Got a big question on technology and security for “Byte-sized Diplomacy”. Send it through here.
Question: Is it possible to protect privacy in a world of networks and surveillance?
Despite proclamations that the age of privacy is over – Facebook boss Mark Zuckerberg called time more than a decade ago – the ideal is not dead yet. In fact, research shows that Australians care deeply about data privacy and expect business and government action. We’ve seen global efforts to regulate data privacy, but none have got the settings quite right.
For a concept of such importance, “privacy” is notoriously slippery and hard to define. Privacy expert Professor Daniel Solove writes that privacy “is a sweeping concept encompassing freedom of thought, control over one’s body, solitude in one’s home, control over personal information, freedom from surveillance, protection of one’s reputation, and protection from searches and interrogations”.
No Big Brother, in simple terms.
But privacy has been treated as an afterthought in the development of social media, the smartphone and AI. The data economy has created an environment of surveillance, tracking, targeting and potentially oppression. It includes our individual and unique movements, to the mass surveillance capacity of tire pressure sensors.
Australian privacy law as written doesn’t sufficiently regulate a harmful data economy, fuelled by the quantification and monetisation of individuals’ online behaviours. However, before trying to retrofit the law, it is possible to create different kinds of digital infrastructure to rewire the tech to focus on privacy. Indeed, it’s necessary to do so.
No single group should have unlimited or unregulated access to our data and how we feel and react.
Still, the public is impatient for action, and there are signs that the Australian government is turning its mind to the groundswell of concern about how data is collected accessed, resold and distributed. Recent Australian examples of data breaches, including Medibank and Optus, have dramatically heightened concerns about privacy for local consumers and businesses. And it’s not just because of the high-profile cases. One study indicated that Australian personal account breaches saw a quarterly increase of 388% in the first three months of 2024. This equates to an average of 13 accounts being compromised every minute since 2004.
Last year the government reinstated the previously abolished standalone position of Privacy Commissioner, installing Carly Kind in the job, and she has already signalled a stronger enforcement role in privacy protections. Kind has called for new privacy laws and at senate hearings noted the digital ecosystem of data collection and online tracking requires a systemic response to fix.
Attorney-General Mark Dreyfus has also foreshadowed long overdue reform of Australia’s privacy laws (anticipated in August 2024), saying privacy is “critical to the functioning of our free and democratic society”. Evidence in support has come from the ACCC Digital Platform Services Inquiry report, released in May, which details data broking on Australians and provides evidence of the need for increased protection. Last month, the Information Commissioner commenced civil action against Medibank funder the Privacy Act 1988 or failing to protect the personal information of 9.7 million Australians.
These regulatory steps echo international efforts in Europe and some US states. But no standard has established a guide quite yet. The innate connectivity of digital technology means that global implications must be considered. Diplomatic efforts in multilateral forums will be critical to rein in the market power of big tech. Imagine, for example, if the European Union, Australia, India and Indonesia agreed collectively on a privacy preserving digital infrastructure options.
As I wrote earlier this year, no single group should have unlimited or unregulated access to our data and how we feel and react. The level of influence that this affords – whether to tech companies or government – is too large. We can’t declare protecting privacy is impossible until we truly give it a go. And effective privacy legislation will hinge on regulating the data economy.
Privacy is Power author Carissa Véliz captures the issue well by arguing privacy isn’t dead but it is in a state of distress. Or, as others have put it, understanding that privacy is a process, not an outcome. We are always negotiating what levels of privacy we have, and individuals must actively engage in this process. However, “privacy cannot be an accountability that rests solely on the shoulders of individual Australians”. Systemic change is required. Action is needed at the individual, business and government level.