Australia's Information Privacy Laws - Research Paper Sample

Introduction

An analysis of the entities that handle personal information indicates a glaring gap between how the data should be handled by law and how it is actually being handled. Australian companies have fallen short of meeting stipulated guidelines and conforming to the set data laws. The failure in meeting these requirements stems mainly from ignoring GDPR requirements, which outline how personal information is handled, stored, and made available (Franco, 2018). The increased lack of awareness for the need for accountability when managing personal information is another major contributor to this challenge.

Poor enforcement and the Privacy Act gaps have led to the erosion of trust in digital platforms (Lindsay, 2014, p. 131). These digital platforms are varied and include e-commerce, digital health services, and other government services. This failure of privacy laws to protect personal information has significantly impacted the effectiveness of the government's digital initiatives, which has consisted of digitizing health and other services at both national and state levels (Greenleaf, 2001). The efficient protection of data privacy requires a full data audit coupled with enhanced data management processes that ensures the sanctity of the data, a factor which Australian privacy laws have failed to uphold.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Personal Information

Personal information consists of data that identifies an individual on digital platforms, and this consists of an IP address, URL, name, credit card number etc. (Hewett & Whitaker, 2002). There has been increased reliance, plus a great aspect of people's lives is revolving around data. This includes social platforms, governments, and financial institutions, which are tasked with collecting and analyzing personal information. These are the data that are analyzed and stored and can be used by companies to identify consumer patterns, tastes, and preferences (Hughes et al., 2008, p.57). This allows them to commercialize the data which they trade with other corporations that use this data for marketing purposes. The failure in continually monitoring user information and ensuring information amassed is handled with cognizance of EU’s binding stipulations poses a significant risk to data security (Burdon et al., 2016, p. 626).

Australian privacy protection laws require important and crucial upgrades and improvements to address the breaches of privacy (Selvedurai, 2013, p. 302). The violations have mostly resulted from enhanced data surveillance by the private sector. This, therefore, means that the privacy right of action and effective privacy monitoring is required to enforce the laws. It is necessary for citizens to have trust in e-platforms that include e-commerce and e-government initiatives. A lack of confidence in these platforms presents a severe crisis to both the government and the consumers since e-platforms are necessary in delivering services in this day and age (Burdon et al., 2016, p. 626). Effectively regulating data requires that big corporations and organizations be monitored and assessed for compliance (Selvedurai, 2013, p. 302). This is because these corporations are known to sidestep compliance with set regulations citing their operation outside the EU laws.

Impact of Poor Privacy Laws

Poor privacy laws and poor enforcement and implementation have led to the harvesting of personal information of millions of people from various platforms that are then used for different malicious purposes (Daly, 2017, p. 840). This has led to severe and continuous contravention of privacy laws by exposing personal information to other entities that use it for their gain (Tucker, 1992). For instance, Cambridge Analytica has been sued for using data generated on Facebook's social media platform, which were then used to tailor political messages and advertising purposes (Smith, 2020).

The misuse of personal data harvested from various digital platforms has facilitated the spread of wrong information and other harmful uses. Misuse of private personal information involves utilizing the data for a different purpose other than its intended purpose (Bonython & Arnold, 2014, p. 170). This is a severe breach of local Australian privacy laws. From the harvested data, malicious third parties can create psychographic profiles of the subjects of the data. These profiles are used in shaping targeted advertisements aimed at persuading people based on their recent activities. These lead to uncanny popup suggestions when using digital platforms, particularly social media sites. The targeted advertisements may include false or biased information (Daly, 2017, p. 840). However, the information may be absorbed by the individual as accurate, facilitating the spread of fake news. This targeted advertising has been particularly used by Cambridge Analytica to build preference for a specific candidates in political competitions by painting the other party negatively. This has had significant impacts on election outcomes and how the public perceives candidates.

Another impact of the ineffective laws is that digital platforms have used settings and poor encryption strategies that facilitate personal information disclosure, which includes sensitive data, which breaches the privacy requirements (Conger et al., 2013, p.409). This has led to data breaches, where people's personal data gets lost, stolen or transferred to third parties who are not supposed to access this data. These third parties are prone to malicious intent, which involves selling or using this data for the wrong purpose (Conger et al., 2013, p.409). Small companies and organizations in Australia have not felt the need to invest in robust security protocols to protect users' personal information in their system (Anwar et al, 2018). This is because the Privacy Act does not require companies with a turnover of less than three million USD to report data breaches. These have left the personal data at risk of being harvested and used for unintended harmful purposed, which is a breach of individual privacy.

