Salinger Privacy Director and Principal Anna Johnston, CIPP/E, CIPM, FIP, explored case studies from the Office of the Australian Information Commissioner showing how the regulator decides whether a complaint involves personal information as defined by the Privacy Act 1988. "The point of this legal definition is that if no individual is identifiable from a set of data, then the privacy principles — the backbone of an organisation’s legal obligations — simply won’t apply," Johnston said, using cases involving facial recognition claims against 7-Eleven, Clearview AI and the Australian Federal Police.
21 April 2022
A look at OAIC's personal data determinations
Related stories
A view from Brussels: Putting AI to the test on EU privacy, data protection developments
Why organizations should prioritize employee data protection to combat spear phishing
Notes from the Asia-Pacific region: Santa's on his way, bringing guidance from Singapore's PDPC, adoption of Vietnam's Data Law and more
EDPB weighs in on key questions on personal data in AI models
New tools aim to improve data activity monitoring, compliance efficiency
