At the Centre for Media Transition, we recently conducted research into privacy. This included asking people what they thought about shadow profiles. They were outraged. “It’s a kind of a theft,” one participant said. “I find that really unethical.” Over six focus groups, we also asked whether people thought consent was broken, and whether it could be fixed. Short answers: yes, and yes. As one participant said, “Consent is a trap … but it’s better than nothing.”
The findings led us to three core recommendations: consent is broken but can (and must) be fixed; privacy law needs to be improved; and privacy also needs to be protected in the very design of new apps and tech. (The full findings are at cmt.uts.edu.au.)
Our focus groups were also a stark reminder of why data matters. One participant was a survivor of domestic violence. After fleeing an abusive relationship and relocating, she shut down her social media and became fiercely protective of her privacy, and her kids’ privacy. Unfortunately, her ex-partner tracked her down by keeping an eye on the social media of her friends and family, forcing her to relocate again. This shows that privacy can sometimes be a matter of life and death. Like shadow profiles, it also shows the way our data is interconnected. Here, location was revealed accidentally by well-meaning friends and relatives.
The world is waking up to the importance of data and privacy. In Europe, a sweeping new privacy law (the “GDPR”) was implemented in 2018. In various US jurisdictions – including, revealingly, Silicon Valley – facial recognition has been banned. And just this month, New Zealand’s new Privacy Act came into force, with extraterritorial scope so that companies headquartered overseas aren’t let off the hook.
In Australia, we’re emerging as a world leader in some areas of digital regulation. The news media bargaining code – which includes provisions about the user data that digital platforms must share with news media businesses – may set a global precedent. With privacy, however, we have some catching up to do. But there are good signs. Sure, the COVIDsafe app turned out to be a contact tracing flop, but the legislated privacy safeguards that accompanied the app’s release were commendable. Let’s hope this signals a shift. Meanwhile, the ACCC has been busy. This month it launched legal action against Facebook, accusing it of misleading and deceptive conduct over its Onavo Protect app. Facebook said the app would keep users’ data private; instead it collected “significant volumes” of data for commercial use.
For the current privacy law reform process, the Attorney-General has received submissions on the role of notice and consent, the issue of inferred data, and more. These tough issues must be addressed, and so too: shadow profiles; the interconnected nature of our data; and how Australian law can best fit with overseas jurisdictions. What makes it even tougher is that we need to do all this in a way that also fosters innovation, freedom of speech, and other vitally important values and interests – including, of course, public health, especially in this time of global pandemic.
You may have heard that privacy is dead. It isn’t. But it is in trouble, and needs our help to step out from the shadows.
Sacha Molitorisz is an academic at the Centre for Media Transition at UTS and the author of Net Privacy, How we can be free in an age of surveillance.