While similar high profile and high scale incidents are usually addressed by the appropriate authorities and legal action is always taken, there are too many lower key online privacy intrusion instances in which the law seems to be unable to act, or at least doesn’t have precedents and clear regulations on how to proceed. One of the attempts to rectify this situation comes from the Australian Reform Commission and their recently published report.
Even though the mentioned report covers much more than just cloud computing privacy regulations, we’ll focus on that aspect of the issue. One of the reasons for this decision is the rapid expansion of cloud services, combined with the lack of awareness surrounding this technology.
In a recent report published in March 2014, the Australian Communication and Media Authority (ACMA), among other things, estimates that even though, in 2013, close to 900,000 businesses used a cloud based solution, and almost 14 million adults (80% of the population) had at least some contact with a cloud application, only 26% of the people using this technology were actually aware of the fact that what they were doing involved cloud resources, while only 55% of the entire population of Australia claimed that they have heard about the term.
“almost 14 million adults (80% of the population) had at least some contact with a cloud application, only 26% of the people using this technology were actually aware of the fact that what they were doing involved cloud resources…”
Adoption rates significantly increased from the year before, and the industry is only expected to grow, with its revenue compound growth rates being projected to amount to somewhere between 19 and 25% per year.
Even though the report states that 52% of consumers were quite aware of the security concerns, and that 14% expressed their concerns about the trustworthiness of cloud solution providers, people are still far from being educated on what their rights and obligations are when it comes to protecting their online privacy. Sadly, one of the reasons for this state of affairs is that regulations, when existent, tend to be overly convoluted.
However, individual users and businesses are not the only ones with cause for worry. There are numerous government initiatives that employ cloud technology in different areas. For instance, as a part of their rural and remote education reform, the NSW Department of Education and Communities strives to help children in remote and rural regions receive a broader education through virtual secondary schools.
Of course, this is just one of many education oriented initiatives involving online resources. While the report issued by the Australian Reform Commission has almost no direct bearing on similar propositions, it does help with their adoption. It achieves this by making it clear to people that online privacy concerns are taken seriously, and that, as complex and as new as these issues are, they can be regulated, which should increase people’s trust factor, make them more amiable towards similar reforms and more willing to allow their children to share their information in a cloud based environment.
The Serious Invasions of Privacy in the Digital Era report, drafted by the Australian Law Reform Commission, the summary of which you can find here, was made at the request of the country’s Federal Attorney General at the time (2013) Mark Dreyfus, and was meant to explore the legislation regarding online privacy issues in an increasingly digitalized world.
The report attempts to offer standardized ways of dealing with online privacy invasion, and suggests how to prevent such acts, how to determine jurisdiction, establish proof of damages and exemptions, and which are the rights and obligations of either of the involved parties. It tries to established a standardized course of action in such cases, but it is facing some rather difficult challenges.
One of the main issues is that there is still the issue of determining culpability. While people’s online privacy is something that they should be able to protect through legal action, the culpability of the defendant still has to be determined on case to case basis, according to a relatively subjective set of standards.
For instance, the defendant could claim that their actions, i.e. invasion of someone’s online privacy, were driven by public interest, or that they fall under the freedom of speech and information umbrella. Initially, the idea was for plaintiffs to be responsible for proving that the preservation of their online privacy, in their particular case, was more important than public interest, but this approach was determined to be unfair, and instead, the defendant is expected to justify their actions.
The report tries to introduce a course of action that would enable individuals to start a proceeding against the person or entity who abused the information they were in disposal of and receive damages, regardless of whether they suffered financial or physical loss as a result of the invasion. As such, it amends Privacy Act 1988 and other legislation pertaining to the protection of online privacy and freedom of information.
Intentional online privacy intrusions, as well as those caused by recklessness would constitute a cause for action, however, those resulting from negligence wouldn’t. However, ascertaining whether something was caused by negligence or recklessness is not the only problematic issue. In order for action to be taken, the intrusion also has to be serious, which is to say, one that would be extremely harmful or offensive to a person of ‘ordinary sensibilities’.
As if this didn’t make the matters complex enough, there is also the public interest aspect to consider. If the defendant can prove they acted out of interest for domestic and national security, public health and safety, adequate government administration, media’s freedom to investigate, or freedom of expression, the intrusion might be considered justified, as its benefits outweigh the online privacy concerns.
If you feel this is not nearly as stringent as would be ideal, it is important to remember that a lot of people would abuse stricter regulations to cover up information about their dealings, completely crippling investigative journalism, and using the law as something they can hide behind.
What Are We to Expect?
Regardless of whether the report manages to incentivize the current government to introduce the new course of action or not, the fact is that it’s a step in the right direction. While it does have some gray areas, it recognizes the necessity of a more comprehensive approach to online privacy; one that takes the current technology into account, and that tries to offer protection from intrusion without stifling freedom of speech.
If the course of action is not approved, chances are we will be seeing other attempts at this kind of regulation as cases which demand it keep increasing in number.