issues

Information is the primary commodity in the information economy.

As a result disagreement about privacy - who controls much of that information - is a central feature of debate about regulation of cyberspace. It is also a key area of uncertainty for business and consumers. 

Online privacy is likely to be contentious for at least a generation. And we can expect to see successive legislative amendments and industry codes, punctuated by examples of bad practice in how information is collected, utilised and disseminated. Our advice to clients is to be aware of issues and act strategically.

     perceptions

Recent Caslon surveys suggest that consumer concerns about privacy equal worries about the security of online purchasing/payment as a major roadblock for Australian electronic commerce. 

Over 80% of the top 200 Australian sites seek personal information but fewer than 10% have a privacy policy that meets the national Privacy Commissioner's principles. Government agencies sometimes have the legal boilerplate but don't practice what they preach. (One major offender, for example, proudly proclaimed that it was a totally cookie free site, after we'd encountered three cookies en route to that proclamation).

Overseas studies demonstrate that privacy is one of the major potholes in the information highway. Some show that consumers (individuals and businesses) refuse to interact with many sites that demand particular information. That's a problem, because the competitor may be just a few clicks away. Others show that users respond by supplying false information. Others fuel a growing demand for more comprehensive and more effective regulation.

Scott McNealey of Sun claims that privacy is already history: it's gone, so get over it. Solveig Singleton's Privacy as Censorship: A Skeptical View of Proposals to Regulate Privacy in the Private Sector, a paper for the US Cato Institute, argues that there is "little to fear from private collection and transfer of consumer information". 

That assertion's inconsistent with statements by industry leaders and with a history of government responses to bad practice. 

It is clear that new technology, such as automated collection of data about online activity, large-scale data profiling and data trading, offers significant opportunities for privacy abuses. It also provides a major incentive, in an environment where the right information may be the crucial factor in a sale or an election. Ontario Privacy Commissioner Ann Cavoukian's paper Privacy: The Key to Electronic Commerce and paper on Data Mining: Staking a Claim on Your Privacy illustrate those points.

More importantly, it is inconsistent with consumer and business perceptions that there are substantive concerns. Irrespective of whether those concerns are firmly based in reality - and documents highlighted in the following pages demonstrate that there are problems - the perceptions need to be addressed.

Theorists such as David Brin, author of The Transparent Society (Reading, Perseus Books 98), argue that if privacy is history, that's not the issue. For them the issue is equality of exposure. Data harvesters know quite a lot about you; you know very little about them and to conduct a normal life you can't escape their invisible clutches. 

In practice the information liberationism espoused by Brin or Brian Martin - eliminate the mass media, abolish intellectual property, abandon concepts such as defamation - is unlikely to extend beyond a few enthusiasts. Most users of the web will need to grapple for issues discussed in the following pages.  

     the evolving privacy landscape

The nature of privacy - and the scope for abuses such as spam - have changed over time. As George Williams notes in his lucid Human Rights Under The Australian Constitution (Melbourne, Oxford Uni Press 99), privacy is not enshrined in the constitution. Instead there's a patchwork of individual Commonwealth and State/Territory legislation and guidelines. 

That regime was initially restricted to the public sector; it is being progressively - some say haphazardly and too slowly - extended to cover the private sector. It is being driven by consumer and business concerns. 

It is also being driven by overseas legislation, in particular the EU Data Directive (reflected in Canada and New Zealand), and guidelines such as the OECD Guidelines on the Protection of Privacy & Transborder Flows of Personal Data (GPPD) examined by Graham Greenleaf in his paper on Stopping Surveillance: Beyond 'efficiency' & the OECD.

In the US, home of privacy luddites such as the Cato Institute, there's a powerful move to extend existing international agreements such as Safe Harbor to cover domestic markets. 

Lawrence Lessig, author of the excellent Code & Other Laws of Cyberspace (New York, Basic Books 99), recently wrote that

...after years of inaction, Congress is finally coming to see that privacy on the internet won't take care of itself. The mystery isn't that self-regulation failed; the mystery is why anyone thought it would succeed. Data is money. It is a resource that the present architecture of the net gives away for free. And just as the industrialists of the 19th century were not about to give up free air and water without legislative intervention (read: pollution laws), so too will net commerce not relinquish free data in the name of something as obscure as privacy.

In Australia, whether we like it or not, privacy is an issue. We need to understand why that is so. And we need to act accordingly, whether we're information owners, users or intermediaries.


   next page (Australian legislation)