08 March 2014

Biobanks

'A review of the key issues associated with the commercialization of biobanks' by Timothy Caulfield, Sarah Burningham, Yann Joly, Zubin Master, Mahsa Shabani, Pascal Borry, Allan Becker, Michael Burgess, Kathryn Calder, Christine Critchley, Kelly Edwards, Stephanie M. Fullerton, Herbert Gottweis, Robyn Hyde-Lay, Judy Illes, Rosario Isasi, Kazuto Kato, Jane Kaye, Bartha Knoppers, John Lynch, Amy McGuire, Eric Meslin, Dianne Nicol, Kieran O’Doherty, Ubaka Ogbogu, Margaret Otlowski, Daryl Pullman, Nola Ries, Chris Scott, Malcolm Sears, Helen Wallace and Ma'n H. Zawati in (2014) 1(1) Journal of Law and the Biosciences 94-110 comments that
Biobanks1 have emerged as a significant research tool, gaining support from both the scientific community and regional, national and international research funding agencies. However, developing and maintaining these platforms is expensive. Indeed, in a recent survey of operational personnel representing 456 biobanks, funding shortages concerned 71% of those surveyed and 37% identified ‘funding’ as ‘the biobank's greatest challenge.’ Thus, unsurprisingly, biobanks may seek support from the private sector or philanthropic organizations, which have an interest in sustaining them as research resources.
The scientific community is also increasingly facing pressure to commercialize and translate their work, thus increasing expectations of industry partnerships. Funding agencies, in part, create and reinforce this commercialization pressure, by earmarking grants for projects that aim to bring products and therapies to the market within a short amount of time. This commercialization process creates a range of policy challenges for scientists, research participants, and funders.
The goal of this document is to outline the policy issues associated with the commercialization of biobanks and, where possible, to review the relevant evidence and/or ethical and legal norms. We do not attempt to provide suggestions for policy reform. Nevertheless, given that securing funding for biobanks remains a challenge and that researchers are increasingly pressured to work with industry and to rapidly translate their work, a scoping document of this nature—one that draws together international expertise and relevant research—seems timely and, we hope, can stand as a resource for future research and policy work.
‘Commercialization’ can refer to a number of different activities. It can refer to the commercialization of biobank resources (data or samples of human biological material) or of research results derived or products developed from those resources. It can also refer to publicly funded biobanks partnering with or receiving funding from private, for-profit entities like biotech companies, pharmaceutical corporations, or the medical device industry. For the purposes of this scoping document, we will largely focus on the introduction of private funding and partnerships to an existing, publicly funded biobank. This focus is justified because many biobanks are not-for-profit entities associated with larger (often publicly-funded) bodies, such as universities and hospitals, and funded, often through short-term grants, by these bodies, by the government, or by a mixture of public and private funds.6 Survey evidence indicates that these biobanks are greatly concerned with securing adequate long-term funding. As Meijer and colleagues note, with the expansion and change in the size, goals and structure of biobanks, ‘stable sources of core funding will be necessary in most cases, from the public sector, patient organizations and private foundations.’ Given this reality, we believe that commercialization will particularly and uniquely impact publicly supported biobanks, as they consider various means, including private partnerships, to ensure financial security.
Of course, biobanks vary greatly in organization, priorities, and funding, and thus commercialization will affect different biobanks in different ways. Not every biobank will seek commercial partnerships in response to financial pressures, and, indeed, delineating which factors (eg type of biobank; organizational structure; research goals and focus) influence the development of private partnerships may be an important question for future research. Indeed, we hope this overview of issues will inform these future funding decisions.
In addition to our primary focus on the introduction of private financing and partnerships, some of the emerging research and commentaries on the issues associated with commercialization are relevant to a range of other activities and are worth considering here. For example, issues of public trust can be triggered by a variety of commercialization practices, as we will see. Thus, where appropriate, we will discuss commercialization activities beyond just the introduction of private funding.
Before turning to the issues at hand, it may be useful to set out some of the scenarios in which commercialization may occur. In this paper, as noted, we largely concentrate on the introduction of private funding to a pre-existing publicly funded biobank. In such a case, a chief concern for the biobank will be retaining participants who were, presumably, originally recruited with an understanding that the biobank would be a ‘public good.’ In this case, issues related to consent, participant retention, and withdrawal of biological material and associated data are particularly important. We can contrast this with a scenario in which the biobank is a public-private partnership from its inception. In such as case, enrollment of participants and obtaining consent to commercial imperatives, if any, are likely to be the prime focuses of the biobank. The different situations of these biobanks may inform and nuance the discussion that follows.
The authors note
Biobanks are expensive to maintain. A lack of sufficient funding may have a dramatic impact on sustainability and raise challenging policy issues. Two recent bankruptcies of private population biobanks, Genizon in Québec, Canada and deCODE Genetics in Iceland, illustrate the ethical and policy dimensions of the issues raised in this context. Both biobanks were privately owned and recruited their participants from homogeneous population groups originating in geographically determined locations.
Given these similarities, it is interesting to note the different outcomes of bankruptcy in the two cases. deCODE (with 140,000 samples from the Icelandic population) first declared bankruptcy in 2009, selling its assets (including its biobank) to Saga Investments LCC. Saga is a group comprising some of the original investors in deCODE who kept running the company with a similar management structure. Following an unsuccessful attempt to pierce the direct-to-consumer (DTC) market, the company was acquired by the biotechnology giant Amgen for US$415 million. So far, the sale has not affected the management and objectives of the biobank, which remains located in Iceland. As part of the deCODE licence, the government required that the biobank stay in Iceland, even if third parties became involved. However, Amgen has not offered any written guarantee that this arrangement will prevail over time and no court decision has been rendered to that effect. Genizon (with 50,000 samples from the French Québec founder population) was a Québec-based private biotechnology company in the business of mapping and identifying genes for complex disorders. It filed for bankruptcy and liquidated its tangible assets, excluding the biobank, in 2011. Later that year, the Superior Court of Québec mandated Génome Québec (GQ), a provincial public funding agency, to act as the trustee of the biobank. In late 2012, Genome Québec launched a call for tenders with the hope of transferring Genizon's biobank to a Québec research centre. Following the closure of the call for tenders, Genome Quebec turned down two valid bids by public groups deciding instead that it would continue managing the Genizon biobank by itself.
In cases like this, what should happen to the samples and data of the participants? Can they be sold like other types of material assets? Transferred to another country? Or should they be destroyed instead? Responses to these questions could have far reaching implications for participants’ privacy, autonomy and dignity. In the case of bankruptcy, the biobank's policies, especially those regarding data privacy and data sharing, are relevant for courts to determine the extent of what can be done with the participants’ data and samples. The informed consent form signed by the participants will also play an important role in that respect, by creating conditions that should be respected post-bankruptcy. In this type of bankruptcy cases, US experts have alluded to the possibility of legally appointing a Consumer Privacy Ombudsman (CPO) to assist the court on privacy aspects of the process. However, to require this special procedure, the proposed liquidation should meet strict criteria that likely would not apply to most cases involving genomic biobanks. Given the sensitive nature of medical data, including genetic data and tissue samples, and the importance of preserving public trust in science, it appears that clear policies are required. Those policies should give weight to the promises made to research participants at the inception of a biobank and ensure more predictable outcomes in case of bankruptcy. However, developing such policies may be challenging, as issues relating to bankruptcy or biobank closure are rarely priorities at the inception of a biobank project and tend to be considered only in times of hardship.

