Client Resources | Advice Library | 1300 334 566 |

Internet of Things (“IOT”) and privacy

Wednesday, March 20, 2019

The “Internet of Things” is a new term coined colloquially which refers to the gradual expansion of the internet and the interconnectivity of everything we come in contact with in our lives; from smartphones to smarthomes and eventually smartcities.


Technology really is amazing. Recently we have seen computer technology make its way into everyday items such as phones, televisions, dishwashers, lights, alarm clocks, cars, pacemakers, worn health monitors like FitBit, doorknobs and many more.


Most of this technology works by collecting and transmit data elsewhere. For example, your smartphone listens to your conversations thereby collecting personal information, which is transmitted online to a server which uses the data collected about you to target advertisements which are tailored to you.


Twenty years ago this might have sounded like a conspiracy theory, now it’s nothing new. We as a society have consented to this gradual ‘Internet of Things’ either by our acquiescence or every time we click the “I have read the terms and conditions” box without actually reading them.


Still, the collection, storage and use of personal information does raise some interesting questions about our privacy laws and whether they are equipped to handle the rapid rate of technology’s incursion into our everyday lives.


Data from FitBits, pacemakers and an Amazon Echo have been used in both civil and criminal cases in the U.S.


Privacy laws


There are two main sources of privacy law in Australia.


The first is the Privacy Act 1988. The Commonwealth Government’s Office of the Australian Information Commissioner looks after the administration of that Act as well as complaints regarding alleged breaches of the Act. The Privacy Act contains a list of Australian Privacy Principles (APPs) which Government agencies, all private sector and not-for-profit organisations with turnover greater than $3million per annum, all health service providers and some small businesses must comply with.


The second source of privacy law in Australia is the common law. The common law is a combination of the previous (and binding) decisions of Judges in previous cases. The common law has developed across hundreds of years and was inherited from the English legal system. While this article isn’t long enough to provide a summary of all of the case law regarding privacy, in short, a person or organisation which comes into contact with confidential information must not use or disseminate it. This is especially so in the case of trade secrets and ‘business know-how’. The common law is also, in an indirect sense responsible for the development of privacy policies wherein businesses seek to explain their protocols for collecting and using confidential information about their customers.


At present, express terms in a privacy policy or terms and conditions are sufficient to trump many of the Australian Privacy Principles. The way many privacy policies and terms and conditions are written means that people should expect their personal information to be not only collected and stored (anywhere in the world) but also used in virtually any way the author of the terms and conditions sees fit. The only legal protection consumers have against such collection is to choose not to agree to the terms and conditions authorising same. The practical reality however is that some organisations willingly collect, store and use confidential information without first obtaining the person’s consent. The law has not developed an appropriate legal or regulatory mechanism for stopping this behavior and none has been foreshadowed in Australia.


For now, the ingress of the internet into everyday things will continue and the privacy laws will, absent legislative intervention, become increasingly obsolete and lag behind in the digital age.


If you have a question in relation to a privacy matter, please feel free to contact us.