15 November 2019

Privacy Principles

'Privacy Design Strategies' by Jaap-Henk Hoepman in N. Cuppens-Boulahia et al (eds.) SEC 2014, IFIP AICT (International Federation for Information Processing, 2014) defines the notion of a privacy design strategy.

Hoepman comments
These strategies help IT architects to support privacy by design early in the software development life cycle, during concept development and analysis. Using current data protection legislation as point of departure we derive the following eight privacy design strategies:
  • MINIMISE,
  • HIDE, 
  • SEPARATE, 
  • AGGREGATE, 
  • INFORM, 
  • CONTROL, 
  • ENFORCE, and 
  • DEMONSTRATE.
The strategies also provide a useful classification of privacy design patterns and the underlying privacy enhancing technologies. We therefore believe that these privacy design strategies are not only useful when designing privacy friendly systems, but also helpful when evaluating the privacy impact of existing IT systems.
Privacy by design [5] is a system design philosophy that aims to improve the overall privacy1 friendliness of IT systems. Point of departure is the observation that privacy (like security) is a core property of a system that is heavily influenced by the underlying system design. As a consequence, privacy protection cannot be implemented as an add- on. Privacy must be addressed from the outset instead. The fundamental principle of privacy by design is, therefore, that privacy requirements must be addressed throughout the full system development process. In other words starting when the initial concepts and ideas for a new system are drafted, up to and including the final implementation of that system. Privacy by design is gaining importance. For example, the proposal for a new European data protection regulation [10] explicitly requires data protection by design and by default. It is therefore crucial to support developers in satisfying these requirements with practical tools and guidelines.
As explained in Section 2, an important design methodology is the application of so called software design patterns. These design patterns refine the system architecture to achieve certain functional requirements within a given set of constraints. During soft- ware development the availability of practical methods to protect privacy is high during actual implementation, but low when starting the project. Numerous privacy enhanc- ing technologies (PETs) exists that can be applied more or less ’off the shelf’. Before that implementation stage, privacy design patterns can be used during system design. Significantly less design patterns exist compared to PETs, however. And at the start of the project, during the concept development and analysis phases, the developer stands basically empty handed.
This paper aims to close this gap [13,26]. Design patterns do not necessarily play a role in the earlier, concept development and analysis, phases of the software develop- ment cycle. The main reason is that such design patterns are already quite detailed in nature, and more geared towards solving an implementation problem. To guide the de- velopment team in the earlier stages, we define the notion of a privacy design strategy. Because these strategies describe fundamental, more strategic, approaches to protecting privacy, they enable the IT developer to make well founded choices during the concept development and analysis phase as well. These choices have a huge impact on the over- all privacy protection properties of the final system.
The privacy design strategies developed in this paper are derived from existing pri- vacy principles and data protection laws. These are described in section 3. We focus on the principles and laws on which the design of an IT system has a potential impact. By taking an abstract information storage model of an IT system as a point of departure, these legal principles are translated to a context more relevant for the IT developer in section 4. This leads us to define the following privacy design strategies: MINIMISE, HIDE, SEPARATE, AGGREGATE, INFORM, CONTROL, ENFORCE and DEMONSTRATE. They are described in detail in section 5.
We believe these strategies help to support privacy by design throughout the full software development life cycle, even before the design phase. It makes explicit which high level decisions can be made to protect privacy, when the first concepts for a new information system are drafted. The strategies also provide a useful classification of pri- vacy design patterns and the underlying privacy enhancing technologies. We therefore believe that these privacy design strategies are not only useful when designing privacy friendly systems, but that they also provide a starting point for evaluating the privacy impact of existing information systems.

