8 March 2022

Australian Information Commissioner and Privacy Commissioner Angelene Falk was interviewed for the International Women's Day edition of the Communications Law Bulletin. The Communications Law Bulletin is the publication of the Communications and Media Law Association (CAMLA) and is available to CAMLA members.

Katherine Sessions, Assistant Manager – International Strategy and Futures at the eSafety Commission, talks with Angelene Falk, Australian Information Commissioner and Privacy Commissioner, about Angelene’s career to date and her thoughts on International Women’s Day in 2022.

How did your career path lead you to the Office of the Australian Information Commissioner?

I come from a family of educators where information was highly prized. When I started in my legal career, I was acutely aware that not everyone had equal access to information, or the ability to have their case heard. As a young industrial and discrimination practitioner I was influenced by the privacy harms that I saw; like revealing HIV status to those who didn’t need to know, and that started driving me towards how important information was, both in the ability to access it, and in the ability to protect it.

The right to receive and impart information and ideas, to hold opinions and to be free from arbitrary interference with privacy underpin our democracy including our personal autonomy. When our personal information is misused, it can lead not only to individual harm but to collective societal harm. To my mind the OAIC’s work is at the centre of what it means to work in the public interest.

What developments do you see on the horizon in 2022 for the communications and media legal landscape?

This is going to continue to be a dynamic area of the law: implementing the proposals coming out of the Digital Platforms Inquiry and subsequent reports, a major review of the Privacy Act, a number of regulatory matters involving the big tech players and the accelerated shift to a digital economy.

You would have seen our action against Facebook Inc and Facebook Ireland alleging it committed serious/and or repeated interferences with privacy in contravention of Australian law. As the national privacy regulator, we are holding entities operating in Australia to account for breaches of Australian privacy law. And we expect there to be further regulatory efforts targeted at high privacy impact technologies and the online environment.

You’ll see continued collaboration between the OAIC and domestic regulators like the ACCC, ACMA, and eSafety, as well as APRA and ASIC alongside international cooperation. The intersection with privacy and consumer protection law, online safety, technology and media will increase as we work in concert to achieve the best outcomes in the public interest.

The full review of the Privacy Act by the Attorney-General’s Department is clearly important to the future of privacy. This is a once in a decade opportunity to upgrade a privacy framework that empowers consumers, protects their data and best serves the Australian economy.

Our view is that a strong digital economy needs to be paired with clear responsibility for how personal information is handled, which drove our recommendation for fairness and accountability to be at the centre of the Privacy Act. If we establish a positive duty on organisations to handle personal information fairly and reasonably it will require them to take a proactive approach to meeting their obligations. Ideally, we will have a situation where preventing privacy harms upfront gives greater protection without relying on reactive action by us as regulator.

Separately, the Privacy Legislation Amendment (Enhancing Online Privacy and Other Measures) Bill 2021, released as an exposure draft last year, proposes to increase the penalties for serious privacy breaches. It aligns them with penalties under consumer law and also provides for the development of an online privacy code to regulate social media and data brokerage services and large online platforms. It will require them to be more transparent about how they handle personal information with more stringent requirements and privacy rules for children.

So the communications and media regulatory developments around privacy are set to be a major focus. They present an opportunity for Australia’s data protection frameworks to be world leading.

What’s the best work-related advice you’ve ever received?

When the turbulent seas surround you, go back to your (in my case legislated) purpose. It’s your anchor to keep steady as a rock.

The 2022 International Women’s Day campaign theme is #BreakTheBias. What does this mean to you and how would you suggest this is implemented in our readers’ work and personal lives?

The right to privacy is not gender neutral. There are many ways in which gender bias intersects with privacy regulation and the use of personal information. In using artificial intelligence to make decisions, the gendered features of data sets can lead to a bias against women and to disadvantage others in the community. Online micro targeting based on gender can lead to exclusion of women from markets and opportunities; profiling of children and young people can result in harmful content being served based on the gendered interests perceived by algorithms.

New technologies can disproportionally impact and lead to privacy harms for women: location tracking devices, facial recognition technology. And sadly, we continue to receive cases of improper disclosure of personal information off line by businesses to ex partners who target women in family disputes and domestic violence.

All of these issues reinforce the need for privacy by design. For all your readers, we need to look at how we can build privacy protections into all new technologies and practices to ensure that we address these biases and remove the risks. We want to prevent harms occurring at the outset.

If there is one thing you would celebrate about International Women’s Day in this industry, specifically, what would it be?

If you look at the regulatory network in Australia, there is an extremely strong representation of women in leadership, for example across the ACCC, ACMA, eSafety, ASIC and others. All examples of women doing exceptional work and being recognised for it. And you can also see the very strong representation of women among privacy professionals. I think that should be celebrated, and it presents an evidence base for the many women who work in this area that privacy practice and working for a regulator will support you to realise your career potential in an exciting area of public law and policy, protecting important public interests.