Have all the developments and controversy in the handling of personal information during 2010 produced a long lasting sea change in the global privacy debate?
At the risk of mixing the aquatic metaphors, in 2010 it seemed that “when it rains, it pours”. As law makers and regulators around the world scramble to draw up their battle plans, I think it is instructive to take a look at some of the major headlines of last year and their possible influence on the debate.
When we look back on 2010, it may prove to have been the tipping point in which privacy emerged from the peripheries of public awareness and onto the main stage. The stories have become too prominent to ignore. Big companies have been involved in big controversies involving very big breaches of privacy.
Here are some of the highlights.
Google kicked off the year by introducing Google Buzz in February, a social networking tool that allowed the sharing of status updates, images and videos via Gmail. It came under immediate fire over a feature that looked like it was compiling and making public a list of a user’s frequent contacts without consent, with disturbing potential for stalking and harassment. Indeed, for the first time, privacy regulators from around the world issued a joint statement calling for multinationals to respect laws and wrote to the CEO of Google on the matter.
Things got worse for Google when it admitted to snooping on Wi-Fi users via its Street View cars while collecting data for its mapping service. The capturing of data – fragments of websites, cookies, emails, even the occasional password – raised the ire of public authorities as well as individuals world-wide. The first to rule on the case was the Privacy Commissioner of Australia who obtained an undertaking from Google. There are still a number of investigations outstanding.
Closer to home, Telstra was involved in two data breaches – firstly by sending out 220,000 letters containing account information to the wrong customers and secondly by allowing some users to access the private accounts of others through its Tribe product. The very first days of January 2011 saw Vodafone in a lot of hot water over a seemingly more serious breach.
Unfortunately this discussion would not be complete without Facebook, who endured a tough year with its updated privacy settings and new features. Another running controversy has been the extent to which Facebook shares its users’ information with third parties. This is becoming a particularly pertinent issue given the rise of behavioural targeting and the increasing value advertising companies place on any morsel of information about us. While this may be conscious strategy for Facebook and the website continues to grow at astonishing speed, not everybody agrees with everything it has done.
And the response from the authorities? A year ago I observed that there was movement on both sides of the Atlantic on the need for new thinking about personal information. Where once there was movement, there is now a real flurry of activity.
In the United States, both the Federal Trade Commission and the Department of Commerce released reports at the end of last year noting that current regulatory framworks insufficiently address evolving privacy issues. While policymakers wrangle over the best approach, momentum has been gathering in the courts as privacy trailblazers seek judicial relief. There have been many commentaries on these proposals, but I like the Fulbright Briefing on Privacy, Competition, and Data Protection.
Across the Atlantic, the European Commission is also looking to tackle protection personal data protection in a real and comprehensive way with the release of a draft plan last November.
Here in Australia, there has also been progress, with the appointment of the first ever Minister for Privacy and FOI, the merging of the Office of the Privacy Commissioner into the new Office of the Australian Information Commissioner, the release of draft Australian Privacy Principles and their referral to a Senate Inquiry as the first part of redrafting the Privacy Act. I recently wrote an article on the changing landscape for The International Association of Privacy Professionals (IAPP's) The Privacy Advisor, Jan-Feb edition that expanded on this theme.
The storm has been brewing for some time and it is beginning to feel as though a downpour is now upon us.
What will 2011 have in store for privacy and data protection policy? Will Australia be ready? Watch this space!
Malcolm Crompton is Managing Director of Information Integrity Solutions (IIS), a globally connected company that works with public sector and private sector organisations to help them build customer trust through respect for the customer and their personal information. Malcolm is a former Australian Privacy Commissioner. He was also foundation President of the International Association of Privacy Professionals, Australia New Zealand, www.iappANZ.org.