Teaching

Teaching Law Students about Sexual Orientation, Gender Identity and Intersex Status within Human Rights Law: Seven Principles for Curriculum Design and Pedagogy' by Paula Gerber and Claerwen O’Hara in (2019) 68(2) Journal of Legal Education comments
Over the past two decades, sexual orientation, gender identity, and intersex status (SOGII) have become important aspects of human rights law. However, this reality is not widely reflected in the curriculum of human rights law programs. The reasons for this are varied but may include wariness about causing offense by using the wrong terminology or language and concern about the complexities and sensitivities surrounding different issues. This article aims to assist law school educators to overcome these concerns by providing curricular and pedagogical guidance relating to the effective and comprehensive incorporation of SOGII into a human rights law program. In particular, it provides recommendations for educators who wish to establish a stand-alone course on SOGII and human rights, as well as for those who would like to incorporate SOGII-related issues into a more general human rights law course. 
It begins with an overview of the existing scholarship concerning the incorporation of SOGII issues into the law school curriculum. This analysis provides insight into the importance of teaching law students about SOGII, as well as some recommendations on how to do so. However, it also highlights how little scholarly attention has been given to the teaching of SOGII issues in the human rights law setting. 
The article then goes on to posit seven curricular and pedagogical principles on how to teach SOGII issues in the specific context of human rights law. Together, these principles provide a holistic and critical approach that responds to unique aspects of human rights law, including its international focus and the “living” nature of human rights law instruments. This method involves incorporating interdisciplinary topics such as the historical treatment of sexual and gender identity minorities, highlighting the relevance of international relations and political science to rights relating to SOGII, and developing an understanding of queer theory. It also entails examining a wide variety of international and regional human rights norms and processes, as well as applicable domestic laws. In addition, this method encourages an exploration of the role that local and international nongovernmental organizations (NGOs) play in protecting rights relating to SOGII.
There is a somewhat different approach in my ‘Silences And Sexual Diversity: Difference, Comfort And Emulation In Australian First Year Law Teaching And Beyond’ in (2019) 21(1) Flinders Law Journal 49-72.

