Essay: Internet privacy issues

Google defines privacy as: a state in which one is not observed or disturbed by other people. Internet privacy entails the security of personal data published, or collected, via the internet. The Australian Law Reform Commission suggests privacy can be put into separate concepts. Internet privacy relating to the individual, consists of information privacy and privacy of communications. According to the Australian Privacy Foundation, privacy is a right which is internationally and nationally recognised and accepted.
A privacy breach occurs when personal information has been collected, used, or disclosed without permission. Invasion of internet privacy ‘involves the un-authorized collection, disclosure, or other use of personal information.’ This can also be called a data breach. Health information, bank account details, passwords or photos are all examples of private information that may be breached.
Consumers that have encountered internet privacy issues are more aware of the potential risks related to the sharing of information. Individuals could also become hesitant when using the internet and sharing their personal information. Consumers may feel vulnerable because of information misuse and become less likely to disclose personal information.
Many of the legal and non-legal responses, regarding the issue of privacy (in Australia), are guided by the Australian Office of the Information Commissioner and the Australian Privacy Principles (more on them later). These guide Australian governments and organisations.
The Privacy Act 1988 aims to regulate the handling of personal information. It is Australia’s key set of privacy laws. The current act contains 13 Australian Privacy Principles (APP’s), which set out privacy protection Australian individuals can expect from organisations. It also defines how they should handle personal information as well as what they can use it for. The Privacy act is directed at entities regarding the security of personal information. The act describes the types of personal information protected under the act; anything that is a record – including photographs and videos if their identity could be ascertained. The Privacy Act allows for complaints where individuals believe a breach of privacy has occurred, an effective response managing breaches or abuse of privacy and providing access. The Privacy Act also grants the Australian Information Commissioner powers including: investigating complaints, giving direction to agencies to conduct privacy impact assessments and applying for federal Court orders for civil penalties.
There have been many instances where the prospect for a tort for invasion of privacy has arisen, as recognised in two lower court decisions: Grosse v Purvis in the District Court of Queensland and Doe v Australian Broadcasting Corporation in the Country Court of Victoria. In 2008 the ALRC (Australian Law Reform Commission) ‘recommended the creation of a tort for invasion of privacy’ but this was not considered of high priority at the time. Then again in 2014 the ALRC recommends the creation of a tort, a private right allowing individuals to sue for serious invasions of privacy. This is a grey area in law. In Doe v Yahoo!7, Smith DCJ stated ‘it seems to me there is an arguable case of invasion of privacy… I would be very hesitant to strike out a cause of action where the law is developing and is unclear.’
The Privacy Amendment Act 2012 made reforms to the Privacy Act 1988. It aimed to enhance privacy protection, and replaced the National Privacy Principles and Information Privacy Principles with the Australian Privacy Principles (APP’s). It provided privacy law reforms; increasing the Privacy Commissioner’s power, introducing new penalties and adding restrictions on disclosing personal information overseas – among other things.
Another legal response to the issue of internet privacy, is the International Conference of Data Protection and Privacy Commissioners which first met in 1979. It has been ‘the premier global forum for data protection authorities for over 3 decades,’ and seeks to provide leadership in data protection and privacy, at an international level.
The Anti-Abuse Project (an agency of reform), born in 2004, was created by a small group of law students and IT security specialists. They have four main mission points: inform and educate on the various forms of misconduct on the internet, provide information on the legal matters, deliver professional assistance and consulting in the fields of network and information security, and provide easy ways for reporting online abuse or any form of violation of legal rights on the internet. The Anti-Abuse project created a website allowing users to check IP addresses and domains against different block lists.
Prior to the Australian Privacy Foundation (APF) was the Australian Privacy Charter 1992, established under Justice Michael Kirby (Chairman). They were formed to develop a privacy charter (December 1994) comprising of two principles: 1. To all forms of privacy and surveillance (not just information privacy) and 2. To both private and public sector organisations. It then became the APF. The APF is a non-government organisation dedicating itself to the protection of the privacy rights of Australians. One of their aims is to focus public attention on emerging issues posing threats to the freedom and privacy of Australians. The foundation plays a unique role (as an NGO) on a wide range of privacy issues and has led the fight in defending the rights of individuals to control their personal information. The APF work with consumer organisations, civil liberties councils, professional associations and other community groups (on specific issues).
The Centre for Internet Safety (CIS) in Canberra was created in the hope of fostering a safer and more trustworthy internet, by providing support and advice on all impacts of cybercrime and threats to our cybersecurity. CIS are active participants in Privacy Awareness Week, conduct both public and private briefings regarding privacy awareness and research and write about the issue of privacy for the benefit of individuals.
Whilst the Privacy Act 1998 did not address all issues regarding privacy, it began the process for privacy law in Australia. It was effective because of its enforceability. Regarding the tort, the law has not been responsive and has still not addressed the repeated recommendation of a tort for invasion of privacy. The Privacy Amendment Act 2012 provided reforms and although the responsiveness of the law was slow, taking a decade, it was an effective legal response. CIS have effectively increased privacy awareness, and continue to respond to the issue of privacy abuse. The International Conference of Data Protection and Privacy Commissioners achieves international leadership regarding privacy, by connecting the global efforts of privacy and data protection authorities.