Privacy Awareness Week 2020

5 May 2020
Tags: Angelene Falk Privacy Awareness Week

Presentation by Australian Information Commissioner and Privacy Commissioner Angelene Falk to launch Privacy Awareness Week 2020 in Queensland. Recorded in advance on 28 April, 2020

As Australian Information Commissioner and Privacy Commissioner, I am pleased to have the opportunity to join with the Office of the Information Commissioner Queensland to mark Privacy Awareness Week.

Since we started planning for Privacy Awareness Week 2020 the world has changed dramatically.

The COVID-19 pandemic has transformed the way we work and live, and how we communicate.

My thanks to Information Commissioner Rachael Rangihaeata, and Privacy Commissioner Phil Green, for inviting me.

This week is a focal point of the year for my Office as well, and a chance for us all to shine a spotlight on the importance of protecting personal information. And this is more critical than ever.

Privacy and COVID-19

For the OAIC’s campaign this year, we had always planned to focus on online privacy.

That topic has become even more relevant in the shift to the remote working arrangements, and online learning and socialising, that has been necessary to manage the spread of the coronavirus.

In all the stories of tenacity, courage, heartbreak and innovation that are emerging from the health crisis, what also stands out to me is how the pandemic response is drawing more attention to our fundamental human right of privacy.

As regulators, and privacy professionals, we are not the first responders or frontline health workers who make extraordinary contributions every day to protect and care for the community.

So to each and every health care professional, we are indebted.

And we are also indebted to the medical experts, the epidemiologists, the researchers and analysts, who are guiding our response.

But the collection and handling of personal information is also critical to containing COVID-19.

It is part of addressing this health crisis, and ensuring that we emerge from the pandemic with our rights protected.

Privacy laws both enable agile, innovative responses to protect the public interest and protect our fundamental rights. This has never been more evident.

We are having to respond rapidly to privacy issues emerging in our new environment, as governments and business seek solutions to these public health and economic problems.

So as privacy champions, practitioners and watchdogs, we all have a vital role to play in supporting the coronavirus response, by ensuring privacy is safeguarded as an important precondition for achieving public health and economic outcomes.

We know that protecting personal information and minimising impacts on our privacy, is critical for the community trust and confidence needed to find and adopt solutions at speed.

This mission is driving even closer engagement between my office and data protection authorities around Australia and across the world.

We are collaborating to find privacy-protective solutions to the challenges we’re all facing.

It’s why, following the outbreak, my Office and state and territory privacy regulators convened a National COVID-19 Privacy Team, so we can respond to personal information handling proposals with national implications.

Internationally the Global Privacy Assembly brings together more than 130 data protection and privacy authorities from around the world.

And its Executive Committee, on which I serve, is also meeting regularly to exchange information and experiences about how we can help protect privacy and public health globally.

Inside the OAIC, we have set up a COVID taskforce which is working closely with Commonwealth government agencies and business to provide guidance and keep privacy-by-design front of mind for new initiatives.

We are also supporting employers and other organisations with advice on how to take steps to protect personal information in the shift to working from home.

These privacy by design resources include a guide to undertaking a privacy impact assessment for remote working arrangements, FAQs and a step-by-step tool to guide you through the PIA process.

As we make our way through this new world, we must also have a clear path for how we can find our way home when the emergency is over.

And we have longstanding principles and methods to help guide us along this path: privacy impact assessments, the test of whether the collection and use of personal information is a necessary, reasonable and proportionate solution to the problem.

To the extent we can, we need to know how and at what point we will step back from the practices that are needed now but will not be necessary when this crisis is over.

Community attitudes to privacy

This year my Office commissioned a survey of Australians on their attitudes towards privacy.

This is a major survey that we carry out every three years or so, to provide new insights into community attitudes and identify emerging privacy issues to guide our work.

We expect to release the report in coming weeks.

In the meantime, I can share a few early insights with you into how Australians are feeling about privacy.