Tobacco

'How Does the Tobacco Industry Attempt to Influence Marketing Regulations? A Systematic Review' by Emily Savell, Anna B. Gilmore and Gary Fooks in (2014) 9(2) PLoS ONE notes that
The Framework Convention on Tobacco Control makes a number of recommendations aimed at restricting the marketing of tobacco products. Tobacco industry political activity has been identified as an obstacle to Parties’ development and implementation of these provisions. This study systematically reviews the existing literature on tobacco industry efforts to influence marketing regulations and develops taxonomies of 1) industry strategies and tactics and 2) industry frames and arguments.
The authors indicate that
Searches were conducted between April-July 2011, and updated in March 2013. Articles were included if they made reference to tobacco industry efforts to influence marketing regulations; supported claims with verifiable evidence;were written in English; and concerned the period 1990–2013. 48 articles met the review criteria. Narrative synthesis was used to combine the evidence. ...
This systematic review suggests that the TI uses a relatively narrow range of strategies/tactics and frames/arguments when attempting to influence marketing regulation, albeit a wider range than suggested by existing taxonomies of corporate political activity. This review also suggests that TI political activity is not geographically specific, with strategies/tactics and frames/arguments being used across a wide variety of jurisdictions. Consequently the taxonomies developed within this paper are likely to be helpful in understanding TI political activity internationally. ...
This review has a number of limitations. First, although a broad search strategy and search string was used when initially identifying articles it is still possible that some relevant articles may have been missed and therefore not included within the review. To minimise this, we worked with a librarian, searched online research repositories, and contacted experts in the field to identify additional articles. Second, the coding of arguments and tactics within the articles is often subjective. To mitigate this, all three authors reviewed and re-reviewed the coding at various points during the systematic review process and, at the end,collectively reviewed 50% of the included articles, plus all of those in categories where coding concerns had been identified. Third,the identification of tactics and arguments, and the jurisdictions in which they are used, is dependent on the available literature, its quality, and any publication bias. This in turn may depend on limitations in the availability and nature of the TI documents on which much of the literature is based. These issues have a number of implications. For example, many of the articles included did not focus primarily on TI attempts to influence marketing regulations and thus only made brief references to TI tactics or arguments,with little context or background. We attempted to overcome this limitation by requiring each tactic and argument to be supported by verifiable evidence. Information regarding the success or failure of a particular policy proposal was not always recoded, making it impossible to reliably determine which tactics or arguments were most successful in defeating marketing-related regulations. Furthermore, it is highly likely that some of the tactics and arguments were used more frequently by the TI than identified within the literature. For example, financial incentives are likely to be used more frequently and broadly than the two occasions identified in Europe, we know that the TI frequently attempts to discredit their opponents (see for example ....), however this tactic was only found to have been used twice within the included literature, and similarly, arguments that marketing regulations will increase illicit tobacco are more commonly used, and in more jurisdictions, than this review would suggest. The limited appearance of some arguments, such as tobacco not having been proven to cause disease (which was only identified as having been used by the TI in Uzbekistan in 1994), may reflect the fact that we only examined tactics and arguments from 1990 onwards. In addition, we note that despite a growing literature showing how the TI influences trade agreements and then uses them to argue against the feasibility of regulations, the use of trade agreements to pre-empt marketing policy is not identified as a tactic (although we do identify the use of trade agreements as an argument under the‘legal’ frame). This is perhaps due to the focus of our search being on the TI’s influence of marketing regulations which may,therefore, have missed articles examining industry influence on trade agreements that were in turn used to influence marketing regulations. Due to our concerns regarding bias in the literature,the counting element of this review should be used as a guideline only to provide some insight into the most frequently used tactics and arguments.
The main strength of this review is its systematic approach and its attempt to rigorously categorise industry strategies/tactics and frames/arguments; to our knowledge it is the first attempt to do so. A key strength is the geographic diversity of the literature reviewed. Although over half of the included articles (26 articles, 56%) focussed on North America, Europe or Australasia (perhaps in large part due to grants provided by the US National Cancer Institute for research on TI documents in the early 2000s), a significant proportion did not, and the geographic base was far more diverse than some previous reviews of industry tactics. While some tactics and arguments were seen only in one or a few jurisdictions, this sometimes appears to reflect limitations in the underlying literature (see above), or specific jurisdictional issues for example the use of pre-emption in the USA. While care needs to be taken in assuming that tactics and arguments used in one jurisdiction will be used elsewhere, this review suggests that the findings will be broadly applicable across different geographies. It is, however, also important to recognise that some arguments are likely to be more effective in certain circumstances, for example legal arguments may be more successful where government legal expertise is undeveloped and the costs of litigation proportional to government revenue are high.
They report that
56% of articles focused on activity in North America, Europe or Australasia, the rest focusing on Asia (17%), South America, Africa or transnational activity. Six main political strategies and four main frames were identified. The tobacco industry frequently claims that the proposed policy will have negative unintended consequences, that there are legal barriers to regulation, and that the regulation is unnecessary because, for example, industry does not market to youth or adheres to a voluntary code. The industry primarily conveys these arguments through direct and indirect lobbying, the promotion of voluntary codes and alternative policies, and the formation of alliances with other industrial sectors. The majority of tactics and arguments were used in multiple jurisdictions.
They conclude
Tobacco industry political activity is far more diverse than suggested by existing taxonomies of corporate political activity. Tactics and arguments are repeated across jurisdictions, suggesting that the taxonomies of industry tactics and arguments developed in this paper are generalisable to multiple jurisdictions and can be used to predict industry activity. ...
Hillman and Hitt’s framework, on which the categorisation of tactics in this review was initially based, considerably under-represents the range of tactics that the TI uses when attempting to influence policy. This may reflect both the unprecedented number of regulatory risks facing this particular industry and that their categorisation was developed prior to the release of internal TI documents. Furthermore Hillman and Hitt’s [21] taxonomy was based on exchange theory which assumes that corporate political activity represents one side of an exchange relationship in which corporations offer policymakers support and information in return for influencing policy. While the relevance of this approach is now arguably more limited with the advent of the FCTC’s Article 5.3 (which aims to protect public health policies from the ‘‘vested interests of the tobacco industry’’), this will not necessarily reduce the TI’s ability to influence policy but simply require them to do so less directly. The frequency with which the TI relies on third parties highlights the weakness of exchange theory-based models of corporate political activity. We also identified tactics/strategies that sit outside of exchange theory (such as constituency fragmentation, the threat of litigation, and ineffective forms of self-regulation) which challenges the assumption that corporate political activity is designed to produce outcomes that are mutually beneficial to corporations and policymakers, and we show that the information and arguments the TI uses are highly misleading; findings which suggest the original model may be both limited and naıve.
Although it appears that the TI uses a number of discrete arguments within a narrow range of frames, many of them fall within a larger ‘cost-benefit’ meta-frame which promotes the economic and social costs of proposed public health policies and underplays their benefits. This approach is highly relevant to current policymaking which embeds stakeholder consultation and impact assessments within the process of policy formation. It has previously been shown that the TI successfully lobbied for the introduction of impact assessments in Europe (impact assessments using a cost-benefit approach in which the impacts of policies are monetised) because it felt that this system would work to its advantage and make it harder for public health policies to be implemented. This is also supported by the related literature which shows how impact assessment, notably cost benefit analysis, can serve to assist corporate interests. Arguments such as‘the cost of compliance will be high’, ‘the regulation is more extensive than necessary’ and those under the ‘negative unintended consequences’ frame are used to increase scepticism about the likely benefits of regulation, and highlight the potential future cost for industry, retailers, and the public through the wasting of public funds on unnecessary policy formation, discussion and implementation. This is also observed through the omission of a ‘health frame; this review found no evidence of the TI making reference to the dangers of smoking, although it did find an example of the TI refuting the relationship between smoking and disease as late as 1994 in Uzbekistan.
Finally we note that there is some overlap in the tactics and arguments used by the TI. For example, there is both a legal strategy and a legal frame, the policy substitution strategy overlaps with the regulatory redundancy frame (especially, for example, the tactic ‘develop/promote voluntary code/self-regulation’ an argument ‘industry adheres to own self-regulation’), and many of the arguments within the negative unintended consequences frame are linked to efforts in constituency building. This highlights how the tactics and arguments used by the TI are mutually reinforcing.

Sharing

The annual report [PDF] about the Telecommunications (Interception and Access) Act 1979 (Cth) - aka the TIA Act - last year indicated that there were 319,874 authorisations by Australian governments for access to telecommunications information between July 2012 and June 2013.

Those authorisations included the national and state police forces, the Clean Energy Regulator, Australia Post, Australian Health Practitioner Regulation Agency, Workcover NSW, Tax Practitioners Board, Medicare, Department of Immigration & Citizenship, Harness Racing NSW and Bankstown City Council.

That report indicated that information obtained under interception and stored communications warrants was used in 3,083 arrests, 6,898 prosecutions and 2,765 convictions. Access under the TIA Act was used in 895 cases regarding a missing person.

Telstra's new transparency report [PDF] indicates that in the second half of 2013 it received 40,644 requests from government agencies for customer data under that Act.

From 1 July  to 31 December Telstra received 36,053 warrantless requests for customer information, carriage service records, and pre-warrant checks from Australian government agencies. A further 2,871 requests related to emergencies, along with 270 court orders and 1,450 interception warrants.

