Menu Close
Who will keep our selfies safe? www.david, CC BY-ND

Civil action is the big stick needed to protect our privacy

Never mind the celebrities; let’s say you and I had naked photos of ourselves (selfie-steams) floating in Apple’s iCloud. If somehow those photos were exposed, we would have little recourse under Australia’s current legal regime.

If we were lucky the Privacy Commissioner may show some interest. It is unlikely the police would. Help, justice and satisfaction would be remote possibilities.

If the question “Why do so many young people have naked photos on their phone?” is running through your mind, keep it there. Posing it out loud denotes age, and a serious lack of connection with the iGeneration in the eyes of many (just ask comedian Ricky Gervais who was criticised for saying the celebrities were to blame).

And, although closer understanding and educating regarding this phenomenon is needed, it is probably less helpful in solving the immediate problem.

Here is a snapshot of the current reality: many people take naked images of themselves using technology to share in private relationships. But there is a shortfall between their perceived control over their “own” private images and the nebulous state of rights, responsibilities and regulation of the technology they use to facilitate such behaviours.

The rapid uptake of mobile electronic devices as well as popular web applications (such as social networking sites) and cloud storage and services (where our data no longer resides on the device itself, but is pumped into and out of storage locations elsewhere) has fundamentally changed the privacy of Australians.

We generate inordinate amounts of data – both metadata and content – just by using the devices and services. We expose that data to a range of companies and individuals all of whom must maintain our trust that they will use that information wisely, within the law, and also protect it from exposure to unauthorised people. But they haven’t.

The need for privacy reform

The Australian Law Reform Commission final report on Serious Invasions of Privacy in the Digital Era was tabled in Parliament yesterday.

It was commissioned in June 2013 by the previous Attorney-General, the ALP’s Mark Dreyfus, to examine the adequacy of the Commonwealth Privacy Act, particularly in light of digital technologies.

The report is a valuable contribution to the discussion that we need to be having in this digital age. Importantly, it examines the introduction of a private right to civil action in cases of serious breaches of privacy.

A right to civil action is important because it helps empower the individual (let’s put aside social and economic barriers to the likelihood of such action for the moment). It is also important because such a right will go some way to changing behaviour online. And change is needed.

Bad behaviour encouraged by a lack of consequences

I have long argued that much of the root cause for criminals abusing technologies (by stealing or personal financial information, our broader data, controlling our accounts and so on) and for online businesses being somewhat cavalier in their protection and (mis)use of our data has been a lack of consequences. That is, there is a perception that they will get away with it.

Bad actions that have no consequences quickly spread to others. Parents know that. Governments need to as well. Innovation by companies to protect our privacy has been slow while the plundering of our information by criminals and vexatious people has been anything but.

The prospect of individual civil actions to remedy wrongs may well prove effective where our public mechanisms have not. Or at least they may augment those public institutions and help bring about a more civil society online.

Companies will understandably not relish the prospect of civil action, but something needs to be done to bring the treatment of our private information online in line with our expectations of privacy. Those that recognise and respect their customer’s data and expectations of privacy will benefit.

As for the criminals and others who wantonly and recklessly abuse us online, several large US corporates continue to have good success by using civil means to pursue criminal groups operating at scale online. Giving us the option to use that tool too will only hurt them further.

Many will argue that it is up to the individual to protect their own privacy, particularly by changing their behaviours, and stopping others, such as not taking nudie selfies.

But it isn’t that simple. Even the dullest, most simple action online generates information that could be – and likely is – abused and misused by someone today.

Imagine what’s happening to our more interesting online actions. Do Tinder users really think their data won’t be mined (or exposed) while they trawl the internet for instant relationships?

Are anonymous messaging apps really anonymous?. Does your personal Fitbit health and fitness data just stay with you? What would your heath insurance or life insurance company think of your web searches?

What’s needed is a change on many fronts: end users, businesses, governments, criminals and other data abusers. The Law Reform Commission’s report won’t fix it all – even if the legislation it recommends comes to life – but it will go some way to empowering us end users to assert our rights. And that should be celebrated.

Until then, changing passwords and only taking photos you’re comfortable seeing on the front page may be the best options.

Related reading: It’s time for privacy invasion to be a legal wrong

Want to write?

Write an article and join a growing community of more than 122,000 academics and researchers from 3,916 institutions.

Register now