Event recap: iappANZ 2018 Summit
From left to right: Sven Bluemmel, Angelene Falk, John Edwards, Richard Bean (moderator)
Earlier this month, on 1 November 2018, the International Association of Privacy Professionals ANZ (iappANZ) hosted the iappANZ Summit 2018 in Melbourne. The Summit explored emerging trends and developments in privacy regulation, media, technology and innovation, and brought together an exciting range of guest speakers from government, industry, and academia.
Sven Bluemmel, Victoria’s inaugural Information Commissioner, was invited to participate in a panel discussion looking at regulation in the age of international big data. Joining Sven were fellow regulators Angelene Falk, Australia’s Information and Privacy Commissioner, and John Edwards, New Zealand’s Privacy Commissioner.
The discussion touched on many key issues currently facing regulators, including that of consent. Privacy laws in Australia, including the Privacy and Data Protection Act 2014here in Victoria, are based on the traditional, transactional model of consent, where the onus lies with a user or consumer to inform themselves of how their information will be handled, prior to deciding whether to access a particular service or product.
Sven questioned whether this transactional model of consent was still fit for purpose as a central tenet of privacy regulation, given that in some cases (particularly in relation to government services), individuals often don’t have a choice in what services or products they access. This is a key element of consent – for it to be meaningful, it must be voluntary. If there are no alternatives, then individuals cannot really be considered as having a choice.
The panel then discussed the notion of privacy as a broader public good rather than as something with individual value, with Angelene noting the growing focus on public interest in decisions about privacy. John also noted the importance of taking a values-based approach towards privacy, rather than a compliance, tick-based exercise which diminishes its value to organisations.
The audience were then given the opportunity to ask questions of the panel members. Some of the key points arising from those questions include:
- De-identification is contextual – information may be re-identified in one context but not another (Angelene).
- The potential for re-identification is greater than ever with modern techniques and more datasets. The use of de-identified information should occur in a controlled environment (Sven).
- In relation to smart cities, it is important to consider the various elements of smart cities and their cumulative impact on privacy. While not every element may be privacy invasive on its own, it could be when combined with other elements. As such, we need to look at the bigger picture, rather than just each element in isolation (Sven).
Overall, the panel discussion – and the Summit more broadly – provided an interesting and insightful look at the privacy issues facing us today, and how government, industry, society and other sectors could potentially address these challenges to protect individuals’ privacy.