Corporate Criminal Responsibility

The Australian Law Reform Commission Corporate Criminal Responsibility Discussion Paper (DP 87, 2019) comments that the ALRC has found that
Commonwealth criminal law as it applies to corporations is impenetrably complex and in need of significant reform. There is an overregulation by the criminal law of low-level contraventions and a failure to effectively use the criminal law for serious contraventions.
The Commission offers the following Questions and Proposals 
4. Appropriate and Effective Regulation of Corporations 
Proposal 1 Commonwealth legislation should be amended to recalibrate the regulation of corporations so that unlawful conduct is divided into three categories (in descending order of seriousness): a) criminal offences; b) civil penalty proceeding provisions; and c) civil penalty notice provisions. 
Proposal 2 A contravention of a Commonwealth law by a corporation should only be designated as a criminal offence when: a) the contravention by the corporation is deserving of denunciation and condemnation by the community; b) the imposition of the stigma that attaches to criminal offending is appropriate; c) the deterrent characteristics of a civil penalty are insufficient; and d) there is a public interest in pursuing the corporation itself for criminal sanctions. 
Proposal 3 A contravention of a Commonwealth law by a corporation that does not meet the requirements for designation as a criminal offence should be designated either: a) as a civil penalty proceeding provision when the contravention involves actual misconduct by the corporation (whether by commission or omission) that must be established in court proceedings; or b) as a civil penalty notice provision when the contravention is prima facie evident without court proceedings. 
Proposal 4 When Commonwealth legislation includes a civil penalty notice provision: a) the legislation should specify the penalty for contravention payable upon the issuing of a civil penalty notice; b) there should be a mechanism for a contravenor to make representations to the regulator for withdrawal of the civil penalty notice; and c) there should be a mechanism for a contravenor to challenge the issuing of the civil penalty notice in court if the civil penalty notice is not withdrawn, with costs to follow the event. 
Proposal 5 Commonwealth legislation containing civil penalty provisions for corporations should be amended to provide that when a corporation has: a) been found previously to have contravened a civil penalty proceeding provision or a civil penalty notice provision, and is found to have contravened the provision again; or b) contravened a civil penalty proceeding provision or a civil penalty notice provision in such a way as to demonstrate a flouting of or flagrant disregard for the prohibition; the contravention constitutes a criminal offence. 
Proposal 6 The Attorney-General’s Department (Cth) Guide to Framing Commonwealth Offences, Infringement Notices and Enforcement Powers should be amended to reflect the principles embodied in Proposals 1 to 5 and to remove Ch 2.2.6. 
Proposal 7 The Attorney-General’s Department (Cth) should develop administrative mechanisms that require substantial justification for criminal offence provisions that are not consistent with the Guide to Framing Commonwealth Offences, Infringement Notices and Enforcement Powers as amended in accordance with Proposal 6. 
6. Reforming Corporate Criminal Responsibility 
Proposal 8 There should be a single method for attributing criminal (and civil) liability to a corporation for the contravention of Commonwealth laws, pursuant to which: a) the conduct and state of mind of persons (individual or corporate) acting on behalf of the corporation is attributable to the corporation; and b) a due diligence defence is available to the corporation. 
7. Individual Liability for Corporate Conduct 
Proposal 9 The Corporations Act 2001 (Cth) should be amended to provide that, when a body corporate commits a relevant offence, or engages in conduct the subject of a relevant offence provision, any officer who was in a position to influence the conduct of the body corporate in relation to the contravention is subject to a civil penalty, unless the officer proves that the officer took reasonable measures to prevent the contravention. Proposal 10 The Corporations Act 2001 (Cth) should be amended to include an offence of engaging intentionally, knowingly, or recklessly in conduct the subject of a civil penalty provision as set out in Proposal 9. 
Question A Should Proposals 9 and 10 apply to ‘officers’, ‘executive officers’, or some other category of persons? 
Question B Are there any provisions, either in Appendix I or any relevant others, that should not be replaced by the provisions set out in Proposals 9 and 10? 
8. Whistleblower Protections 
Proposal 11 Guidance should be developed to explain that an effective corporate whistleblower protection policy is a relevant consideration in determining whether a corporation has exercised due diligence to prevent the commission of a relevant offence. 
Question C Should the whistleblower protections contained in the Corporations Act 2001 (Cth), Taxation Administration Act 1953 (Cth), Banking Act 1959 (Cth), and Insurance Act 1973 (Cth) be amended to provide a compensation scheme for whistleblowers? 
Question D Should the whistleblower protections contained in the Corporations Act 2001 (Cth), Taxation Administration Act 1953 (Cth), Banking Act 1959 (Cth), and Insurance Act 1973 (Cth) be amended to apply extraterritorially? 
9. Deferred Prosecution Agreements 
Question E Should a deferred prosecution agreement scheme for corporations be introduced in Australia, as proposed by the Crimes Legislation Amendment (Combatting Corporate Crime) Bill 2017, or with modifications? 
10. Sentencing Corporations 
Proposal 12 Part IB of the Crimes Act 1914 (Cth) should be amended to implement the substance of Recommendations 4–1, 5–1, 6–1, and 6–8 of Same Crime, Same Time: Sentencing of Federal Offenders (ALRC Report 103, April 2006). 
Proposal 13 The Crimes Act 1914 (Cth) should be amended to require the court to consider the following factors when sentencing a corporation, to the extent they are relevant and known to the court: a) the type, size, internal culture, and financial circumstances of the corporation; b) the existence at the time of the offence of a compliance program within the corporation designed to prevent and detect criminal conduct; c) the extent to which the offence or its consequences ought to have been foreseen by the corporation; d) the involvement in, or tolerance of, the criminal activity by management; e) whether the corporation ceased the unlawful conduct voluntarily and promptly upon its discovery of the offence; f) whether the corporation self-reported the unlawful conduct;  g) any advantage realised by the corporation as a result of the offence; h) the extent of any efforts by the corporation to compensate victims and repair harm; i) any measures that the corporation has taken to reduce the likelihood of its committing a subsequent offence, including: i. internal investigations into the causes of the offence; ii. internal disciplinary actions; and iii. measures to implement or improve a compliance program; and j) the effect of the sentence on third parties. This list should be non-exhaustive and should supplement rather than replace the general sentencing factors, principles, and purposes as amended in accordance with Proposal 12. 