Those requests were not necessarily accepted; Telstra does not disclose the number of requests it complied with.

Telstra indicated that it received under 100 requests for customer information in that period in other countries.

A perspective is provided in last month's submission [PDF] by the Inspector-General of Intelligence & Security to the Senate Legal and Constitutional Affairs References Committee Inquiry into comprehensive revision of the Telecommunications (Interception and Access) Act 1979.

The submission reflects the Committee's  consideration of inclusion of an objectives clause within the Telecommunications (Interception and Access) Act 1979 (Cth) to expresses the dual objectives of the legislation (protect the privacy of communications; enable interception and access to communications in order to investigate serious crime and threats to national security) and be consistent with with the privacy principles contained in the Privacy Act 1988 (Cth).

IGIS commented
Although the primary objective of the Act is to prohibit interception of telecommunications or access to stored communications except in certain prescribed and regulated circumstances, the range of exceptions has grown and may continue to expand. An objectives clause along the lines proposed recognises the need to balance the privacy of users of the telecommunications services in Australia with ASIO’s investigative requirements for security and foreign intelligence purposes. The privacy principles in the Privacy Act 1988 would provide a useful benchmark reflecting community expectations. 
The Committee considered whether the Attorney-General’s Department should undertake an examination of proportionality tests within the Telecommunications (Interception and Access) Act 1979 (Cth), indicating that actors to be considered in proportionality tests include the privacy impacts of proposed investigative activity; public interest served by the proposed investigative activity, including the gravity of the conduct being investigated; and availability and effectiveness of less privacy intrusive investigative techniques.

The Committee also recommended that the examination of the proportionality tests consider the appropriateness of applying a consistent proportionality test across the interception, stored communications and access to telecommunications data powers in the TIA Act.

IGIS commented that it
has a particular interest in whether proposed changes place sufficient weight on maintaining the privacy of individuals, and whether proposals reflect the concept of proportionality – that is, that the means for obtaining information must be proportionate to the gravity of the threat posed and the likelihood of its occurrence. The exercise of ASIO’s TIA powers will, almost always, not be apparent to the subject. Further, the use of ASIO’s powers is not usually subject to scrutiny by a court or through legal processes as can often occur for law enforcement agencies. As ASIO’s use of TIA powers is often highly intrusive, these powers should only be considered for use when other, less intrusive, means of obtaining information are likely to be ineffective or are not reasonably available. 
Any proposal to apply a consistent proportionality test will need to be examined carefully to ensure that it does not compromise privacy objectives.
In relation to warrants the Committee  considered whether A-G’s Department should examine the Telecommunications (Interception and Access) Act 1979 "with a view to revising the reporting requirements to ensure that the information provided assists in the evaluation of whether the privacy intrusion was proportionate to the public outcome sought".

IGIS states that
Relevant agencies are required to keep records relating to documents associated with the warrants issued and particulars relating to warrant applications and each time lawfully intercepted information is used, disclosed, communicated, entered into evidence or destroyed.
Chief officers of law enforcement agencies are required to report to the Attorney-General on the use and communication of intercepted information and the Attorney-General must table a statistical report in Parliament. The Commonwealth Ombudsman oversights the use of TIA powers by Commonwealth law enforcement agencies and reporting requirements are set out in the TIA Act.
ASIO’s use of TIA powers are not included in the Attorney-General’s report to Parliament. The Attorney-General’s Department could consider whether the public reporting regimes of similar organisations overseas might provide useful models of alternative reporting approaches.
The oversight regime for ASIO is not specified in the TIA Act. In practice, my office oversights ASIO’s use of TIA powers under the inspection function in the IGIS Act. To assist the Committee in understanding the way this oversight occurs I have summarised the current inspection regime.
Warrant related papers are examined so that we may be properly satisfied that:
  • the intelligence or security case that ASIO has made in support of the application is soundly based and that all necessary legislative requirements have been met 
  • the individuals identified in each warrant are actually identical with, or closely linked to, persons of security interest (this is particularly relevant where a ‘B-Party’ telecommunications interception warrant is being sought) 
  • appropriate internal and external approvals for the request have been obtained 
  • the Director-General of Security has identified in writing those individuals who may execute the warrant, or communicate information obtained from the warrant 
  • written reports to the Attorney-General on the outcome of executed warrants are factual and provided in a timely manner 
  • the activity concerned did not begin before, or continue after, the period authorised by the warrant 
  • in the small number of cases where unauthorised collection has occurred, including through carrier error, prompt and appropriate remedial action has been undertaken.
Warrant related papers are examined after the Attorney-General has authorised the activity. If any issues with warrants are identified, they are raised with the Director-General of Security to ensure that remedial action is taken and that processes are reviewed to prevent future errors. Where appropriate I can also advise the Attorney-General of any concerns. I also include a summary of inspection activity in my annual report. Generally the standard of warrant materials is high and the error rate is low. Comprehensive recordkeeping in ASIO is essential to ensure ASIO complies with the legislation and to enable effective oversight. Any proposal to change the recordkeeping regime should enhance accountability requirements.

Animals

'Do Animals Need Rights?' by William A. Edmundson for next month's The Animal Turn and the Law: Interdisciplinary Perspectives and New Directions in Animal Law Conference comments
 The idea of animal rights makes many people skittish. Even many advocates of better treatment of animals sense that the language of rights is misplaced and unhelpful in the forum of debate about the ethical treatment of animals. Rights theory is the intellectual home of these misgivings. This paper has two parts. In the first, I speak through a composite figure I call the animal-rights skeptic. The skeptic weaves views taken from the “will” (or “choice”) theory of the conceptual nature of rights together with substantive normative argument that emphasizes reciprocity and autonomy as the justificatory basis for assigning rights. The skeptic concludes that the interests of animals in avoiding mistreatment can be fully served without assigning them rights, and that therefore nothing is denied to them by recognizing that they are not capable of rights holding. In short, animals do not need rights. The second part of the paper counters the skeptic, and points to important, needed advantages that rights can offer animals. In particular, I argue that rights have a generative nature that makes them more valuable that the duties correlative to them at any time. Moreover, rights express respect for the right holder in a way that no ensemble of protective indirect duties can duplicate. Animals, I conclude, do need rights.

Search

'Speech Engines' by James Grimmelmann in (2014) 98 Minnesota Law Review comments that
Academic and regulatory debates about Google are dominated by two opposing theories of what search engines are and how law should treat them. Some describe search engines as passive, neutral conduits for websites’ speech; others describe them as active, opinionated editors: speakers in their own right. The conduit and editor theories give dramatically different policy prescriptions in areas ranging from antitrust to copyright. But they both systematically discount search users’ agency, regarding users merely as passive audiences. 
A better theory is that search engines are not primarily conduits or editors, but advisors. They help users achieve their diverse and individualized information goals by sorting through the unimaginable scale and chaos of the Internet. Search users are active listeners, affirmatively seeking out the speech they wish to receive. Search engine law can help them by ensuring two things: access to high-quality search engines, and loyalty from those search engines. 
The advisor theory yields fresh insights into long-running disputes about Google. It suggests, for example, a new approach to deciding when Google should be liable for giving a website the “wrong” ranking. Users’ goals are too subjective for there to be an absolute standard of correct and incorrect rankings; different search engines necessarily assess relevance differently. But users are also entitled to complain when a search engine deliberately misleads them about its own relevance assessments. The result is a sensible, workable compromise between the conduit and editor theories.

07 March 2014

US Patents

'A Rational System of Design Patent Remedies' (Stanford Public Law Working Paper No. 2226508) by Mark A. Lemley comments that
 A [US] design patent owner who wins her suit is entitled to the defendant's entire profit from the sale of the product, whether or not the design was the basis for buying the product. No other IP regime has this rule, and it makes no sense in the modern world, where a design may cover only a small component of a valuable product. The culprit is section 289 of the Patent Act, a provision added in the nineteenth century, when design patents were very different than they are today. We should abolish section 289 and bring rationality to design patent remedies.

05 March 2014

Broadcast Co-Regulation and the Finkelstein Review

The Australian Communications and Media Authority (ACMA) has released a 'Consolidated Report' regarding its Contemporary Community Safeguards Inquiry, a nice example of never grab a hot potato if you can flick it into tomorrow.

