Privacy Commissioner lists gripes with Microsoft data-privacy report

Privacy Commissioner lists gripes with Microsoft data-privacy report

Summary: The Office of the Australian Information Commissioner has disagreed with some of the changes that Microsoft suggested about how data could be used.

SHARE:

The Office of the Australian Information Commissioner (OAIC) has expressed concerns with some of the data-privacy changes that were proposed by a recent Microsoft report.

The Microsoft Global Privacy Summit Report (PDF), entitled "Notice and Consent in a World of Big Data" and released in November 2012, lists the topics that came out of numerous global discussions held by the vendor on data privacy.

"Generally, people agreed that new approaches to privacy protection must shift responsibility away from individuals to organisations which use data, driving a focus on what uses of that data are permitted, as well as [have] accountability for responsible data stewardship, rather than mere compliance," Microsoft chief privacy strategist Peter Cullen wrote in a blog post.

While the OAIC was supportive of more responsible data-collection processes, it disagreed with some of the changes that the Microsoft report suggested about how collected data could be used.

The Organisation for Economic Co-operation and Development (OECD) Privacy guidelines stipulate that personal data cannot be used unless an individual's consent is given. The Microsoft report suggested that this rule should be changed, so that organisations can use any data so long as it is not "fraudulent, unlawful, deceptive, or discriminatory."

"In our view, this would allow a considerably broader re-use of data than that allowed by the original OECD version, and indeed by Australia's [Privacy Act]," Privacy Commissioner Timothy Pilgrim said in an open letter.

The Microsoft report also wanted to change the Individual Participation Principle in the OECD guidelines, which gives individuals the right to request data from organisations that collect information, and the opportunity to request that their data be removed. If a request is denied, an individual can challenge the organisation holding the data, and, if the challenge is successful, the data would have to be erased.

The Microsoft report's version, called the Fairness Principle, would see that individuals have the right to choose what personal data is collected, and is more lax when it comes to the need for organisations to respond to data-deletion requests.

The OAIC believes that the Fairness Principle narrows "the ability of an individual to seek deletion, rectification, or amendment to the information held about them to circumstances affecting only employment, healthcare, financial matters, or legally protected rights."

The commission would like to see the criteria be broadened to include other circumstances, as well such as cultural or religious information.

The OAIC also wants Microsoft to make future reports more gender neutral by removing male and female pronouns.

Topics: Privacy, Microsoft, Australia

Spandas Lui

About Spandas Lui

Spandas forayed into tech journalism in 2009 as a fresh university graduate spurring her passion for all things tech. Based in Australia, Spandas covers enterprise and business IT.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Great link to the MGPSR document...

    I just wonder if you actually read it, yourself. If so, then we both walked away from it with two completely different understandings.

    Here is one instance (of many, in the interest of brevity):

    Your explanation of some of the wording held within this particular document (which is really a study, not a policy) quickly and severely minimizes this portion, "responsible data stewardship, rather than mere compliance,". To me, that means first compliance, and then additional responsibility. I suppose we all see what we want to see. The difference is, I am not blogging on a major tech website, nor do I envy those that accept that responsibility. If I were to, I'd at least read what I linked.

    Again, that's just my brief comment. Your deviation from truth is exponential from there on.
    TechNickle