Proposal 14 The Corporations Act 2001 (Cth) should be amended to require the court to consider the following factors when imposing a civil penalty on a corporation, to the extent they are relevant and known to the court, in addition to any other matters: a) the nature and circumstances of the contravention; b) any injury, loss, or damage resulting from the contravention; c) any advantage realised by the corporation as a result of the contravention; d) the personal circumstances of any victim of the offence; e) the type, size, internal culture, and financial circumstances of the corporation; f) whether the corporation has previously been found to have engaged in any related or similar conduct; g) the existence at the time of the contravention of a compliance program within the corporation designed to prevent and detect the unlawful conduct; h) whether the corporation ceased the unlawful conduct voluntarily and promptly upon its discovery of the contravention; i) the extent to which the contravention or its consequences ought to have been foreseen by the corporation; j) the involvement in, or tolerance of, the contravening conduct by management; k) the degree of cooperation with the authorities, including whether the contravention was self-reported; l) whether the corporation admitted liability for the contravention; m) the extent of any efforts by the corporation to compensate victims and repair harm; n) any measures that the corporation has taken to reduce the likelihood of its committing a subsequent contravention, including: i. any internal investigation into the causes of the contravention; ii. internal disciplinary actions; and iii. measures to implement or improve a compliance program; o) the deterrent effect that any order under consideration may have on the corporation or other corporations; and p) the effect of the penalty on third parties. 
Proposal 15 The Crimes Act 1914 (Cth) should be amended to provide the following sentencing options for corporations that have committed a Commonwealth offence: a) orders requiring the corporation to publicise or disclose certain information; b) orders requiring the corporation to undertake activities for the benefit of the community; c) orders requiring the corporation to take corrective action within the organisation, such as internal disciplinary action or organisational reform; d) orders disqualifying the corporation from undertaking specified commercial activities; and e) orders dissolving the corporation. 
Proposal 16 The Corporations Act 2001 (Cth) should be amended to provide the following non-monetary penalty options for corporations that have contravened a Commonwealth civil penalty provision: a) orders requiring the corporation to publicise or disclose certain information; b) orders requiring the corporation to undertake activities for the benefit of the community; c) orders requiring the corporation to take corrective action within the organisation, such as internal disciplinary action or organisational reform; and d) orders disqualifying the corporation from undertaking specified commercial activities. 
Proposal 17 The Corporations Act 2001 (Cth) should be amended to provide that a court may make an order disqualifying a person from managing corporations for a period that the court considers appropriate, if that person was involved in the management of a corporation that was dissolved in accordance with a sentencing order. 
Question F Are there any Commonwealth offences for which the maximum penalty for corporations requires review? 
Question G Should the maximum penalty for certain offences be removed for corporate offenders? 
Question H Do court powers need to be reformed to better facilitate the compensation of victims of criminal conduct and civil penalty proceeding provision contraventions by corporations? 
Proposal 18 The Australian Government, together with state and territory governments, should develop a unified debarment regime. 
Proposal 19 The Crimes Act 1914 (Cth) should be amended to permit courts to order pre-sentence reports for corporations convicted of Commonwealth offences. 
Question I Who should be authorised to prepare pre-sentence reports for corporations? 
Proposal 20 Sections 16AAA and 16AB of the Crimes Act 1914 (Cth) should be amended to permit courts, when sentencing a corporation for a Commonwealth offence, to consider victim impact statements made by a representative on behalf of a group of victims and/or a corporation that has suffered economic loss as a result of the offence. 
11. Illegal Phoenix Activity 
Proposal 21 The Treasury Laws Amendment (Combating Illegal Phoenixing) Bill 2019 should be amended to: a) provide that only a court may make orders undoing a creditor-defeating disposition by a company, on application by either the liquidator of that company or the Australian Securities and Investments Commission; and b) provide the Australian Securities and Investments Commission with the capacity to apply to a court for an order that any benefits obtained by a person from a creditor-defeating disposition be disgorged to the Commonwealth, rather than to the original company, where there has been no loss to the original company or the original company has been set up to facilitate fraud. 
Proposal 22 The Treasury Laws Amendment (Combating Illegal Phoenixing) Bill 2019 should be amended to: a) provide the Australian Securities and Investments Commission and the Australian Taxation Office with a power to issue interim restraining notices in respect of assets held by a company where it has a reasonable suspicion that there has been, or will imminently be, a creditor-defeating disposition; b) require the Australian Securities and Investments Commission and the Australian Taxation Office to apply to a court within 48 hours for imposition of a continuing restraining order; and c) grant liberty to companies or individuals the subject of a restraining notice to apply immediately for a full de novo review before a court. 
Proposal 23 The Corporations Act 2001 (Cth) should be amended to establish a ‘director identification number’ register. 
Question J Should there be an express statutory power to disqualify insolvency and restructuring advisors who are found to have contravened the proposed creditordefeating disposition provisions? 
Question K Are there any other legislative amendments that should be made to combat illegal phoenix activity? 
12. Transnational Business 
Question L Should the due diligence obligations of Australian corporations in relation to extraterritorial offences be expanded?

