UABS KNOWLEDGE

IN THE MEDIA

Reform of pre-internet Privacy Act vital

7 November 2017

The Government must act to reclaim our lead in technology-friendly privacy law, argues Gehan Gunasekara.

Earlier this month it emerged that a Vehicle Testing NZ employee had given several people's personal information to a gang member. The information had, amongst other things, allowed those people's identities and addresses to be known by gang affiliates.

This is just one illustration of how deeply flawed are the truisms that "privacy is dead", and that "those with nothing to hide have nothing to fear". Personal information about all of us exists that, if misused, can have serious consequences.

Australia updated its federal Privacy Act five years ago and further amendments take effect next year. In the Vehicle Testing NZ example, the agency would have to warn those whose details had been leaked.

The previous Government had committed to bringing in this mandatory breach reporting, as well as empowering the Privacy Commissioner to unilaterally make compliance orders against agencies that frequently flouted privacy standards – currently he or she can only make non-binding findings, and it is up to a tribunal to make binding decisions which can take time.

Australia also requires greater transparency through public notification of organisations' privacy policies. New Zealand should go further to bring its law up to date with today's hyper-connected world.

Consider, for instance, mobile ads. Anyone can now use services such as Google AdWords not only to pitch their products and services, but also to find out information about those who download apps that enable this, including their location data.

App providers should, in future, have to incorporate ‘privacy-by-design’ features so customers can control the purposes for which data is being collected. For example, apps should tell you whenever they collect additional data such as your smartphone's unique identifier.

Similarly, ‘Trojan horse’ technologies – where for instance an app is downloaded to facilitate a service but which then snoops on all other information about the user not related to the service – must be regulated.

Critically, the definition of what counts as personally identifiable information and the protection of digital identity needs to be a focus. No one can deny the benefits gained from being able to analyse large data sets when individuals' data has been combined with that of others, or made anonymous by removing identifying details, but the ability to re-identify someone is now alarmingly easy.

Consider a scenario where researchers analyse all data of secondary students in New Zealand and find that there is a high correlation between those who have studied a particular subject and their future health outcomes. If those student who have taken that subject are then denied a health service, is this a valid use of data?

What if, instead, those who have not studied it are targeted for the service? Are these decisions about individuals or about a class of people with certain attributes? These are matters that must be addressed in any new law.

The new law must be future-proof but, at the same time, ought to respect individuals' rights to keep aspects of their lives off-limits to technology. Already, advanced brain-scanning techniques are being developed that allow our innermost thoughts and feelings to be read by a machine. We may have nothing to hide, but most people would wish to keep some thoughts private.

Read the published article: www.nzherald.co.nz

Gehan Gunasekara

Gehan Gunasekara is an Associate Professor in the University of Auckland Business School's Department of Commercial Law. He is Deputy Chair of the Privacy Foundation New Zealand.

g.gunasekara@auckland.ac.nz

YOU MAY ALSO LIKE

INNOVATION

Why we need to rethink creativity in business

If you want to boost creativity in the workplace, first know what you are dealing with, advises dt ogilvie.

MORE...

IN THE MEDIA

NZ needs the same copyright exemption as US law allows

Fair use allows for limited use of copyrighted material without acquiring permission from copyright owners.

MORE...

COMMERCIAL LAW

Australian privacy laws under a cloud

Michael Kirby reflects on how leading economies were able to reach a consensus on information privacy standards in 1980 and why they have struggled since then to agree on a basis for updating them. He suggests that technological and societal change ought not to marginalise fundamental human rights

MORE...

RELATED CONTENT

ECONOMICS

 

Why there is a lot to like about a universal basic income

Ryan Greenaway-McGrevy sees sense in a state giving away money to its citizens.

MORE...

FINANCE & BANKING

 

Why we need better tools for managing downturns

Reducing the impact of financial downturns should be a higher priority than it is, argues David Mayes.

MORE...

ECONOMICS

 

The global economy: time for a "New Deal"?

Getting back to growth requires a concerted effort, led by the major economies. But success isn't guaranteed, warns David Mayes.

MORE...

IN THE MEDIA

 

Economic spin-off from events is wildly miscalculated

The crass use of multiplier analysis to boost forecast benefits of public and private sector projects needs to be sharply reined in, argues Tim Hazledine.

MORE...