Hello privacy pros,

Here in Australia, Melbourne is coming out of its fifth strict lockdown after a resurgence of the delta variant of the coronavirus, and Sydney remains in lockdown with an even greater outbreak. Wherever this note finds you, I hope you are staying safe.

ZDNet reports the Office of the Australian Information Commissioner issued a determination that Uber interfered with the privacy of more than 1 million Australians in 2016 when it failed to comply with various requirements of Australia's Privacy Act. The investigation came as a result of a significant breach of Uber's systems by hackers in 2016, compromising customer and driver data. The OAIC concluded Uber had not implemented appropriate practices, procedures and systems necessary for privacy compliance. More specifically, it failed to take appropriate steps to secure personal information and delete or deidentify it once Uber had no further justification for its retention. The OAIC ordered Uber to undertake an independent review of its practices and uplift its information security program, some of which it has already started.

This week, Hong Kong's legislature kicked off discussions of anti-doxing legislation. Doxing is the act of publicly releasing private or personal information about an individual or organization — often an individual's home address or contact details to invite harassment. The move raises concerns that the breadth of the contemplated legislation and the powers it grants government could be used to further stifle pro-democracy dissent. Some technology companies, including Google, Facebook and Twitter have warned the law may cause the organizations to stop offering services in Hong Kong.

Elsewhere across the region, India's DNA Technology Regulation Bill is expected to pass in August, raising concerns that a central database of DNA samples from victims and those accused of crimes may violate privacy and other human rights, especially among minority groups. Asia Policy Counsel for Access Now, a digital rights group, Raman Jit Singh Chima noted that as useful as DNA may be, it "needs a regulatory backstop that India does not have. The DNA Tech bill should not come before the Personal Data Protection Bill." For further reading on DNA databases and a comparison with developments in Europe, take a look at Olivier Tuazon's June 2021 article, "Universal forensic DNA databases: acceptable or illegal under the European Court of Human Rights regime?"

Whether you are in lockdown or free to roam the real world (masked or unmasked), it's always great to stay connected with other privacy professionals. The IAPP helps make this happen through its regular KnowledgeNet meetings and I encourage you to check out one of the upcoming virtual sessions below:

Stay safe until next time!