Hello, privacy pros.
Looking ahead to 2021 and Australia's review of its Privacy Act, Peter Leonard, Anna Johnston and Ana Milicevic joined the MI3 podcast to discuss the potential impact for individuals and organizations. It's an open exchange among privacy experts that I found both thoughtful and thought-provoking. Additionally, Anna Johnston has published Salinger Privacy's submission in response to the Australian Attorney-General's Issues Paper on the Privacy Act review. Johnston provides a thorough assessment of the Privacy Act's deficiencies, as well as a clear vision for a regime to raise the privacy bar for all Australians.
One area of focus for the Australian Privacy Act review is the use of iconography to convey privacy information and/or warnings. If this interests you, join us for a free virtual KnowledgeNet event 14 Dec., when we'll be joined by Ian Warren, senior lecturer in criminology at Deakin University, for a discussion on the development of privacy icons for IoTs. We'll take a critical social scientific approach to both direct-to-consumer and smart-cities implementations of privacy icons for IoT and explore community attitudes and questions on notice, choice and control.
In other Australian privacy news, iTnews reports that the Office of the Australian Information Commissioner determined that travel company Flight Centre violated the Privacy Act in 2017 when it mistakenly used unredacted customer data for a "design jam." The event brought together teams to work on a hackathon-type event, and they were provided with sample data comprised of more than 6 million customer records that Flight Centre believed had been sufficiently deidentified. It was later determined that some combination of credit card numbers and passport numbers were disclosed for just under 7,000 customers. This unfortunate event is a great example of the value of using synthetic data for testing.
An article from the South China Morning Post reveals that the city of Dongguan in China has halted a plan to deploy facial recognition in toilet paper dispensers in public toilets. It's a practice intended to prevent the theft of toilet paper, which has already been deployed in other Chinese cities, including Beijing. Public outcry erupted on microblogging site Weibo after a city official posted details of how facial recognition was implemented.
AppleInsider notes that beginning 8 Dec., iOS apps in the App Store will be required to display "privacy nutrition labels" describing the categories of data collected and how those categories of data will be used. It's a step forward for transparency, but Stratechery's Ben Thompson provides a more critical assessment of the approach, analogizing it to the health nutrition labels it seeks to emulate. Thompson supports transparency but cautions against the implications of what he sees as "Apple's simultaneous appeals to analog analogies and simplistic presentation of privacy trade-offs …"
Finally, I would like to acknowledge and thank the IAPP KnowledgeNet chairs for rising far beyond the challenge in 2020 to deliver (mostly virtual) events that were engaging and beneficial to privacy professionals throughout the region.
I hope to see you all in person in 2021!