Electronic Frontiers Australia welcomes the Australian government’s moves to change the incentives for how organisations manage Australians’ personal information. EFA has long argued that current incentives reward the over-collection of personal information and encourage lax standards for keeping our information safe.
“While it is nice to see privacy finally get some attention, it is disappointing that the Australian government waited until after millions of Australians had been harmed to act,” said Justin Warren, chair of EFA. “Those who lost their privacy in the Optus, Medibank, Vinomofo, and other data breaches cannot get it back.”
EFA notes that the measures announced so far amount to increasing fines for behaviour that is already illegal. They also rely on regulators that are willing and able to enforce the law, and do nothing to compensate individuals for the harm they suffer when a data breach occurs.
“Bigger fines won’t work if companies believe they won’t have to pay them. The existing regulators are already chronically underfunded, so that also has to change,” Warren said.
EFA would prefer to see power given to all Australians to seek redress for the harm they’ve suffered, such as through a tort of serious breach of privacy as recommended by the Australian Law Reform Commission 8 years ago, in 2014. History shows us that relying solely on government regulators means many Australians are ignored, dismissed, and abandoned.
“A fine paid to the government doesn’t help us move house because an abusive ex now knows where we live,” Warren said. “It doesn’t compensate us when a company’s lax data security means everyone on the Internet knows our medical history. A fine doesn’t give us our privacy back.”
EFA expects that the government will adopt all of its recommendations as part of long-promised reforms to the Privacy Act. Australians deserve to feel confident that their information is kept safe, and that they aren’t required to give up more privacy than is absolutely necessary.
“If governments had listened to us in the past few decades, these data breaches either wouldn’t have happened, or wouldn’t have been as bad,” Warren said. “Governments need to end their obsession with surveillance and put Australians’ privacy first.”