Reading time: 5 minutes

Some estimates predict that by the year 2020, over 26 billion electronic devices all over the world will be able to connect to the internet. While the statistic no doubt excites technology aficionados, the products and services that comprise the ‘Internet of Things‘ could significantly affect our privacy. Privacy requirements are a major issue for commercial entities whose business is part of the Internet of Things. This article discusses the recent report, what it means for these businesses and how they can meet their privacy obligations.

Global Privacy Enforcement Network Report

The Global Privacy Enforcement Network has (GPEN) recently released the results of its global sweep of products and services making up the Internet of Things, some of which are used daily by Australians. GPEN is an organisation made up of 26 national privacy enforcement authorities. These enforcement authorities, including the Australian Privacy Commissioner, scrutinised the privacy policies of over 300 businesses around the world. Australians use the devices and services of approximately 45 of these entities regularly. The Australian Report revealed some concerning statistics:

  • 71% did not explain properly how they stored information (no privacy policy);
  • 69% did not adequately explain how consumers could delete their information off the device; 
  • 38% did not include easily identifiable contact details in cases where a customer had a privacy concern; and
  • 91% did not advise a customer to customise their privacy settings.

Also, the Australian businesses assessed in the sweep did not typically inform customers about how the organisations managed their information. Over 50% did not adequately explain how they collected, used and disclosed data.

In response to these findings, the Australian Privacy Commissioner reminded Australians that while the Internet of Things provides some great products and convenience, consumers should not integrate the technology into their lives before considering whether they are comfortable with how their personal data is collected and managed. The Commissioner recommended all consumers check the business’ privacy policy before using any device.

This report and the Commissioner’s words are a timely reminder to all businesses who fall under the Australian Privacy Principles that they are obliged to have a clearly expressed and up-to-date privacy policy. Even if an entity does not formally have to comply with the APP, it is best practice for them to ensure that consumers know how a particular business handles their data. This can increase confidence and trust on the part of customers.

Australian Privacy Principles

The Australian Privacy Principles (APP) are located in Schedule 1 of the Privacy Act 1988 (Cth) (The Act). A business must comply with the APP if they are an APP entity under the Act. APP 1 requires all APP entities to manage their personal information openly and transparently. They must put in place practices, procedures and systems relating to their activities that ensure the business complies with the APP (and any relevant APP Code) and can deal with customer queries and complaints about their compliance with an APP or relevant Code. APP 1.3 mandates that all APP entities have a clearly expressed and up-to-date privacy policy which lets consumers know about that business’ management of personal information. Under the Act, personal information refers to information or an opinion about an identified individual or a person reasonably identifiable irrespective of whether it is true or not or whether it is recorded in a material form or not.

At a minimum, a privacy policy must include information about the type of personal information an entity collects and retains and include how it collects and holds that data. It must specify the purposes for which the entity collects, holds, uses and discloses personal information as well as how a person can access retained information about themselves and correct it. The policy should also detail how a person can complain about a breach of the APP or a registered APP Code applicable to the entity and how the entity will manage that complaint. If a business is likely to disclose personal information to an overseas recipient, their policy must set out how this information and data will be managed.

The entity must by law take all reasonable steps in the circumstances to ensure that its policy is available at no cost and in an appropriate form. Making a policy available on an business’s website is a common means of assuring that consumers can access it. 

Key Takeaways

The recent survey of devices and services that make up the Internet of Things reveals that many businesses in the area do not provide a privacy policy correct under the prescribed form. It serves as a reminder that all entities covered by the Australian Privacy Principles must have an up-to-date and clearly expressed privacy policy. The consequences of non-compliance with privacy requirements can not only result in action from governing bodies but also leaves businesses vulnerable to privacy breaches and litigation. If you’d like to speak with a lawyer about your business’s privacy obligations, get in touch with LegalVision today. Questions? Call us on 1300 544 755 or fill out the form on this page.


Day in Court: What Happens When Your Business Goes to Court

Thursday 2 June | 11:00 - 11:45am

If your business is going to court, then you need to understand the process. Our free webinar will explain.
Register Now

How to Manage a Construction Dispute

Thursday 9 June | 11:00 - 11:45am

Protect your construction firm from disputes. To understand how, join our free webinar.
Register Now

Startup Financing: Venture Debt 101

Thursday 23 June | 11:00 - 11:45am

Learn how venture debt can help take your startup to the next level. Register for our free webinar today.
Register Now

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2022 Law Firm of the Year Winner 2022 Law Firm of the Year - Australasian Law Awards