This week there are a couple of topics I wanted to draw attention to for our APAC readers.
The Mozilla Foundation's "Privacy Not Included — Buyers Guide" seeks to help consumers and the public make smart and safe choices when it comes to internet-connected products. The 6 Sept. published "It's Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy" was a fascinating and somewhat chilling lens into the car industry's failings when it comes to respecting and protecting customers' privacy. Of the 25 car manufacturers examined, all failed, and therefore, earned Mozilla's "*Privacy Not Included warning label."
All 25 brands collected more personal information than necessary and used this information for purposes other than to operate your vehicle or to manage their relationship with you. Given the highly connected and integrated nature of car systems today, including being connected to owners' mobile devices, personal networks and apps, the amount of data and personal information being accessed is more than in almost any other product case.
The research found 84% of brands were also sharing or selling customers' personal data to third-party affiliates, data brokers and other businesses without their explicit knowledge. In addition, 56% were sharing the data with government and law enforcement agencies in response to requests.
The research also found none of the brands operating in this region provided consumers with any rights to control their own personal data, including no right to delete their data. The only brand that did offer such a right only sells vehicles in Europe, and therefore, is subject to more robust obligations under the EU General Data Protection Regulation.
All the brands examined failed to demonstrate robust security platforms, including failure to encrypt customers' personal information, and in 67% of cases there had been a direct or indirect (via a third party) data breach or hack.
The report educates readers who hadn't considered the privacy aspects of their daily commute. It also helps us reflect on why the current round of Australian privacy law reform is an opportunity to give some power back to ordinary Australians and restore their rights and ability to protect and manage their personal information.
Turning now to some breaking news, in recent days the e-safety commissioner issued a formal warning to Google after the company failed to adequately respond to a February notice seeking information on its measures to tackle the proliferation of child sexual exploitation, sexual extortion and the live streaming of child sexual abuse. The commissioner also issued an infringement notice against X, formerly known as Twitter, for failing to respond to its February notice, which came with a fine of AUD610,500. The platform has 28 days to respond and the commissioner maintains the ability to take further action in the future.
I'll close with a reflection on the failure of the referendum this past weekend in Australia, which was an opportunity for Australians to enshrine a first nations voice to the Parliament into the constitution. While it was a devastating and disappointing result for many, and for me personally, I hope that we all as a community of privacy professionals are able to recognize the opportunity we have to welcome and encourage first nations voices in our own privacy discourse. Both the Australian and New Zealand first nations communities have a lot they can share and teach others, and I believe, through this we will be a better profession and a better society as a whole.