Productivity Commish changes mind on control over personal info

Datanistas fend off privacy threat, citizens get a chance to be part of a new market


Updated Australians won't get an opt-out from broad data collection, if the government adopts recommendations made by the Productivity Commission.

Apparently, a campaign of submission-writing nobbled the idea that people need to know or control what's done with their data, because the commission's report makes a full U-turn from its 2016 draft, which recommended a limited opt-out right.

Even opt-out rights “in some circumstances” was apparently too much for big data fans: the final report, released here, says submissions “across the spectrum” argued against such a right, “to the point that we can no longer in good faith suggest that this is applicable comprehensively”.

To get its preferred model into place (and to make data more accessible to researchers in spite of the Privacy Act), the commission wants a Data Sharing and Release Act to apply to all digital data, and wants to put a Data Custodian in charge of some aspects of data trading.

Citizens (and SMEs because no government document is complete without them) are offered a couple of scraps in the report: we'd get the right to ask for one data holder to transfer our information to another.

For example, with the exception of security information, a bank customer could ask that all of their information (not just their funds) be transferred to another bank when we move our accounts.

The Data Custodian would provide some protection for consumers, since it would have the power to audit how well a data set has been anonymised, but its most important role will be as a facilitator: deciding what government data counts as a National Interest dataset, and funding Accredited Release Authorities.

The auditing role is designed to plug the gap that would exist if the government's boffin-busting legislation making de-anonymisation research illegal passes the Senate.

Updated to add

It escaped Vulture South's notice on the first reading of the report, that the exercise of a citizens' new right over data is at a cost: the data holder will be able to charge consumers for "costs reasonable incurred in transferring consumer data".

Those costs "would be for data holders themselves to determine and explain".

Reg comment

The commission has comprehensively buckled to the demands of data users over its earlier leaning towards citizens' rights.

Risks identified in the report (it lists discrimination, citizens' loss of control of data boundaries, reputational damage, identify fraud and other “criminal misuse” of data, and commercial harm) are blithely waved away.

Citizens are counselled “not to fall victim to fear,” because even “pen and ink” records can be misused, and anyhow, the commission says, you're all giving your data away all the time (68 per cent of us have a social media profile, 84 of us are in some kind of customer loyalty program, and 13 percent of us let wearables like Fitbits phone home with data).

And we're too thick to know what's going on out there: the commission rather patronisingly explains that even if you give Google or Facebook fake profile information, we are “often unaware that fragments of correct information on them from a wide variety of sources are being compared and matched by intelligent algorithms to form a complete and accurate picture of them”.

There's even a swipe at media for poisoning the well: “a disproportionate reporting of bad experiences can have a long lasting chilling effect on dataset sharing and release”.

Nor should there be any tightening of privacy regulations, because people will still make mistakes, and black hats will still be black hats.

We're asked, instead, to glory in the vista of competition, business growth, and our own power to take part in the data market. I'll bet you can hardly wait. ®

Sponsored: Detecting cyber attacks as a small to medium business


Biting the hand that feeds IT © 1998–2020