15.07.2014

Principle 9: Privacy protection is an issue of shared responsibility

2.47 Individuals must generally take some responsibility for the protection of their own privacy and the privacy of others. The exercise of personal responsibility should be encouraged, where possible. The ALRC considers that capable adults should be encouraged to take reasonable steps to use the privacy tools offered by service providers. Several stakeholders stressed the importance of personal responsibility.^[72]

2.48 However, government, corporations and small businesses that process personal information also have a responsibility to provide individuals with the necessary tools to protect their own privacy. Personal responsibility can only be fully exercised when individuals are provided with the education and tools necessary to protect their privacy, and when the choices expressed by individuals are respected.^[73]

2.49 Individual responsibility must therefore be balanced with the responsibility of organisations and service providers. These groups should provide transparent and accessible methods to protect the privacy of their customers. This includes providing clear privacy policies, information about how to protect privacy, and privacy warnings.

2.50 In some circumstances, individuals may not be empowered to exercise personal responsibility in a meaningful way. Professor Daniel Solove has written that, although privacy self-management is ‘certainly a laudable and necessary component of any regulatory regime’, it is being ‘tasked with doing work beyond its capabilities’.^[74]

2.51 The ALRC is asked to consider how the law may redress and reduce serious invasions of privacy. But the law is not a panacea, and education has an important role to play in reducing and preventing serious invasions of privacy.^[75]

2.52 In the ALRC’s view, governments and industry have a responsibility to provide adequate education and assistance, particularly for vulnerable members of the Australian community, such as people living with disabilities, children and some young people.

2.53 The OECD’s 2013 Privacy Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data highlighted the need for greater government investment in education about privacy awareness, particularly concerning online privacy protection. The Guidelines recognise that ‘more extensive and innovative uses of personal data bring greater economic and social benefits, but also increase privacy risks’.^[76]

2.54 Education about privacy risks and management may be particularly important for children and young persons.^[77] Research suggests that the use of privacy settings on social media is higher among older Australians. For instance, sixteen to seventeen year olds are significantly more likely to have their Facebook profiles set to private—limiting access to their private information to individuals whose online ‘friendship’ they have accepted—compared to twelve to fifteen year olds.^[78] This is affirmed by evidence suggesting some young people believe the internet to be a ‘necessity of life’ and that ‘it is better to take a beating from all your classmates than to be isolated from the Internet’.^[79]

2.55 This evidence may suggest the need for privacy awareness campaigns and other strategies targeted at younger Australians.

2.56 Drs Nicola Henry and Anastasia Powell underscored the importance of non-legal methods to reducing and redressing invasions of privacy which occur through the internet:

Service providers of online communities and social media networks can and should be proactive in addressing these issues by providing mechanisms for users to report hateful and/or harassing content and can dedicate sufficient resources towards monitoring and removing such content. Clear community guidelines, terms of use on internet sites, and agreement between police and service providers may also be effective. Educational initiatives are crucial in fostering an ethical digital citizenship and can do much to educate people about the right to privacy.^[80]

2.57 The overall balance of recommendations in this Report is informed by the principle that responsibility for protecting privacy must often be shared.

[72]
Australian Federal Police, Submission 67; Facebook, Submission 65; National E-Health Transition Authority, Submission 8.
[73]
Australian Privacy Foundation, Submission 110.
[74]
Daniel J Solove, ‘Privacy Self-Management and the Consent Dilemma’ (2013) 126 Harvard Law Review 1880, 1880.
[75]
Australian Federal Police, Submission 67; Facebook, Submission 65; Google, Submission 54.
[76]
Organisation for Economic Co-Operation and Development, Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, 2013.
[77]
Facebook, Submission 65; National Children and Youth Law Centre, Submission 61.
[78]
Australian Communications and Media Authority Australian Government, ‘Like, Post, Share—Short Report: Young Australians and Online Privacy’ (May 2013).
[79]
Niels Baas, Menno de Jong and Constance Drossaert, ‘Children’s Perspectives on Cyberbullying: Insights Based on Participatory Research’ (2013) 16 Cyberpsychology, Behaviour and Social Networking 248, 252.
[80]
N Henry and A Powell, Submission 104.