Sianne Tsandidis
The necessity of working and socialising remotely due to the COVID-19 pandemic has created added pressure to move online. These circumstances have in-turn encouraged individuals to accede to the erosion of their data protection and privacy at the click of a button. With content instantaneously available, and social media sites constantly pinging with the latest profile updates, the services that individuals contentedly access for ‘free’ do in fact involve a cost – access granted in exchange for the sharing of personal data by technology companies to third parties.
In 2022, the World Bank has projected an annual rise in total internet traffic of approximately 50% from 2020 levels to 4.8 zettabytes, mainly comprised of personal data. But working, shopping, and socialising online should not come at the cost of curtailing our human right to privacy.
Within Australia, the Privacy Act 1988 (Cth) regulates and supports protection of individuals’ personal information, creating responsibilities for Australian government agencies and organisations subject to the act. In the absence of a federal human rights charter however, there is no fundamental right to privacy beyond certain state-specific human rights legislation.
On an international level, the right to privacy is contained in the International Covenant on Civil and Political Rights, Article 17, and the Universal Declaration of Human Rights, Article 12. The Convention on the Rights of the Child, Article 16, comprises similar provisions.
Sitting beneath the overarching umbrella of privacy, digital data protection refers to the way in which our personal information is managed online; which in turn involves collection, analysis and distribution. Yet despite the universal and borderless nature of the internet, currently, digital data protection legislation exists domestically or regionally (e.g. EU Regulation 2016/679 known as the ‘GDPR’) rather than as internationally enforceable treaties.
Relevantly, there have been several United Nations (‘UN’) resolutions adopted since 2013, the most recent of which, by the UN Human Rights Council, concerns the right to privacy in the digital age adopted in September 2019 (A/HRC/RES/42/15) and affirms that: ‘the same rights that people have offline must also be protected online, including the right to privacy’. Such an assertion is made in the face of rising privacy incursions, driven by both government and the private sector, such as the gathering of online user data by American internet companies via the ‘PRISM’ program of the US National Security Agency, revealed as part of the Snowden revelations which came to light in 2013 and sparked this discourse by the UN.
In Australia, surveys on community attitudes to privacy have found that most Australians are aware of the need to protect their online privacy, and are uncomfortable with businesses keeping records of their conversations online, targeting them with specific advertising, or tracking their location. Nonetheless, many people lack confidence in their ability to protect themselves online. These findings, reported by the Office of the Australian Information Commissioner, have been echoed in studies overseas, such as in the United Kingdom and the Netherlands. A lack of confidence can lead to a lack of digital literacy which, in turn, discourages protective behaviours. Studies indicate, however, that with effective public education campaigns, individuals are not without agency.
Presently, as our increasingly digitalised world makes internet use more unavoidable, the Australian government has sought to ‘to better empower consumers, protect their data and best serve the Australian economy’ by releasing the Privacy Act 1988 Discussion Paper and an exposure draft of an ‘Online Privacy Bill’. This will likely – at least, in its present form – see the creation of an online social media privacy code binding on organisations providing social media services (termed ‘OP organisations’ and defined in the proposed section 6W). This move aligns with Australian Privacy Principles, the 13 principles launched by the Australian Government in force since March 2014, aiming to protect the personal information of individuals gathered by government and the private sector, while significantly raising enforcement measures and penalties. New protections would empower individuals by introducing greater protections for vulnerable groups and children, and an individual right to request that disclosure of personal information be ceased, and thus would generate additional obligations on large organisations.
Although these government initiatives are long overdue, they possess the potential to improve privacy protection, resulting in a strengthening of the Privacy Act by addressing the privacy challenges generated by online platforms and social media. Given the ongoing nature of the pandemic and the advent of digitalised life through remote work and recreation, that is, ‘living’ online in a work-from-anywhere world, the need to improve online privacy protection is more important than ever.
Sianne Tsandidis was the 2021/22 summer intern with the Australian Journal of Human Rights.