privacy – Page 7 – Cyber Law Watch

This is your digital life (of no consent or control): The Australian Information Commissioner takes Facebook to Court

Mar 11 2020

By Cameron Abbott, Rob Pulham and Rebecca Gill

In a first for Australia, the Australian Information Commissioner (Commissioner) has launched proceedings in the Federal Court of Australia, seeking penalties against Facebook for serious and/or repeated interferences with privacy. The contraventions relate to the conduct disclosed by the Cambridge Analytica scandal, which involved the This is Your Digital Life app (App). We’ve previously blogged about the App here.

It is unclear how the penalties will be calculated in this proceeding. The penalty rate applicable to the relevant period (being from March 2014 to May 2015) is a maximum of $1.7 million. Some have suggested that fines may be in the billions if the maximum rate is applied to each individual affected as a single “contravention” (with possibly over 300,000 contraventions in total!). This may be fun to calculate, but highly unlikely to be applied in reality.

Mar 05 2020

By Cameron Abbott, Warwick Andersen, Rob Pulham and Max Evans

Privacy lawyers have been waiting for this day for years (some of us decades). Privacy is on the front page of the Sydney Morning Herald and the Age, despite there being no actual data breach. According to the article, Alinta Energy, one of the Australia’s biggest energy companies, is putting the privacy of its over 1.1 million retail gas and electricity customers at risk through poor privacy protections and a lack of proper oversight.

While this is an interesting piece of investigative journalism, what is really interesting is that privacy is now newsworthy even in the absence of a data breach. It has been a long time coming but it seems society now rates privacy as front page news. As our lawyers have already been pointing out in giving presentations this year – privacy has finally hit the big time!

New Decade, New Facebook? Facebook Reaches $550 Million Settlement in Facial Recognition Class Action, Agrees to Upgrade Privacy Safeguards

Feb 20 2020

By Cameron Abbott, Max Evans and Florence Fermanis

Facebook is in the news again, but this time it’s not for the Cambridge Analytica scandal that took over our screens in 2019. Facebook has agreed to pay $550 Million USD to settle a class action which claimed that it had collected and stored biometric information belonging to millions of users without their consent, according to reports by Reuters and TechXplore.

According to the reports, the relevant users alleged that Facebook illegally collected biometric data through its ‘Tag Suggestions’ feature, which allowed users to recognise Facebook friends from uploaded photographs.

Taking its Toll: Toll Shuts Down IT Systems Citing Cyber-Security Incident

Feb 05 2020

By Cameron Abbott, Max Evans and Florence Fermanis

We have our first large scale data breach of the decade. Toll, a transport and logistics network which delivers up to 95 million items globally every year, has temporarily shut down a number of its IT systems as a precautionary measure after suffering a cyber-security breach on Friday, according to an article by the SMH.

A spokesperson has indicated that Toll has cybersecurity experts working closely with their IT team on the breach, and is taking careful internal measures so that systems can be brought back up online in a “controlled and secured manner”. Additionally, Toll has initiated business continuity plans to minimise the disturbance brought on by the breach. While any official numbers of affected customers and the exact nature and extent of the breach have not yet been released by Toll, The Register has reported that the breach has reportedly affected customers in Australia, India and the Philippines.

Post-Brexit data protection – where are we now?

Feb 04 2020

By Cameron Abbott and Michelle Aggromito

After years of political squabble and delays, Brexit day finally arrived on 31 January 2020. But what does it mean when we talk about the UK’s withdrawal from the EU and how will data protection regulation and compliance change?

There will be little change during the transition (also known as “implementation”) period that is expected to end on 31 December 2020. During this period, EU law will continue to apply in the UK, including the EU General Data Protection Regulation (GDPR), after which the GDPR will be converted into UK law.

“Totally Clueless”: Dating app Grindr reported for breach of privacy rules

Jan 24 2020

By Cameron Abbott, Max Evans and Florence Fermanis

Dating apps, for many young people, are a fact of life. Meeting someone these days in real-life rather than through a simple swipe right appears to have become the exception, belonging more to any number of 90s teen “romcoms” than it does to real life.

