Privacy and Social Media
Is the race to innovate online leaving privacy rights in its wake?
Organisations in Australia and overseas are recognising the benefits of using social media platforms such as Facebook, Pinterest, and Twitter to promote their goods and services, and to effectively engage more with their customers and strategic partners. However, technology innovations including the advent of tablet and mobile applications, availability of cloud-based software services, geo-location and online behavioural advertising as well as “big data” analytics present a challenge to traditional compliance obligations under the Privacy Act 1988 (Privacy Act) and other applicable laws and regulations.
This paper briefly examines some of the new social media technologies available and considers the compliance and risk issues which may arise for Australian business. It provides some guidance on how to manage these compliance risks and makes recommendations on how to implement a digital marketing strategy, which seeks to use such technologies effectively, whilst properly complying with applicable legal and regulatory requirements.
Legal and regulatory framework
Australian business is subject to a myriad number of laws which can influence and affect all aspects of doing business online. Whilst it is not appropriate to list all applicable laws, there are a number of laws and regulations which are impacted directly by digital marketing activities. These include the Privacy Act, Spam Act 2003 (Cth) and various industry codes of practice. For those organisations in the regulated space such as those in the financial services, insurance and superannuation industries, organisations may also be required to meet ongoing regulatory requirements and guidelines issued by the Australian Securities and Investments Commission (ASIC) and the Australian Prudential Regulation Authority (APRA).
The Privacy Act applies to the handling of personal information by Australian Commonwealth government agencies, ACT government agencies and private sector organisations, with some exceptions. Organisations will need to satisfy themselves that they are required to comply with the Privacy Act as there are some exceptions which do apply.
For those businesses which are affected, the Australian Privacy Principles (APPs) issued in March 2014 broadly cover the expected personal information life cycle from collection and use, to disclosure, retention and finally to destruction. The APPs were brought into place in March 2014 following a 2008 privacy review by the Australian Law Reform Commission (ALRC). The ALRC review was conducted in a world where many of the digital innovations we now take for granted were not even contemplated. As such, many of the current APPs can struggle to adapt in a digital context.
The Privacy Commissioner has recognised this limitation and has released a number of guides dealing with interpreting privacy obligations in an online world. These include a guide for app developers to incorporate privacy practices effectively into their products and services as well as data breach response guidelines.
About the Author
Dudley Kneller, Partner
Dudley Kneller is a technology lawyer with a speciality in cyber risk and strategic sourcing and supply projects. He has more than 18 years experience practising across Australia, Europeand the UK, and has worked on projects based in a range of countries, including the Philippines, India, Russia and throughout South America.
Dudley is listed as one of a group of leading Technology, Media, Telecoms Lawyers for Melbourne in Doyle's Guide for 2015.