Australia's recently-passed data breach notification legislation, the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth), and its coming into force in 2018, makes an internationally important, yet imperfect, contribution to data breach notification law. Against the backdrop of data breach legislation in the United States and European Union, a comparative analysis is undertaken between these jurisdictions and the Australian scheme to elucidate this argument. Firstly, some context to data breach notification provisions is offered, which are designed to address some of the problems data breaches cause for data privacy and information security. There have been various prominent data breaches affecting Australians over the last few years, which have led to discussion of what can be done to deal with their negative effects. The international context of data breach notification legislation will be discussed, with a focus on the United States and European Union jurisdictions, which have already adopted similar laws. The background to the adoption of the Australia legislation will be examined, including the general context of data privacy and security protection in Australia. The reform itself will be then be considered, along with the extent to which this law is fit for purpose and some outstanding concerns about its application. While data breach notification requirements are likely to be a positive step for data security, further reform is probably necessary to ensure strong cybersecurity. However, such reform should be cognisant of the international trends towards the adoption of data security measures including data breach notification, but lack of alignment in standards, which may be burdensome for entities operating in the transnational data economy.
07 March 2018
'The introduction of data breach notification legislation in Australia: A comparative view' by Angela Daly in (2018) Computer Law and Security Review comments
'Privacy Versus Relatedness: Managing Device Use in Australia’s Remote Aboriginal Communities' by Ellie Rennie, Tyson Yunkaporta, and Indigo Holcombe-James in (2018) 12 International Journal of Communication comments
Aboriginal Australians living in remote communities are likely to be “mobile only” users. The sharing of devices among kin is common and linked to demand sharing practices that stretch back to presettler times. While sharing can produce benefits (acting as a form of insurance), it can also lead to privacy-related problems among this group, including illicit use of banking and social media accounts via shared devices. In this article, we examine the ways in which the aspect of Aboriginal sociality known as relatedness is interacting with online privacy frameworks designed for individual device use and device management. The findings suggest that the sociotechnical frameworks of platforms and devices do not accord with cultural dynamics, including obligations to others. Moreover, efforts by individuals and Elders to avoid privacy-related problems are leading to digital exclusion in various forms, from the deliberate destruction of devices to whole communities opting out of mobile infrastructure.'Privacy's Double Standards' by Scott Skinner-Thompson in (2018) 93 Washington Law Review comments
Where the right to privacy exists, it should be available to all people. If not universally available, then particularly accessible to marginalized individuals who are subject to greater surveillance and are less able to absorb the social costs of privacy violations. But in practice, people of privilege tend to fare better when they bring privacy tort claims than do non-privileged individuals. This, despite doctrine suggesting that those who occupy prominent and public social positions are entitled to diminished privacy tort protections.
This Article unearths disparate outcomes in public disclosure tort cases, and uses the unequal results as a lens to expand our understanding of how constitutional equality principles might be used to rejuvenate beleaguered privacy tort law. Scholars and the Supreme Court have long recognized that the First Amendment applies to the substance of tort law, under a theory that state action is implicated by private tort lawsuits because judges (state actors) make the substantive rule of decision and enforce the law. Under this theory, the First Amendment has been used to limit the scope of privacy and defamation torts as infringing on the privacy invader’s speech rights. But as this Article argues, if state action applies to tort law, other constitutional provisions should also bear on the substance of common law torts.
This Article highlights the selective application of constitutional law to tort law. And it uses the unequal effects of prevailing public disclosure tort doctrine to explore whether constitutional equality principles can be used to reform, or nudge, the currently weak protections provided by black letter privacy tort law. By so doing, the Article also foregrounds a doctrinally-sound basis for a broader discussion of how constitutional liberty, due process, and equality norms might influence tort law across a variety of substantive contexts.
'Evaluating the legitimacy of platform governance: a review of research and a shared research agenda' by Nicolas Suzor, Tess Van Geelen and Sarah Myers West in (2018) International Communication Gazette states
This paper provides an overview of the key values that we argue should underpin an index of the legitimacy of the governance of online intermediaries. The aim is ultimately to allow scholars to rank the policies and practices of intermediaries against core human rights values and principles of legitimate governance in a way that enables comparison across different intermediaries and over time. This work builds on the efforts of a broad range of researchers already working to systematically investigate the governance of social media platforms and telecommunications intermediaries. In this paper, we present our review and analysis of the work that has been carried out to date, using the digital constitutionalism literature to identify opportunities for further research and collaboration.
The theme of this special issue is the deeply contested political question of how human rights should be protected in a digital environment. ‘Digital constitutionalism’ encompasses “a constellation of initiatives that have sought to articulate a set of political rights, governance norms, and limitations on the exercise of power on the Internet” (Gill et al., 2015: 2). One of the key challenges of the digital constitutionalism project is to articulate appropriate limits on the private exercise of power by online intermediaries, how those limits may be imposed, and by whom.
This is a complex problem, and requires a new understanding of constitutionalism in an era where regulation is not only, or even not primarily, done by the state (Black, 2001). We take a broad view of ‘governance’ that encompasses all ‘organized efforts to manage the course of events in a social system’ (Burris et al., 2008: 3). This broad definition focuses attention particularly on the policies and practices of online intermediaries as key actors in the governance of online behaviour.
Intermediaries play a critical role in governing the internet by developing and managing its infrastructure. By ‘intermediaries’, we mean the broad range of entities that “bring together or facilitate transactions between third parties on the Internet” (OECD, 2010: 9). Intermediaries of all types --- the owners of physical pipes, the providers of core routing services, the search engines that make content visible, the content hosts, and the social media platforms --- all shape how people communicate in important but different ways. They are the focal points of control, where pressure can be most effectively deployed to influence user behavior (Goldsmith and Wu, 2006), and the decisions that they make have a real impact on public culture and the social and political lives of their users (DeNardis, 2014). In order to progress the political project of digital constitutionalism, more needs to be known about how intermediaries govern their networks and how their decisions impact the basic rights of individuals in different contexts. In this paper, we present an outline of the values we suggest ought to be measured, a guide to the work that has already been completed, and a sketch for future projects to build upon in their own research design.