With the Census collection once more underway after the Census night failures, Australia’s Privacy Commissioner Timothy Pilgrim has issued a statement, advising that he is satisfied that personal information “was not inappropriately accessed, lost or mishandled”, as a result of a denial of service (DoS) attack on the Census website.
In the post below, three academics from Queensland University of Technology’s School of Law say Australians should beware longstanding legal issues with the Census that are only exacerbated in an age of big data, cloud computing and hacking.
In response, says Dr Matthew Rimmer, Australia needs a statutory cause of action for serious invasions of privacy, mandatory disclosure of data breaches and updated privacy laws as a matter of urgency.
Dr Matthew Rimmer, Professor of Intellectual Property and Innovation
As a privacy expert, I am appalled by Australia’s creepy census which invades every corner of our lives and fails to provide anonymity – a basic principle of privacy.
The Census rides roughshod over our anonymity, privacy and security without our informed consent or voluntary participation.
A risible “low risk” privacy impact assessment was rushed through by the Australian Bureau of Statistics (ABS) before Christmas, without proper consultation with the public or civil society.
There are substantive privacy risks and information security problems associated with it, and the ABS has withdrawn its claim that its website is in the cyber-secure zone.
As a researcher, I am disturbed by the approach taken by the ABS.
Ethical research involves confidentiality, informed consent, voluntary participation, and no threat of compulsion or fines. Unfortunately, the approach taken by the ABS fails to properly respect such ethical standards.
We need to properly respect the rights and liberties of research participants – especially those in high-risk and vulnerable communities.
I welcome the legal and political challenge to the Australian Bureau of Statistics on privacy grounds by Senators Nick Xenophon, Sarah Hanson-Young, Scott Ludlum, Jacqui Lambie, and Janet Rice. Such politicians have shown real leadership in defending the privacy, freedom, and civil liberties of Australian citizens.
There have been longstanding legal issues with the Australian Census.
Back in 1979, Michael Kirby – eminent law reformer and jurist – flagged issues with privacy, consent, and compulsion. Democrat Senator Natasha Stott Despoja repeatedly raised concerns about the punitive use of threats and fines by the ABS.
Now, in an age of big data, cloud computing and hacking, there is an even greater need for privacy protection in Australia.
We need a statutory cause of action for serious invasions of privacy, as recommended by the Australian Law Reform Commission and we need mandatory disclosure of data breaches. We need to update our privacy laws as a matter of urgency.
The ABS has clearly lost the public’s trust and confidence over the Census 2016.
Dr Monique Mann, School of Justice
In an era of big data, algorithmic profiling and data matching, advocating for the collection of ‘anonymous’ census data is not a panacea for privacy concerns.
We need to consider this in the context of the volume and nature of information that is already routinely collected by state and non-state agencies with or without individual knowledge or consent.
Individuals can be personally identified from a small number of data points, irrespective of whether they provide their names. There are broader issues to be debated about the collection, storage, sharing and use of personal information.
Dr Cassandra Cross, expert in identity theft and fraud.
It is naïve to think census data will not be compromised in some way in the future. It is wrong of government to offer an iron-clad promise that it will be kept safe.
Many governments here and overseas have experienced data breaches and the ABS is not immune to any type of compromise, external or internal.
Census data is a collection of highly personal and sensitive facts which is an attractive target for potential offenders.
There has been no consideration of what would happen were a data breach to occur and the potential impact that could have.
Identity theft is one of the most significant problems today, and can have devastating impacts. To dismiss privacy and security concerns with inaccurate comparisons to the use of other social media platforms ignores the inherent differences in these – that of voluntary participation.
The best way to prevent a data breach is to neither enable its retention nor its linking to other data sets in the first place.
See other stories published by Croakey about the 2016 Census: