Salinger Privacy Director and Principal Anna Johnston, CIPP/E, CIPM, FIP, explored case studies from the Office of the Australian Information Commissioner showing how the regulator decides whether a complaint involves personal information as defined by the Privacy Act 1988. "The point of this legal definition is that if no individual is identifiable from a set of data, then the privacy principles — the backbone of an organisation’s legal obligations — simply won’t apply," Johnston said, using cases involving facial recognition claims against 7-Eleven, Clearview AI and the Australian Federal Police.
21 April 2022
A look at OAIC's personal data determinations
Related stories
The increasing need to address digital governance
Notes from the IAPP Canada: Consultation period on CBPR implementation ends 30 June
CPPA Board tees up new consultation on draft ADMT, cybersecurity audit, risk assessment regulations
Ireland's DPC finalizes TikTok decision with potential data transfer ban
A view from DC: Colorado considers re-forging AI guardrails