According to an article by Reuters however, in recent times dating app Grindr has been the subject of a complaint by the Norwegian Consumer Council (NCC) in relation to a breach of privacy rules as set out in the European Union’s General Data Protection Regulation, implemented in 2018.

Pushing for Gold: Organisers of the Tokyo 2020 Olympics adopting Facial Recognition Technology and Robotics to Ensure Peak (Security) Performance

Jan 05 2020

By Cameron Abbott, Max Evans and James Gray

It seems that Facial Recognition Technology (FRT) is the flavour of the month. Recently, we blogged about the adoption of FRT in the SkyCity Adelaide Casino to identify barred gamblers, which comes following the commencement of Perth’s 12 month trial of FRT conducted in co-operation with law enforcement agencies. However, on an international stage, organisers of the 2020 Tokyo Olympics have begun testing of FRT access systems to boost security, according to a Report by the Australian Financial Review.

Poker Face: Problem Gamblers Being Identified through Facial Recognition Technology

Dec 31 2019

By Cameron Abbott, Max Evans and James Gray

Facial Recognition Technology (FRT) is being used by the popular SkyCity Adelaide Casino to detect barred gamblers, according to a report by Adelaide Now.

The FRT is capable of identifying even those attempting to conceal their identities with hats and sunglasses, with one staff member detected by her smile. According to the report, casino staff escorted barred gamblers off premises following identification using the FRT, before asking the relevant gambler whether they are in contact with their counsellors. The report states that detected problem gamblers were almost always appreciative of staff’s intervention.

You Can’t Throw the (Face)Book at Them: Affected Users Unable to Pursue Damages Claim against Facebook

Dec 23 2019

By Cameron Abbott, Max Evans and James Gray

A US federal judge has ruled that the 29 million Facebook users affected by the September 2018 data breach may not seek damages as a remedy, but can only pursue the enforcement of better security practices at Facebook, according to a report by Reuters. Judge Alsup of the US District Court stated that Facebook’s repetitive losses of users’ privacy indicated a long-term need for supervision, which comes in addition to prior judgment which indicated that Facebook’s views about user’s privacy expectations were “so wrong”.

California’s answer to the GDPR – the California Consumer Privacy Act kicks in on 1 Jan 2020

Dec 02 2019

By Cameron Abbott ,Tan Xin Ya and John ReVeal

In just a short few weeks, a monumental change of privacy regulations will kick in for US businesses. On 1 January 2020, the California Consumer Privacy Act (CCPA) will come into effect, with a compliance deadline at the end of January 2020, and signifies a shift in tone in the privacy sphere for the US – with a move closer to global privacy norms, and away from the perspective that personal data is a company asset.

A series of data disasters such as Facebook’s Cambridge Analytica scandal and the massive Equifax breach left many Americans feeling powerless. Regulators stepped in after the fact to punish the companies, but at the time, there was little that U.S. consumers could do to prevent data breaches. Under the CCPA, Americans (well, Californians, mostly) move a step closer to general privacy protection. However, the Act only targets larger companies or those with prolific data use so there is still a long way to go to being general protection.

In October, the California Governor signed five bills to amend CCPA to provide some regulatory relief for businesses when the CCPA comes into effect. For a detailed analysis on the amendments, we refer you to Volume 2 of our colleagues’ Volume 2 of The Privacists available at the K&L Gates Hub.

Tag:privacy

This is your digital life (of no consent or control): The Australian Information Commissioner takes Facebook to Court

Front and Centre: Privacy makes Front-Page, without a breach!

New Decade, New Facebook? Facebook Reaches $550 Million Settlement in Facial Recognition Class Action, Agrees to Upgrade Privacy Safeguards

Taking its Toll: Toll Shuts Down IT Systems Citing Cyber-Security Incident

“Totally Clueless”: Dating app Grindr reported for breach of privacy rules

Pushing for Gold: Organisers of the Tokyo 2020 Olympics adopting Facial Recognition Technology and Robotics to Ensure Peak (Security) Performance

Poker Face: Problem Gamblers Being Identified through Facial Recognition Technology

You Can’t Throw the (Face)Book at Them: Affected Users Unable to Pursue Damages Claim against Facebook

California’s answer to the GDPR – the California Consumer Privacy Act kicks in on 1 Jan 2020