Australia Takes Steps to Tighten Data Security Laws
Australia has recently taken significant action in the realm of data security that will potentially have global impact. In December 2018, the Australian Competition and Consumer Commission (“ACCC”) released recommendations on ways big technology companies can improve data security. Interestingly, these recommendations seem to incorporate some key components of the General Data Protection Regulation (“GDPR”) the EU introduced in May 2018.
The ACCC’s recommendations, which specifically target the dominant reach of companies like Facebook and Google, include the following:
Granting individuals control over how big technology companies use their personal information, which is often obtained when someone subscribes to a website or otherwise conducts Internet activity.
Granting individuals control over what advertisements they receive over the Internet, which often reflect and individual’s browsing activities and personal interests. This could include providing users with the capability to opt-in for certain advertisements.
Establishing a regulatory body with authority to conduct official investigations into consumer complaints, especially those centering on defamation, false advertising, misappropriation of personal information, and suspected unfair partnerships with third-party organizations. This body could also monitor and control how tech companies collect data from users.
Providing consumers with a choice over what browsers are available on their devices instead of having a specific browser preinstalled on all devices.
Mandating that tech companies disclose certain events, including when they merge with or acquire another company.
Providing incentives to partner with or subscribe to trustworthy news outlets, such as offering tax deductions.
The main goal of these recommendations is to limit the reach that large digital media companies have over the public—both currently and in the future. Without monitoring these companies, individual data privacy could be compromised. In the absence of stricter laws, consumers may be more exposed to unreliable news sites which could hinder their ability to make informed decisions and, in some cases, could limit competition. The ACCC said this hinders the public’s ability to make informed decisions and hinders competition.
The ACCC is awaiting feedback from tech and media companies that the reformed data privacy regulations would affect. Later this year, the ACCC should issue a report on the feedback they received and provide a more definite plan for tightening up data security. If implemented, this plan could also have global ramifications. Other countries, including the United States and Canada, have the same data privacy concerns. Some of these countries and their individual states have already taken steps to tighten data security through measures similar to the GDPR and Australia’s recent recommendations. In the face of ever-increasing regulation, big tech platforms will be forced to review their practices. The results will include better consumer protection, a reduction in false advertising, and an increase in reliable news content shared on these sites.
Interestingly, Australia also passed a law in December 2018 requiring tech companies to give law enforcement access to encrypted data. The goal of this law is to ensure that law enforcement can catch criminal and terrorist activity locally and globally that is occurring over digital applications or websites. While many believe this could help deter criminal activity, there are concerns that is fails to protect privacy for non-criminals and increases the risk for data breaches. Tech companies are also concerned that activity outside Australia may be negatively impacted because users and business partners will fear that the companies will not adequately safeguard their encrypted data. It will be interesting to see how Australia’s new laws and recommendations regarding data privacy unfold during this year, as well as any global impact that may follow.