The inquiry is concerned with "matters that should be addressed in contemporary broadcasting industry codes of practice", including privacy. The stated intention is  "to ensure that codes of practice are fit for purpose in a converging media environment".

ACMA indicates that it
has now decided to defer further work on the inquiry and to publish this report, so that the evidence it captures can immediately inform the broader conversation about the future of broadcasting regulation in Australia, as well as the industry code reviews due to be undertaken.
The Consolidated Report states
ACMA’s disposition in conducting the inquiry was to produce guidance which is evidence-based and supportive of the minimum level of regulatory intervention necessary to achieve the desired aim. That is, regulatory intervention that is appropriate and proportionate in all the circumstances. In this regard, while commenced prior to the current government’s deregulation agenda, the inquiry is wholly consistent with it.
It does not provide "specific guidelines for future codes of practice reviews" (i.e. the outcomes expected at the beginning of the inquiry) and as you might expect does not echo the Finkelstein or Leveson inquiries.

It is assumed under the co-regulatory regime embodied in the Broadcasting Services Act 1992 (Cth) that the industry groups representing television and radio broadcasting licensees will develop codes that apply to the broadcasting operations in those sector. The codes must be developed in consultation with ACMA, taking into account relevant ACMA research. ACMA can only register a code where it is satisfied, among other things, that the relevant code provides appropriate 'community safeguards'.

ACMA indicates that the report "summarises the consultation undertaken during the inquiry and provides a high-level overview of the directions emerging from that process", including -
  • ‘first principles’ analysis of the enduring concepts, which could or should be reflected in contemporary broadcasting codes
  • consultation on the Contemporary community safeguards inquiry—Issues paper, which examined the existing code requirements and the extent to which they aligned with the identified enduring concepts
  • seven 'Citizen conversations forums' on relevant topics
  • economic research about the market for broadcasting content in Australia and the industry-identified costs of the code requirements 
  • community research exploring contemporary citizens experiences of, and expectations about, broadcasting content
  •  reviewing the existing information in this area, including the work of complementary reviews and inquiries. 
There is supposedly "a high level of consensus about the enduring concepts and core matters that should be reflected in contemporary broadcasting codes", which -
  • are "strongly correlated" with what the Broadcasting Services Act 1992 (Cth) indicates broadcasting codes ‘may address’. 
  •  should continue to enable public interest considerations to be addressed in a way that does not impose unnecessary financial and administrative burdens on broadcasting service providers 
  • should be sufficiently flexible to accommodate new technology and a changing media environment. 
In what at times reads as a parody of Yes Minister ACMA advises that
Taking these and other applicable matters into account, the ACMA is of the view that there is strong support and a solid rationale for code-based contemporary community safeguards relevant to:
  • enabling adults to make informed decisions about accessing content based on their personal tastes and preferences 
  • preventing the broadcast of certain content that prevailing community standards indicate should be prohibited 
  • enabling parents and carers to protect children in their care from inappropriate or harmful content 
  • accuracy, impartiality and transparency in certain factual material 
  • the transparency of advertising and promotional practices 
  • the appropriate balance between program material and advertising/promotional material 
  • fair treatment and privacy 
  • the provision of reliable consumer information about the mechanisms available for accessing content 
  • emergency information 
  • the provision of minimum requirements for Australian music 
  • complaints-handling systems and information. 
Alan Jones can sleep soundly.

The report notes that
There is a lower level of consensus around how these matters should be ‘operationalised’ in codes. For example, it is easy to agree that codes should protect children, but harder to agree how that might most appropriately be done and whether different broadcasting platforms, models and genres logically suggest different (and tailored) methods. There is no doubt that there is scope and support for rationalisation, simplification and adaptation to changes in media markets and practices. As indicated above, further consideration will need to be given to such matters in the context of industry code reviews.
There is no indication of how and when the reviews will be "progressed", as Sir Humphrey might say, and whether the exercise will be superseded by broader changes to competition (e.g. lessening of ownership restrictions) and media policy.

