Paper for this Inquiry, Serious Invasions of Privacy in the Digital Era (DP 80).  
The Discussion Paper provides a detailed account of ALRC research so far, and includes 48 proposals and a number of questions for people to consider and provide feedback on. The ALRC is proposing a model for a new statutory cause of action for serious invasions of privacy to be included in a new Commonwealth Act, and also is putting forward other alternative proposals to strengthen privacy protection.
The Discussion Paper is available in HTML, PDF, and as an ebook.
·         See Media Release >>

·         See Discussion Paper >>

Privacy Guidelines in Australia

The Privacy Guidelines are no longer consultation drafts – the final version was released today (link below).

They have reversed their view on the application of the Privacy Act to foreign website operators.  So much so that the guidelines now conclude that “Where an entity merely has a website that can be accessed from Australia, this is generally not sufficient to establish that the website operator is ‘carrying on a business’ in Australia

Informational Privacy on the Web

A Data Broker Offers a Peek Behind the Curtain
The Acxiom Corporation is to open a Web site that will allow individual consumers to see some of the information that the company has collected about them.

http://nyti.ms/17slfwv

New Californian Privacy Law: CPRA to effectively replace CCPA

On U.S. Election Day, 3 November 2020, voters in the State of California overwhelmingly voted in favour of Proposition 24—a ballot measure t...