  • The great majority – 87 per cent of people – are telling us they want more control and choice over the collection and use of their personal information
  • One in three (34%) feel they are in control of their privacy, while just as many (34%) do not
  • We also heard that three in five Australians care about data privacy, but are unclear what to do about it.
  • And while over half of Australians always or often check a website is secure before providing their information, and clear their browsing and search history…
  • …we are seeing fewer people taking these important steps to protect their privacy compared to 2017.
  • Only one in five people read and are confident they understand privacy policies on internet sites.
  • Generally, Australians don’t review privacy policies because they are too long and too hard to read.
  • They want privacy policies that are easy to understand and navigate, that use standard, simple language, and give a Plain English summary at the start.
  • Compared to our last survey, in 2017, we can also see that Australians are increasingly uncomfortable with a range of data practices.
  • More than four in five think it is a misuse for an organisation to:
    • Use information supplied for a specific purpose, for another purpose
    • Or to ask for information that doesn’t seem relevant to the purpose of the transaction, or
    • Or to monitor their activities on the Internet and record information on the sites they visit without their knowledge.

There are some very clear signals in here for regulated entities about what the community expects, and where to improve their privacy practices.

Of course, it also informs the regulatory approach of my Office.

Regulatory priorities

Across all our work, we are focused on giving individuals greater choice and control over the handling of their personal information.

Over the coming year, our compliance and enforcement priorities will include online platforms and social media.

We will be focusing on policies, notices, default settings and consent, and technologies that employ opaque information sharing practices.

Security of personal information remains an ongoing area of regulatory focus.

We will be providing additional guidance and taking targeted action that supports and incentivises sectors experiencing data breaches for them to take reasonable steps to protect personal information.

Our third enforcement priority relates to the implementation of the Consumer Data Right in the banking sector.

This is a landmark reform that involves significant changes to information sharing practices in the financial sector and provides clear, legislated choice and control to consumers, to transfer their data to third parties securely.

Together with the ACCC, we will be monitoring and ensuring compliance with Consumer Data Right regulatory obligations, including undertaking assurance activities.

The OAIC’s agenda

Our survey also sought Australians’ views on digital platforms and other online businesses, and on children’s privacy.

The responses that we have seen so far bring home the need to ensure that privacy safeguards keep pace with the speed of our transition to online life.

That is particularly true for the most vulnerable in our community.

Digital platforms have been a significant focus for regulatory reform in Australia, following the world-leading inquiry led by the Australian Competition and Consumer Commission.

And our survey supports this regulatory focus, and these community views feed into a broader assessment of our privacy framework.

Because 2020 is expected to be a significant year for privacy reform in Australia.

As part of our focus on online platforms and social media, my Office is preparing for the introduction of a binding Privacy Code for the sector, announced by the Australian Government last year.

It will be aimed at:

  • improving individuals’ ability to manage privacy choices through transparent policies and notices
  • ensuring people can give clear, informed and specific consent
  • and protecting children and other vulnerable Australians by ensuring privacy is built into products and services by design.

The Government has also committed to introduce stronger civil penalties to deal with privacy breaches.

These changes intersect with a broader review of the Privacy Act announced by the Government, which provides a critical opportunity to ensure our privacy framework can respond to new challenges in an increasingly digital, and global, environment.

In considering innovative solutions to these issues, we should also look to international models and aim for global interoperability of our privacy laws.

The closing of borders during the COVID-19 crisis has been no barrier for our personal information as it continues to travel around the world.

As we rebuild our economies, minimising regulatory friction and enabling consumer confidence in the use of personal information will be a powerful engine for growth.

These privacy discussions and reforms are still needed, and we should not lose sight of them as we start to make the journey home after the COVID outbreak.

The road to recovery

Right now, there are encouraging signs that we will, in time, be returning to a more normal life.

Like all of us in the privacy community, my Office is focusing our resources to advise, guide and protect personal information and public health.

Economic interests are important and will play a key role in the road back from the pandemic.

What remains constant is the need to support and increase public trust and confidence in the handling of personal information.

This is our long-term vision for privacy in Australia, and this work has never been more important than it is now, as we respond to the very serious challenges presented by the COVID-19 virus.

I want to thank all of you for your strong attention to privacy issues during this time, and I wish you the best of health.