Privacy Awareness Week 2019, which began on Monday 13 May 2019 with a business breakfast hosted by the OAIC in Sydney features the slogan “Don’t be in the dark” on a range of issues relating to privacy.
One of the key issues is the business risk that failure to comply with the Privacy Act poses to businesses. There have been many high profile examples of overseas entities where the cost of failing to meet compliance obligations has been high, see for example the Equifax data breach in 2017. However, closer to home there have been a number of high profile cases which provide illustrative issues for businesses in privacy risk. At the business breakfast on Monday 13 May 2019, the OAIC launched the Notifiable Data Breaches Scheme 12 month Insights Report. This report confirms the continuing role of human error and the need for more operational safeguards around privacy.
As Privacy Awareness Week continues it is instructive to reflect on what is happening around the world in privacy. In the first week of May, the international association of privacy professionals held the Global Privacy Summit in Washington DC where over 4,300 privacy professionals from all over the world converged to learn and share ideas. The conference opened with a keynote address from Danah Boyd, who is an author that has provided significant research and publications on social media and children and whose message contained an important distinction between the simple act of free speech and the technique of amplification in social media.
The opening session was followed by a panel discussion with the three leading data protection commissioners. That is, the UK’s Information Commissioner Elizabeth Denham, the Irish Data Protection Commissioner Helen Dixon and the chairwoman of the European Data Protection Board, Andrea Jelinek.
This was again a fascinating discussion where the focus was on trends and how long it would take before the introduction of the GDPR results in concrete sanctions, especially among the big tech companies. The Irish Commissioner indicated that there are cases before them that are likely to be finalised over the upcoming northern hemisphere summer. The UK Commissioner spoke to the focus on fairness and transparency and the risks to consumers of invisible processing.
There was a discussion amongst the panel as to what was needed to provide appropriate data protection and it was agreed that well-resourced and funded enforcement bodies are a fundamental requirement.
Various sessions held over the conference focused on different areas including AI and algorithmic transparency and accountability – a topic that is increasingly intersecting with privacy issues.
There was also a very interesting address provided by the chairman of the US Federal Trade Commission Joseph Simons.
In this interview, the chairman spoke to some of the structural responses which may be made to privacy concerns which include governance responses and orders which impose governance obligations. There was a discussion about the increasing overlap between privacy and competition law.
The discussion also considered what the FTC has learnt from their past experiences - including that a number of orders that were made in the past were perhaps not sufficiently detailed, and it was indicated that future orders requiring independent assessments would be more robust.
There was also discussion around where technology fits in the regulatory landscape, and in fact, the FTC has recently restructured its operations to include a technology task force within its consumer protection bureau. This is a lesson that may well be relevant to us in Australia.
Another session on data ethics, digital risk and predicting the future canvassed some of the upcoming issues and noted the simultaneous stratification and convergence in the privacy function as it diverges between the operational function and the strategy issue.
In the context of audits, including regulator audits, customer audits and third party audits, a general presentation from some European based practitioners provided some detail as to the experiences they have had to date with regulator reviews and the issues that have arisen.
Lyn Nicholson, who attended the summit, will share more of these insights at our next Privacy roundtable series in June 2019. Click here to register your interest.
Author: Lyn Nicholson
Lyn Nicholson, General Counsel
T: +61 2 8083 0463
Dan Pearce, Partner
T: +61 3 9321 9840
Trent Taylor, Partner
T: +61 7 3135 0668
The information in this publication is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, we do not guarantee that the information in this publication is accurate at the date it is received or that it will continue to be accurate in the future. We are not responsible for the information of any source to which a link is provided or reference is made and exclude all liability in connection with use of these sources.
Published by Lyn Nicholson