14 November 2019

Soundscapes

'Sonic Havens: Towards a Goffmanesque Account of Homely Listening' by Michael James Walsh and Eduardo de la Fuente in (2019) Housing, Theory and Society comments
Drawing upon Goffman’s notion of the interaction order we propose that home and homeliness pertain to the degree to which we can control our auditory involvements with the world and with others. What we term “homely listening” concerns the use of music to make oneself feel at home, in some cases, through seclusion and immersion, and, in others, through either the musical ordering of mundane routines or the use of music to engage in sociality with others. Drawing on 29 in-depth qualitative interviews concerning mundane instances of musical listening, we propose the home is a complex sonic order involving territoriality as well as the aesthetic framing of activity through musical and non-musical sounds. We argue the home represents a negotiated sonic interaction order where individuals skilfully manage involvements with others and activities through their musical and other sound practices.
 The authors note
 This article offers an analysis of a phenomenon we term “homely listening”, and the social and material relations that underpin it, via a framework primarily derived from the microsociology of Erving Goffman. As Manning (1992, 154) observes Goffman’s approach is to transform ethnographies of places, such as the Shetland Islands, hospitals, asylums, and sidewalks into ethnographies of concepts, such as presentation of self, encounters, face-work, territories of the self, etc. As such we aim to contribute to the socio-cultural study of urban sensory ecologies via an ethnography of the phenomenon of homely listening. Our argument is that homely listening may or may not coincide with the strict physical boundaries of the home; and, in any case, the latter gives rise to a range of private and shared modalities of listening. In short, the home is fundamentally a negotiated socio-material, as well as complex sonic order. We follow the foundational efforts of sociologists and other socio-cultural researchers interested in music’s role in everyday life such as DeNora (2000, 2003) and Bull (2007). We also concur with Nowak and Bennett (2014, 375) who suggest that studying musical listening requires a focus on “sound environments”: meaning the spaces, temporal orientations, bodily states and choice of technologies, that enable the consumption of music in everyday life. Our approach therefore focuses on one central sound phenomena within the home: the use of music as a means of aestheticizing and manufacturing domestic sonic havens. This approach provides our argument with an empirical anchorage point, allowing for the exploration of how music and its placement within the home responds to and signifies the presence of a finely balanced auditory interaction order.