Comparing Australian Information Privacy Laws

The European Union's data privacy regulations are quite broad, with stipulations that effectively cover different scenarios encountered in handling or managing digital data. On the other hand, Australia's data privacy laws are inadequate and not comprehensive enough to address all issues related to handling personal information on e-platforms (Ismail, 2018). This gap has left the personal data of its citizens exposed, which poses a risk for serious harm. The GDPR forms the core of digital privacy legislation efforts (Goddard, 2017 p.706). They encompass subject data rights, variations in how different data should be handled, how to involve agencies that are tasked with protecting user information, and measures aimed at enforcing the regulations.

The GDPR stipulates that entities who collect personal information have to do it legally and under strict conditions (Goddard, 2017 p.704). Those charged with collecting and managing this information are also required to protect it from unintended use while respecting the individual rights of the owners of the data. Contravention of these requirements attracts fines or penalties, which act as a deterrence for potential misuse (Benett, 2018). These global regulations ensure that consumers are given notifications when a breach of their data occurs (Batskos, 2015, p.28). It also requires organizations to achieve compliance with its regulations. These laws' stipulations require that companies are accountable by applying proper technical and organizational measures that address data security.

The Australian Information Privacy Laws originate from the Privacy Act of 1988, which has been subject to revisions, including the addition of addenda, with the most current being the reporting of security breaches (Australia, 2014). The Act protects personal information that includes sensitive information e.g. sexual preferences, ethnicity, subscriptions to trade unions, and ethnicity. While both the Australian Information Privacy laws and the GDPR have the same objectives and are meant to serve the same purpose, there are key differences, which exposes the Australian Privacy Act's weakness (Bonython & Arnold, 2014, p. 170). The first critical difference is the inclusion of 'real risk of harm' in the GDPR, which lacks in the Privacy Act. This term results from a data breach that harms an individual physically, psychologically, financially, emotionally, and in terms of reputation. The term is used as a qualifier and quantifier that describes the extent of data breaches and its severity (Goddard, 2017 p.704). The lack of this quantifier in the Privacy Act means that it becomes difficult to assess a data breach's impact and its severity. This is a critical contributing factor that has increased the Privacy Act's ineffectiveness in protecting individuals' personal information from risk and exploitation.

The second difference is the regulations concerning the reporting of data breaches. The Australian Information Privacy Laws only require organizations and companies with a turnover exceeding three million USD to report data breaches (Ismail, 2018). This means that the legislation considers that smaller companies are not subject to data breaches, or if there are breaches, it is insignificant. This forms one of the critical exemptions that is included in the Act. It is critical because through it, a large percentage, more than 85% of small companies, organizations and business in the private sector are exempted from complying with the Privacy Act. On the other hand, the GDPR requirements on reporting data breaches are not selective but transcend all organizations and companies, both governmental and private (Goddard, 2017 p.705). This difference means that individual data handled by small organizations in Australia can be breached without the involved companies needing to report (Benett, 2018). Another entity that is exempted from privacy obligations are employers who collect and manage employee health information. These exemptions pose a serious risk to personal data safety.

A third difference emerges in the duration in which organizations handling personal data are required to report breaches and conduct investigations to assess the extent and severity of the violation (Ismail, 2018). The Privacy Act gives companies thirty days to evaluate breaches and provide reports immediately the assessment is over (Anwar et al., 2018). On the other hand, GDPR provides companies who have suffered breaches seventy-two hours to report incidences of breaches to the authorities and affected individuals. The GDPR also requires an immediate assessment of data breaches, which is as soon as they are discovered (Goddard, 2017 p.704). From these contrasting timeliness, it is evident that EU's regulations consist of stricter protocols which are more useful when serious data breaches occur. It is evident that GDPR has better protocols that will ensure companies conduct proper diligence and incident responses to ensure all legal concerns are addressed and that reporting is also achieved.

Conclusion

A key issue that also emerges is that the Australian information privacy laws are not regularly reviewed and updated as recommended when compared to the EU’s regulations (Watts & Casanova, 2018, p. 3). This has led to the Privacy Act missing in additional rights that ensure privacy is upheld with emerging technologies.