In discussing privacy aspects of the co-regulatory regime,  comprehensively weighted towards broadcast interests, the report states -
Submissions to the inquiry indicated widespread community and industry support for safeguards relating to the broadcast of material that discloses personal information or intrudes on a person’s seclusion. The CBAA said:
Community radio stations exist to meet their relevant community interest and, through the guiding principles, have committed to promote harmony and diversity. Based on this, and widespread public support for rules about privacy it is appropriate that the Codes continue to include privacy protections for the public. 
However, submissions also stressed the fundamental importance of ensuring that there is an appropriate balance between respecting the privacy of individuals and the right of the public to be informed on matters of public importance, and the essential role which the ‘public interest’ test plays in this context. Submissions suggested that the ‘public interest’ test used in the codes should be clearer and could be enhanced. The Australian Privacy Foundation submitted:
It is essential that the qualification [on the privacy protections provided by the codes] be upgraded to ensure that not only does a public interest exist, but also that it is of sufficient significance that it outweighs the individual's privacy interest. The operative words could be amended simply by appending those words to the expression ‘unless there is a public interest’. However, alternative formulations could achieve the level of protection that is needed, provided that they implement the Proportionality Principle.
Industry submissions questioned the need for privacy requirements to be expanded to program genres beyond news and current affairs. However, citizen and public interest advocacy groups supported expansion of the code provisions to ensure that an individual’s right to privacy is safeguarded across all program genres. 
There was support across submissions for public figures being afforded the same privacy protections as other citizens, although submissions acknowledged that some public roles may lead to a greater likelihood that the broadcast of private information would be in the public interest
The report goes on -
Previous ACMA community research on privacy included two complementary qualitative and quantitative research studies—Australians’ views on privacy in broadcast news and current affairs and Community research into broadcasting and media privacy. This research explored community perspectives about privacy issues that arise in broadcast news and current affairs programs and radio competitions. It found that citizens believe it is very important for broadcasters to safeguard a person’s privacy, especially in the context of news and current affairs programs. Citizens identified certain situations as being very intrusive invasions of privacy. However, the qualitative component also identified a spectrum of views about the balance to be struck between respecting individuals’ privacy and informing the public about matters of public importance. Key criteria used by citizens included the relevance of the personal material to the story, whether consent is given, and the character of the person involved. It was apparent that individuals consider a range of circumstances and assess on a case-by-case basis the interplay of issues. 
The qualitative CCSi community research showed that, for the most part, there is no strong community consensus on what constitutes an invasion of privacy by a broadcaster. However, regardless of age and overarching attitudes, the majority of participants felt that individuals, in theory, should have a right to privacy in the broadcasting context. This right to privacy was something which participants felt should be ‘guaranteed’, other than in specific circumstances. Participants largely assumed that broadcasters should, and do, seek consent to broadcast private information in most cases. 
This right to privacy was assumed by participants to be guaranteed in general observational footage where a story might have a negative impact for those involved in the program, for example, obesity or gambling. Participants tended to assume that consent to broadcast footage used in observational documentaries had been sought by broadcasters. It was also expected that broadcasters would have sought consent from anyone who is directly involved in the program, for example, someone interviewed. Similarly, there was an expectation among group participants that social media photos (for example, profile pictures) should not be used by broadcasters in a way that might damage an individual’s reputation. Participants assumed broadcasters had sought the individual’s consent. 
Focus group participants did not appear to have a broad framework within which to consider possible situations or scenarios that were discussed during the groups. They tended to assess each case individually without having clearly defined ‘rules’, but they highlighted some of the factors they would use to consider each instance. An example given by participants of content that they considered as invading privacy included stories about neighbour disputes (for example, chopping down a neighbour’s tree), especially where the stories did not illuminate something which the public would benefit from knowing. Without a broader public purpose, these stories were felt by participants to be largely sensational and not in the public interest, with the potential to harm the reputations of those involved.
'Regulating journalists? The Finkelstein Review, the Convergence Review, and News Media Regulation in Australia' by Terry Flew and Adam Glen Swift in (2013) 2(1) Journal of Applied Journalism & Media Studies 181-199 comments
This paper identifies two major forces driving change in media policy worldwide: media convergence, and renewed concerns about media ethics, with the latter seen in the U.K. Leveson Inquiry. It focuses on two major public inquiries in Australia during 2011-2012 – the Independent Media Inquiry (Finkelstein Review) and the Convergence Review – and the issues raised about future regulation of journalism and news standards. Drawing upon perspectives from media theory, it observes the strong influence of social responsibility theories of the media in the Finkelstein Review, and the adverse reaction these received from those arguing from Fourth Estate/free press perspectives, which were also consistent with the longstanding opposition of Australian newspaper proprietors to government regulation. It also discusses the approaches taken in the Convergence Review to regulating for news standards, in light of the complexities arising from media convergence. The paper concludes with consideration of the fast-changing environment in which such proposals to transform media regulation are being considered, including the crisis of news media organisation business models, as seen in Australia with major layoffs of journalists from the leading print media publications.
The authors argue
Around the world, there are two major forces driving changes in media policy, which both have significant implications for news media industries and journalism as a professional practice. First, there is the question of how to revise media laws in the context of convergence, where the rationales that underpin platform-specific regulations are challenged by the availability of the same or similar content across multiple media platforms. The proposition, for instance, that broadcast media should be more extensively regulated than print is challenged when all content is available online, and where established media companies are developing cross-platform content available across the full range of digital devices, both in order to more effectively compete with each other, but also with the ICT and social media giants such as Apple, Google, Microsoft, Amazon and Facebook. Reviews of broadcasting, telecommunications and other legislation to meet the challenges of media convergence have been, or are being, undertaken in the United Kingdom, Canada, Japan, South Korea, Taiwan, and Australia (ACMA, 2011a). 
Second, there has been a renewed concern with media ethics, and the conduct of journalists and the news organisations they work for. This emerged most dramatically in the United Kingdom in 2011 as it became apparent that the hacking into private phone calls extended not only to celebrities, footballers, politicians, and members of the British Royal family – allegations that had been made for some time – but to relatives of deceased British soldiers, victims of the 2005 London bombings and, most damningly, the family of murdered schoolgirl Milly Downer. Public outrage immediately put intense scrutiny upon News International and its owner, Rupert Murdoch, and led to the closure of the 168-year-old popular tabloid News of the World. This proved to be insufficient to quell public anger, and in July the British Prime Minister David Cameron announced that a public inquiry would to look into phone hacking and police bribery by the News of the World, while a separate inquiry would consider the culture and ethics of the wider British media, chaired by Lord Justice Leveson. The Leveson Inquiry, which has been conducted in a highly public manner, has put under the spotlight the effectiveness of print media self-regulation in the U.K., as Leveson declared that the Press Complaints Commission had failed to safeguard ethical standards and the public interest (Cathcart, 2012). 
This paper considers both the challenges of media convergence and the question of media regulation in relation to ethical standards in the context of two Australian media inquiries that commenced in 2011 and were concluded in 2012. The first was the Convergence Review, established by the Gillard Labor government to ‘review the operation of media and communications legislation in Australia and to assess its effectiveness in achieving appropriate policy objectives for the convergent era’ (Convergence Review, 2012, p. 110). Established by the Minister for Broadband, Communications and the Digital Economy, Sen. Stephen Conroy, the independent Convergence Review Committee was asked to ‘propose an alternative structure [for media regulation] that would encourage continued innovation and protect citizens’ interests in an age of convergent communication’ (Convergence Review, 2012, p. 110), in the context of Labor’s ambitious National Broadband Network (NBN) scheme, aiming to provide high-speed broadband services to over 90 per cent of Australian homes and businesses by 2017. 
The second review was the Independent Media Inquiry into the Media and Media Regulation, which was established in September 2011, in the wake of the Leveson Inquiry in the U.K. and concerns about standards in the Australian print media. This inquiry was chaired by the Hon Ray Finkelstein QC – and its final report is commonly referred to as the Finkelstein Review – assisted by Matthew Ricketson, Professor of Journalism at the University of Canberra. Like the Convergence Review, it was conducted with the support of the Department of Broadband, Communications and Economy (DBCDE). Its Terms of Reference required it to consider:
a) The effectiveness of the current media codes of practice in Australia, particularly in light of technological change that is leading to the migration of print media to digital and online platforms; 
b) The effectiveness of the current media codes of practice in Australia, particularly in light of technological change that is leading to the migration of print media to digital and online platforms; 
c) The impact of this technological change on the business model that has supported the investment by traditional media organisations in quality journalism and the production of news, and how such activities can be supported, and diversity enhanced, in the changed media environment; Ways of substantially strengthening the independence and effectiveness of the Australian Press Council, including in relation to on-line publications, and with particular reference to the handling of complaints; 
d) Any related issues pertaining to the ability of the media to operate according to regulations and codes of practice, and in the public interest (Independent Inquiry into the Media and Media Regulation, 2012, p. 13).
In addition to the Convergence Review and the Finkelstein Review, other reviews taking place that had some relevance to media policy included the Review of the National Classification Scheme undertaken by the Australian Law Reform Commission (ALRC, 2012), the development of a National Cultural Policy, and a review of copyright laws, also undertaken by the ALRC. But it was the Convergence Review and the Finkelstein Review that were most specifically focused on news media, whose recommendations had the most implications for the conduct of journalism in Australia, and which attracted the most diverse – and frequently divided – public commentary.

DVS 2.0

In 2010 the Australian National Audit Office strongly criticised implementation of the national Document Verification Service (DVS), envisaged as a secure online service enabling real-time verification by Commonwealth (and state/territory) government agencies or core identity documents such as birth certificates, passports, visas and drivers licenses. Last month the DVS was quietly made available to the private sector, inc over 17,000 organisations.

The Service is now to be 'enhanced'.

In 2012 a report [PDF] on a Privacy Impact Assessment regarding the DVS became available under the Freedom of Information Act. It is regrettable but unsurprising that the Attorney-General's, facing ongoing and substantive criticism about the operation of the DVS and concerns regarding use by the private sector, should have hidden that light under a bushel.

Indications of community consultation regarding the DVS have not been fulfilled. It is unclear whether the enhancement preempts consultation and reflects criticism by entities such as the Australian Privacy Foundation [PDF] regarding both substantive problems with the existing DVS and concerns about ongoing function creep.

The PIA indicated that
The identity verification requirements for private sector organisations arise, for example, under legislation and related regulations:
  • in the financial services sector under various provisions such as those found in the Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1), the Superannuation Industry (Supervision) Regulations 1994 and the Credit Reporting Code of Conduct made under the Privacy Act
  • in the telecommunications sector, under regulations made under subsection 99(1) of the Telecommunications Act 1997, carriage Service Providers and their retailers are required to collect and verify their customer’s identity and address information 
  • in the transport sector Individuals wishing to work in secure aviation or maritime zones need to apply for an Aviation Security Identification Card (ASIC) or a Maritime Security Identification Card (MSIC). Applicants need to provide documents to prove their identity and Australian citizenship or residency. ASIC and MSIC cards are only issued after the issuing body has established the applicant’s identity and background checks are conducted as required under the Aviation Transport Security Regulations 2005 made under the Aviation Transport Security Act 2004, and the Aviation Transport Security (Consequential Amendments and Transitional Provisions) Act 2004 and the Maritime Transport and Offshore Facilities Security Regulations 2003 made under the Maritime Transport and Offshore Facilities Security Act 2003
It goes on to note that
it is common practice in the private sector for identity documents that are provided by an individual to be largely accepted at face value. Documents are routinely copied by organisations and the copies are retained in hard or scanned form. 
An organisation may seek additional documentation where it is not satisfied that the individual has established his/her identity to a sufficient level. This might include manual, or in some cases online (through subscription to the document issuers’ database), verification of personal information. Manual document verification by an organisation of papers presented to it involves the organisation forwarding personal information to the document Issuer Agency by mail, fax, email or transcribing it over the phone. The Issuer Agency will then undertake a manual search of its registers and usually respond with a copy of the document or additional supporting detail about the applicant. Online verification can involve for example, CertValid (the Certificate Validation Service), which verifies Birth, Marriage and Change of Name Certificates issued by State and Territory Registries, or the Visa Entitlement Verification On-line service, which is operated by the Department of Immigration & Citizenship to allow organisations to verify visa details. 
Organisations in the finance sector have recourse to other service providers such as credit reference agencies to undertake checks on their behalf. In 2009, the Anti-Money Laundering Magazine identified the public and proprietary data sources used to conduct checks:
  • The Australian Electoral Roll, 
  • Sensis White Pages, 
  • Department of Immigration and Citizenship, 
  • Department of Foreign Affairs and Trade watchlists, 
  • Australia Post Postal Address file, and 
  • Proprietary databases such as historical white pages, an online public number directory derived from Telstra’s Integrated Phone Number Directory and other in-house credit reference data.
A number of organisations providing identity verification services also include “data-scraping” as part of the services they offer. A form of web harvesting, data-scraping obtains validations of client data from a service agency’s public-facing internet facilities by: 
  • encouraging a client to provide authentication details and logon data into an online account or service portal, and 
  • running third-party systems that can observe and register the results of that transaction. A successful login is then recorded as successful client verification and sold onto a client organisation.

