Privacy -- may as well forget it?
Defence of individual privacy in Australia seems largely limited to a few civil libertarians fighting intrusions fuelled by technological advancement and government moves often labelled anti-terrorism initiatives.
A large proportion of us today seem to numbly accept that corporations and government now have the tools -- both technology and regulatory -- to find out who we are, where we are, what we're doing and who we're doing it with.
There is also steadily increasing evidence that privacy legislation and regulation is falling further and further behind advances in technology such as data aggregation and mining, biometrics and radio frequency identification.
A review of the three-year-old private sector provisions of Australia's Privacy Act -- completed by the Privacy Commissioner in March but released this week -- has yielded strong evidence that the National Privacy Principles (NPPs) contained in the Act "may not in fact be technology neutral". The NPPs apply to parts of the private sector and all health service providers.
This neutrality is crucial to their effective operation, as it means they apply equally to conventional, electronic and digital environments. However, the commissioner's review said the NPPs -- based, with some modifications, on OECD principles developed during the 1970s -- did "not appear to have been developed with the online environment in mind.
"For example, there do not appear to be provisions which take into account the identifiers used in the online environment (resulting from packet switching rather than circuit switching) and the uses that can be made of them to track the transactions of an individual.
"The provisions do not take into account the identity authentication required in the online environment.
"Also, the NPPs rely on people making informed choices about whether, and how much information about themselves they hand over.
"In the online environment, people may have very little knowledge or choice about some of the data trails they leave.
"On the other hand, gaining an individual's consent to some specific activities in relation to personal information is much easier than in the paper-based environment.
"As online and electronic interaction becomes increasingly a key part of people's lives, it becomes more difficult to argue that privacy principles that do not take into account these realities are technologically neutral".
The commissioner cites research carried out by the Council Of Europe that states "the advent of the Internet has created a need for a third generation of data protection regulations" and adds: "This suggests there may be a need for new NPPs to accommodate these realities.
"For example, there may be a need for organisations to give people choice about the kind of identity authentication that they are to use, or there may be a need for organisations to only engage in profiling activity if they have the consent of the individual".
These remarks are made on just one page of a 283-page analysis of the private sector provisions. If one thing is clear from the review, it is that a massive amount of work is required just to bring Australia's privacy legislation up to speed with new-generation technologies. The government's commitment to this bears close examination.
What do you think of the state of privacy today? Have new technologies made us too visible? E-mail us at edit@zdnet.com.au or use the talkback function below and let us know.
Iain Ferguson is News Editor at ZDNet Australia.