Due to the rapid increase in technology over the years, the way that we generate, store and process information has been revolutionised. With the advent of the internet, data is no longer stored on a local server or personal computer. Instead, data is generated, stored and processed on a network of remote servers via the internet. This process is known as “cloud computing”, as it allows ubiquitous, convenient and almost immediate access to a shared pool of resources.
The most common examples of cloud computing servers include web-based email and storage service providers such as Gmail, Hotmail and Dropbox, as well as social networking sites Facebook, Twitter, Instagram and LinkedIn. Most of these online platforms offer their services for free, however the user must hand over their personal information to access the site. It is not always obvious, but upon signing up, many of these services providers have already, and will continue to, trade your personal information with other providers. The more we use these web-based services, the more personal information we generate. As a result, these cloud service providers have far greater access to our personal information than we ever anticipated.
The primary concern with cloud computing is that the terms and conditions of access to the sites are often vague and unclear to the users, and accordingly, not properly understood. The result is that users operate under the mistaken belief that after accessing the site, their personal identifying information will remain on that platform only. The reality of it is that any information and data that is provided is used to track and profile the user. It is not uncommon for personal information to be sold to other entities for the purposes of direct marketing, without users even being aware that they have authorised it. In circumstances where these entities are operating internationally, the entity will not be subject to Australia’s privacy laws and regulations and it is therefore incredibly difficult (if not impossible) to safeguard a user’s information.
Recognising the need for reform, the Privacy Act 1988 (Cth) (the “Privacy Act”) was amended in March 2014. The objects of the amendments were to provide individuals with greater transparency and control over how their personal information is collected and used. In line with these objects, a range of new obligations were imposed on companies that collect and process personal information. For example, the amendments now mean that cloud providers must notify its users of what personal information (for example, you name or telephone number) they collect.
Furthermore, before an organisation that has collected personal information can disclose it to a cloud provider overseas, it must take reasonable steps to ensure that the recipient will not breach the Privacy Act. This can occur through contractual arrangements, or may be satisfied if the cloud storage company is subject to privacy laws which are similar to those in Australia.
While the amendments to the Privacy Act are certainly a step in the right direction, Australia’s privacy laws are far less rigorous than those in the U.S. and Europe and many individuals remain concerned. As technology continues to evolve in leaps and bounds, and as individuals continue to share almost everything about their personal lives online, the concept of privacy will slowly fade away unless we actively seek to close the holes in the Privacy Act and strengthen individual’s rights over their own personal information.
Foulsham and Geddes notes that this article is written for the purpose of providing generalised information and not to provide specialised legal advice. If you require qualified legal advice on anything mentioned in this article, our experienced team of solicitors at Foulsham and Geddes are here to help. Please get in touch with us on 02 9232 8033 today to make an enquiry.