Kantians and employment

'Labour Law and Kantian Ideas of Legality and Citizenship' (University of Leicester School of Law Research Paper No. 14-07) by Lisa Rodgers discusses
the relevance of Kantian ideas of legality and citizenship to the study of labour law. It is argued that Kantian ideas of legality have infiltrated labour law to a certain extent, but that the influence of this system has remained marginal. The sticking point has been the association of these ideas with the equality of subjects of the law, and the irrelevance of need or welfare to legal questions. Neither of these assumptions accord with the basic normative foundation of labour law. However, it is argued in this paper that the Kantian idea of citizenship provides a much more relevant foundation for labour law. This idea starts from the position of inequality of bargaining power between the parties (employers and employees), and the need to consider the position of individual subjects. It also moves beyond traditional labour law theory by insisting that the law must be involved in promoting not only distribution but also autonomy for individual employees and workers. 
Rodgers comments
It is the argument of this article that the centrality of dignity as redistribution to the functioning of labour law has undermined its effectiveness for workers. Ironically, imbuing labour law with dignity as redistribution means that it continues to have the marginal effects that dogs the application of Kantian dignity as autonomy to the labour law scheme (through contract law and employment contracts as slavery). This can be explained in the following way. The normative instinct of labour law relies on two elements: the concepts of ‘inequality of bargaining power’ and ‘labour is not a commodity’. If dignity is seen in terms of distribution there is essentially no separation between these two phenomenon: they both refer to the possibility that workers can suffer disadvantage when they ‘encounter the wheels of commerce’. This implies that labour law functions only as an instance of market constraint to protect ‘vulnerable’ workers from the worst excesses of the market. Labour law becomes concerned with worker protection rather than worker empowerment. The result (it may be argued) is a body of laws which acts only in marginal situations (where the subordinating effect of inequality of bargaining power and commodification of labour are most obvious) and provides no real challenge to market dominance or to the dominance of subordinating structures of law (contract law remains the ‘baseline’). 
Viewing dignity in economic terms may also have further undesirable effects for the subjects of labour law. It can mean that labour law deals inadequately with the dignity of workers as autonomous and principled beings. It can deny worker agency: the capacity of workers for principled action and responsibility for those actions. This influences the design of labour law and its outcomes in individual cases, and at the extreme end, can mean that laws are purposefully enacted to constrain the unprincipled and irresponsible (or ‘vexatious) action of workers seeking to enforce their rights. In the UK, the introduction of Tribunal fees for litigants on 29 July 2013 followed this reasoning. The government justified the introduction of Tribunal fees on the basis that this would help the government to allocate resources in a ‘rational’ way which ‘prevents waste through excessive or badly targeted consumption’. The government hoped that the introduction of Tribunal fees would ‘incentivise early settlements’ and ‘disincentivise unreasonable behaviour, like pursuing weak or vexatious claims’. The threat of vexatious claims was not quantified; only the increase in Tribunal claims was mentioned. There appears then to be a disproportionate view of the irresponsibility of Claimant action, repeated in the Chancellor’s claims that action was required to stop companies being ‘sued out of existence’. Indeed, the introduction of Tribunal fees is currently subject to legal challenge on the basis that it unfair for workers. 
A more detailed example of these effects in current labour law may be useful. The example selected is that of the operation of unfair dismissal law, and particular the band of reasonable responses test. Unfair dismissal law may be considered to be driven by the ‘basic normative instinct of labour law’ inherited from the classical labour law scholars: to counteract the the inequality of bargaining power between workers (employees) and their employers and the deleterious effects on workers of (capitalist) commodification. This law is also imbued with the dignity as redistribution thesis referred to by Kahn-Freund. The argument proceeds that employers have an interest in maintaining flexibility in employment relations (through dismissing employees as and when they see fit) whereas employees have an interest in maintaining a level of job security.  However as a result of the inequality of bargaining power between employer and employee, the employee cannot properly protect his/her interests through the negotiation of the contract of employment. The result is an imbalance of resources which compromises the dignity of workers. Therefore, unfair dismissal law steps in to guarantee some level of employment security for workers, and thereby to tip the balance of resources back in favour of the employee. Unfair dismissal law is also concerned to counteract the processes of commodification brought about by the subordinating processes of capitalism. It is argued that on entering employment relationships, employees trade some security for subordination. There is therefore a social pressure to ensure that there is some reallocation of resources through compensation for this personal submission and dependence. This compensation is provided by unfair dismissal law.
Rodgers concludes
Kant’s work has not been traditionally seen as very useful in the study of labour law. The focus in the legal literature has been on an analysis of the relevance of Kant’s system of legality involving three stages of right: innate right, private right and public right. This system has been particularly influential in relation to the study of private law, where the three stages have been put forward as a (new) normative foundation. Kant’s influence has therefore seeped down indirectly into the study of labour law, as labour law tends to take these private law foundations as a starting point for analysis (even though these starting points may then be criticised). A good example is the doctrine of freedom of contract which is referred to in the adjudication of employment contracts. This freedom of contract doctrine appears to fit will with Kant’s system of right and his corresponding idea of legality. However, there is a limit to the usefulness of these private law doctrines based on the Kantian system of right to the study of labour law. The foundation of these doctrines lies in the equality of legal subjects, and there is no space for any consideration of need or welfare. By contrast, when it comes to the study of labour law, the inequality of bargaining power between legal subjects appears paramount and the need or welfare of these subjects is also considered central to law. The influence of these doctrines has therefore been marginal. Furthermore, although a more in-depth reading of the Kantian scheme of right may suggest that some public interest norms can inform the adjudication of private rights, the application of these norms also provides a limited explanation for the function and operation of labour law. These norms operate only on an ad hoc basis and are vulnerable to inconsistent application and amendment. 
As a result, labour law scholars have attempted to design a system of labour law which does not rely on these private law doctrines. The starting point for this analysis has been the inequality of bargaining power between employers and employee brought about by the operation of the capitalist system. On this analysis, the role of labour law is to redistribute power (and resources) to the most vulnerable subjects: the employees. This scheme has not been without its problems. Early labour law theory relied on collective bargaining to provide support to employees (and a level of autonomy in the industrial relations system). By contrast, modern labour law has been designed around specific legal instruments rather than a system of negotiation between employers and trade unions. This has meant that the function of labour law in promoting autonomy has been neglected in favour of promoting dignity as redistribution. The corollary has been a system of law which, at times, has provided insufficient respect for the capacity of individual employees for principled action. Indeed, elements of punishment are increasingly seeping into the operation of labour law (the introduction of Tribunal fees being a good example). It is suggested in this article that in order to reimbue labour law with a sense of dignity as autonomy, a new system of theorisation is required. The starting point for this consideration, it is argued, is Kant’s theory of citizenship. This system starts from the position of an inequality of bargaining power between private individuals (in line with traditional labour law theory). Kant argues that this inequality of bargaining power can affect an individual’s (employee’s) ability to participate in the functioning of the state (he/she becomes a ‘passive’ citizen). On the Kantian scheme, passive citizenship is not just a problem for the individual but also for the state, as the state relies on the participation of citizens in the making of law. Passive citizens are not able to participate in this way. The state must therefore ensure that conditions are available for the transition from passive to ‘active’ citizenship. This active citizenship ensures the legitimacy of state function and the innate right of all individuals to autonomy. 
It is argued that this system is a useful starting point for the development of labour law. As has been mentioned, the Kantian system accords with the argument of the traditional labour law scholars that employment law must begin from the consideration of an inequality bargaining power between employees and employers. But more than that, it develops (or reaffirms) those arguments by placing those individuals not only at the heart of legal function but also at the heart of state legitimacy. The state and the law are intimately connected on this scheme. Furthermore, on Kant’s scheme, the state and the law must move beyond mere redistribution from employers to employees. The state and the law must imbue individuals with the autonomy which reflects their innate right to set their own life goals. This reinforces the legitimacy of law because all three elements of right act in conjunction. It also reinforces the legitimacy of the state because it ensures that as many individuals as possible contribute to the general will; it ensures that the state functions as a ‘union’ of a ‘multitude of human beings under the laws of right’.

Credit ADR

The Privacy Amendment (External Dispute Resolution Scheme - Transitional) Regulation 2014 amends the Privacy Regulation 2013 to provide a temporary 12 month exemption from the external dispute resolution requirement under subparagraph 21D(2)(a)(i) of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) for utilities and commercial credit providers.

04 March 2014

Publics

'Self, Privacy, and Power: Is it All Over?' (Chicago-Kent College of Law Research Paper) by Richard Warner and Robert H. Sloan argues that
 The realization of a multifaceted self is an ideal one strives to realize. You realize such a self in large part through interaction with others in various social roles. Such realization requires a significant degree of informational privacy. Informational privacy is the ability to determine for yourself what others may do with your information. The realization of multifaceted selves requires informational privacy in public. There is no contradiction here. Informational privacy is a matter of control, and you can have such control in public. Current information processing practices greatly reduce privacy in public thereby threatening the realization of multifaceted selves. To understand why this is happening and to figure out how to respond, we analyze the foundations of privacy in public. 
Privacy in public consists in privacy by obscurity and privacy by voluntary restraint. Privacy by obscurity is essentially a matter of getting lost in the crowd. Privacy by voluntary restraint was perhaps first explicitly discussed by the great nineteen century sociologist, Georg Simmel. He was impressed by the fact that people voluntarily limit their knowledge of each other as interact in various social roles. Merchants and customers, students and teachers, restaurant customers and waiters, for example, typically exchange only the information necessary to their interaction in those roles and voluntarily refrain from requesting, disclosing, or otherwise discovering more. Advances in information processing have greatly reduced both privacy by obscurity and privacy by voluntary restraint. We focus on the latter. One reason is that, as privacy by obscurity declines, the need for privacy in public by voluntary restraint increases. We confine our attention to the private sector; however, given the current corporate-government surveillance partnership, constraining private information processing is an essential part of constraining governmental processing. 
Unlike privacy by obscurity, you need the cooperation of others to realize privacy by voluntary restraint. We explain the cooperation by appeal to informational norms, norms that define contextually varying permissions and restrictions on the collection, use, and distribution of information. Norm-implemented coordination is essential to privacy in public (in the form of voluntary restraint), and it is this coordination that advances in information processing and related business practices undermined. This happens in two ways. First, businesses exploit existing norms to create a debased form of "coordination" that serves their interests while eroding privacy in public. Second, technology-driven business innovation has created new forms of interaction not governed by relevant information norms. This lack of norms means the lack the coordination essential to privacy in public. As privacy in public disappears, multifaceted selves face the threat of disappearing — literally — from the scene. The solution is to establish norms that ensure sufficient privacy in public. We conclude by considering the prospects for doing so.

Breach

In the data breach of the day the Australian reports that the "names and details of thousands of university academic union members have been accidentally made public".

The breach reportedly involves "lists of names, contact details and positions" of National Tertiary Education Union members at five universities - Sydney, Western Sydney, Adelaide, Flinders and South Australia - supposedly "collated with the intention of contacting each person to solicit funds to support a campaign for the upcoming West Australian Senate election".

The Australian indicates that
The lists were made public yesterday after a computer expert who goes by the pseudonym Yeow Wan emailed the union to complain about how easy the lists were to find on a file conversion site called docupub.com. 
The same person had contacted the union in August after he had found similar lists on Google Docs that appeared to contain answers to questions in relation to upcoming university strike action.
As yet there's no statement on the NTEU site

Uptake of Internet Filters in the UK

With another bout of hissing and spitting regarding online child safety and mandatory filters about to occur in Australia I have been reading the January 2014 OFCOM report [PDF] on 'Internet safety measures Strategies of parental protection for children online', which has been cited in the usual media claims that 'children of the digital age' are more web-savvy than their parents and can therefore disable an internet filter in the time it takes dad to count the squares on a Rubik Cube.

The authors must have fun writing the report, which confides that
Parenting in the digital age, against a backdrop of continuing technical evolution, can be complex and challenging as children rapidly take up the opportunities of internet use. 
Guides for the perplexed were saying much the same thing about uptake of products from Mr Gutenberg and his peers and then about the magic box known as television.

The report goes on more usefully to state that
According to our research use of tablets has tripled this year, becoming the device of choice for 8-11s to access audio visual content and games in particular. Over six in ten 12-15s now own a smartphone and it is the most popular device for social networking among that age group. 
Children’s confident adoption of new technologies has many positive outcomes with benefits of use ranging from education, communication, social engagement and entertainment. But there are also perceived risks, particularly around internet content, and the conduct and contact risks inherent in peer to peer communication facilitated by the internet. Although the vast majority of children say that they are confident they can stay safe online the research also shows their levels of confidence have fallen slightly from previous years. The research notes some trends around unsafe behaviours, such as maintaining an open social network profile, and indicating that children are less likely to know how to block online messages from people they don’t want to hear from.  (One third of 12-15s with a social networking profile in 2013 have it set so that it can be potentially viewed by people unknown to them. This is up from 22% last year.)
The vast majority of parents say they trust their children to use the internet safely. This agreement increases with each age-group, consisting of 52% of parents of 3-4s, 72% of parents of 5-7s, 83% of parents of 8-11s and 89% of parents of 12-15s. However, parents also report having concerns about their child’s online activities. Parental concerns tend to be higher around issues identified in this report as relating to contact and conduct with around one quarter of parents concerned around cyberbullying and a similar number concerned about downloading bogus applications and viruses. 
One in five parents are concerned about who their child is in contact with and the risk of the child giving out personal information to inappropriate people. Around one sixth of parents are concerned about the issues identified in this report as content issues which their child might encounter online. 
That said, the vast majority of parents feel that the benefits of the internet outweigh the risks and around half feel they know enough to help their children stay safe online. Overall, half of parents of 5-15s agree that their child knows more about the internet than they do but this also varies by the age of the child – from 14% of parents of 3-4s up to 63% of parents of 12-15s.
The document features the following 'main conclusions' -
Parental strategies are a combination of mediation and controls 
The quantitative findings from the 2013 Children and Parents: Media use and attitudes report study showed that the vast majority of parents are actively engaged in mediating their child’s online activity in some way. Most use a combination of approaches including:
  • Regularly talking to their children about staying safe online. Almost eight in ten parents say they have talked to their child about online safety with 45% doing so at least monthly. 
  • Having rules relating to parental supervision. Over half of parents have set rules around supervision of the internet which include regularly checking what children are doing online or only using when supervised. 
  • Mediation through technical tools. Over six in ten parents use some kind of technical mediation such as parental controls, safe search settings, You Tube safety Mode, time-limiting software or PIN/Passwords set on broadcaster’s websites. 
Overall, 85% of parents with a child that goes online at home via a PC/laptop or netbook use at least one of these approaches with 20% using all three, 35% using two and 30% using only one. Fifteen per cent of parents use none of these mediation techniques.  
A 2012 qualitative study into parents’ views on parental controls suggested that the approach parents took to mediating the potential risks to their children in the online sphere was generally consistent with their overall parenting style. Respondents typically spoke of their aim to balance rules and boundaries with trust and freedom. Instilling the right values and habits in their children was seen to be critical. 
Parents’ use of a range of technical tools and other safety measures on sites regularly used by children 
However … technical tools also play a part in many parents’ online parenting strategies with six in ten parents of children who use a PC/laptop/netbook to go online at home using some form of technical mediation. These include:
  • 43% of parents of online 5-15s and 40% of parents of 3-4s report having parental controls as defined above6 in place on a PC, laptop or netbook. A majority of parents with parental controls set on their device agree strongly that these controls are effective and that their child is safer as a result. 
  • Safe search setting: Four in ten parents of online 5-15s say they use safe search settings on search engine websites. 
  • Time-limiting software: One in ten have software installed to limit the amount of time a child can spend online. 
  • YouTube Safety Mode: Two in ten parents have the Safety Mode set. This increases to three in ten parents of children who actually visit the YouTube website through a PC/laptop or netbook. 
  • Content provider guidance: One in three online children now watch television content via UK television broadcasters’ websites. Around one in four of the parents who are aware of the guidance labels have set up a PIN or password to be used before viewing programmes that have a guidance label (24% of the 67% aware of guidance labels). 
Social media monitoring also plays a role, with parental awareness of the minimum age requirement for Facebook having increased among parents whose child has a profile on this site and 73% of parents check their child’s social networking site activity. In addition, figures from the 2012 study shows that where the parent and the child have a profile on the same website, 97% are ‘friends’. 
Non take-up 
Over half of parents do not use parental controls in the form defined by this report, i.e. those provided by their ISP , their computer’s operating system or programmes installed or downloaded by someone in their household. 
The main reasons for non take-up of parental controls, as identified in the 2013 quantitative survey, are a combination of trusting and supervising the child – depending on the age of the child. 
The 2012 qualitative study also showed that a lack of awareness and understanding of parental controls appeared to be a key reason for non-take up. The study suggests that there is a perception, particularly amongst parents with lower levels of confidence about technology, that the process of selecting and installing parental controls was complex and time-consuming. 
The qualitative findings also suggested the potential value of parental controls did not appear to be front-of-mind on a daily basis for parents. In the absence of a specific trigger many parents without parental controls admitted ‘not getting around’ to considering them. Their reported focus was more on the issues and problems that they were regularly experiencing with their children’s day-to-day internet use (e.g. children spending too much time online) rather than around the risks which few parents had any direct experience of (e.g. of physical and psychological harm related to exposure). 
In addition, even amongst those who had installed parental controls, many had not given them much further thought and protections may have become outdated as a result of this lack of continuing engagement. 
Overall, parental controls were viewed as a supplement to, rather than replacement for, hands-on parenting. Supervision and other forms of parental mediation were felt still to be needed to manage all of the day-to-day issues their children faced, including risks emanating from children’s internet usage.
The report has the following structure
Part 1 The Context of the Internet 
Section 2 – Opportunities, risks and challenges 
Takes an overview of children’s access to the open internet as an educational resource, as a platform for communication and creativity, but also as a source of distinct risks around content, contact and conduct, with specific regulatory challenges. 
Section 3 - Parental mediation: managing the risks to children 
Describes the tactics of parents, carers and educators in guiding and informing children’s behaviour through education and advice, mediation and rules as critical aspects of child protection online. 
Section 4 - Safety mechanisms and the role of industry 
Describes in detail many of the tools and mechanisms offered to parents to protect their children online and notes some of the issues around such tools. It does so within a simplified model of the internet from content origination to content reception by the user and gives an overview of the status of internet intermediaries like ISPs.
Part 2 The Research 
Section 5 – Children and the internet: use and concerns 
Sets the context for mediation by looking at key changes in children’s use of the internet, their likes and dislikes compared to the online concerns of parents. 
Section 6 - Parental mediation strategies: take -up, awareness of and confidence of parents in relation to parental controls 
Provides both quantitative figures and qualitative insights to create an in-depth picture of the broad range of online mediation strategies employed by parents and their levels of confidence about their ability to keep their children safe online. 
Section 7 - Safety measures on sites regularly visited by children 
Looks at the research available regarding parental mediation of websites regularly visited by children, including search engines, YouTube and social networking sites. 
Section 8 - Why parents choose not to apply parental control tools 
Looks at the various reasons why some parents choose not to install parental controls.

03 March 2014

A UN Privacy Agency?

'Three Scenarios for International Governance of Data Privacy: Towards an International Data Privacy Organization, Preferably a UN Agency?' by Paul De Hert and Vagelis Papakonstantinou in (2013) 9(2) I/S: A Journal of Law & Policy 271 argues that
 Data privacy regulation has reached a crossroads: while three out of the four intergovernmental organizations that have released relevant regulations (the OECD, the Council of Europe, and the EU) are amending their respective texts, each one is implementing its own agenda. The Internet and cloud computing are making the need for international governance more evident than ever. Three scenarios may be foreseen: 1) the status quo remains, and technology intervenes to address public concerns; 2) the EU General Data Protection Regulation, which is expected to replace the EU Data Protection Directive by mid-2014, comes into effect and then goes on to set the international data privacy standard; or, 3) as suggested in this paper, an international data privacy organization, preferably a UN agency, is established to promote data privacy issues and warrant international data privacy governance, similar to how the World Intellectual Property Organization advances the purposes of intellectual property protection. The establishment of an international organization does not necessarily mean that a new, comprehensive international data privacy framework also needs to be introduced (at least at this stage). Instead, international instruments already in effect could be used. The globally accepted but perhaps under-used 1990 UN Guidelines for the Regulation of Computerized Personal Data Files are an obvious choice.
The authors state that
Data privacy, since the appearance of the first relevant regulatory texts, may be listed among those few and relatively new fields of law that were developed across national borders. Within a single decade, beginning in the late 1960s, data privacy laws that implemented similar approaches appeared in several countries around the world. This informal transborder development was quickly followed by formal international instruments. In the early 1980s, when many countries that processed personal information had already introduced relevant legislation or were seriously considering doing so in the near future, international organizations entered the scene. The regulatory instruments they introduced attempted to converge the existing approaches that had, until that point, been implemented on the national level. These instruments became the common point of reference for subsequent new or amended national data privacy norms.
The international element that accompanied data privacy since its inception should be attributed—like the development of data protection as a separate field of law—to a single reason: the emergence of information technology. Until the late sixties, when the first data privacy laws were introduced, privacy issues were well identified (the now-famous Warren/Brandeis paper of 18901 was written when journalistic photography emerged) but did not lead to any specialized legislation on how to treat personal information. Instead, international treaties and only some national jurisdictions made reference to a general right to privacy. The exponential increase of the data processing ability computers provided to governments that could afford them necessitated the release of the first data privacy acts. The acts’ provisions were aimed at regulating the way such automated and mass processing was to take place; a general reference to the right to privacy was no longer considered sufficient to protect individual rights.
During the years that followed, data protection, (at least in Europe) developed, gaining, independence from its origins: the general right to privacy. However, the link between data privacy and information technology developments remained unbroken, and was actually further enforced. In fact, information technology developments form one of the two external factors, along with political developments, such as 9/11 and its aftermath, that set the international data privacy agenda. Information technology converged with telecommunications, creating the current interconnected and internationalized environment of personal data processing, the Internet. Processing of personal information is no longer performed locally, or even within well-defined physical borders. The original “transborder flows of personal data,” which by definition included transmission of data from one jurisdiction to another, were soon replaced by borderless continuous personal data processing, in which personal data are processed somewhere in the “cloud,” that is, in indistinguishable server-farms installed around the world.
In addition, transborder personal data processing became individualized. Local data controllers are no longer needed to transmit their data subjects’ data across borders to other data controllers in order for transborder exchanges to occur. Today, Web 2.0 applications enable individuals to upload their personal data to the “cloud,” going to and from unidentified destinations.
Consequently, the need for international governance of data privacy is more important than ever. However, the means to achieve this still seem to be missing—or at least the ones at hand do not meet with the necessary international consensus.
The first part of this paper will highlight the history of international governance of data privacy. It will also briefly describe the current state of governance to demonstrate that international norms followed data privacy legislation from the inception. International norms remain very much relevant today, through an exponential multiplication of sources.
The second part will elaborate upon the complexities of the contemporary processing environment by referring to two case studies, cloud computing and location-based services. These two examples will demonstrate that the transborder personal data flows model, as accommodated and implemented, has substantially changed in the past few years, at both the national and international level. Contemporary global and complex personal data processing makes international governance of data privacy more necessary than ever.
The third part of this paper elaborates upon the three plausible scenarios for the future. First, the status quo could remain. In this case, we suggest that technology will step in by offering technology- based solutions, such as Privacy By Design system architecture or Privacy Enhancing Technologies, to address the concerns of individuals about the best way to protect their private data. The second scenario considers the amendment process of the European data protection framework and the EU Data Protection Directive in particular. It predicts that an improved and updated version (likely in the form of the currently-developing EU General Data Protection Regulation) could constitute the international standard for data privacy either indirectly or directly, through streamlined application of its adequacy criterion. The third scenario recommended by the authors proposes the establishment of an international data privacy organization, preferably a UN agency, to govern international data privacy. The appropriate regulatory vehicle is perhaps already in place: the globally-accepted, but probably undeservedly underused, 1990 UN Guidelines for the Regulation of Computerized Personal Data Files. The field could also benefit from the examples of other sectors that achieved international governance status after decades of persistent efforts, despite the fact that they fostered similarly pervasive legislation, such as copyright.