Reading time: 5 minutes

Some estimates predict that by the year 2020, over 26 billion electronic devices all over the world will be able to connect to the internet. While the statistic no doubt excites technology aficionados, the products and services that comprise the ‘Internet of Things‘ could significantly affect our privacy. Privacy requirements are a major issue for commercial entities whose business is part of the Internet of Things. This article discusses the recent report, what it means for these businesses and how they can meet their privacy obligations.

Global Privacy Enforcement Network Report

The Global Privacy Enforcement Network has (GPEN) recently released the results of its global sweep of products and services making up the Internet of Things, some of which are used daily by Australians. GPEN is an organisation made up of 26 national privacy enforcement authorities. These enforcement authorities, including the Australian Privacy Commissioner, scrutinised the privacy policies of over 300 businesses around the world. Australians use the devices and services of approximately 45 of these entities regularly. The Australian Report revealed some concerning statistics:

  • 71% did not explain properly how they stored information (no privacy policy);
  • 69% did not adequately explain how consumers could delete their information off the device; 
  • 38% did not include easily identifiable contact details in cases where a customer had a privacy concern; and
  • 91% did not advise a customer to customise their privacy settings.

Also, the Australian businesses assessed in the sweep did not typically inform customers about how the organisations managed their information. Over 50% did not adequately explain how they collected, used and disclosed data.

In response to these findings, the Australian Privacy Commissioner reminded Australians that while the Internet of Things provides some great products and convenience, consumers should not integrate the technology into their lives before considering whether they are comfortable with how their personal data is collected and managed. The Commissioner recommended all consumers check the business’ privacy policy before using any device.

This report and the Commissioner’s words are a timely reminder to all businesses who fall under the Australian Privacy Principles that they are obliged to have a clearly expressed and up-to-date privacy policy. Even if an entity does not formally have to comply with the APP, it is best practice for them to ensure that consumers know how a particular business handles their data. This can increase confidence and trust on the part of customers.

Australian Privacy Principles

The Australian Privacy Principles (APP) are located in Schedule 1 of the Privacy Act 1988 (Cth) (The Act). A business must comply with the APP if they are an APP entity under the Act. APP 1 requires all APP entities to manage their personal information openly and transparently. They must put in place practices, procedures and systems relating to their activities that ensure the business complies with the APP (and any relevant APP Code) and can deal with customer queries and complaints about their compliance with an APP or relevant Code. APP 1.3 mandates that all APP entities have a clearly expressed and up-to-date privacy policy which lets consumers know about that business’ management of personal information. Under the Act, personal information refers to information or an opinion about an identified individual or a person reasonably identifiable irrespective of whether it is true or not or whether it is recorded in a material form or not.

At a minimum, a privacy policy must include information about the type of personal information an entity collects and retains and include how it collects and holds that data. It must specify the purposes for which the entity collects, holds, uses and discloses personal information as well as how a person can access retained information about themselves and correct it. The policy should also detail how a person can complain about a breach of the APP or a registered APP Code applicable to the entity and how the entity will manage that complaint. If a business is likely to disclose personal information to an overseas recipient, their policy must set out how this information and data will be managed.

The entity must by law take all reasonable steps in the circumstances to ensure that its policy is available at no cost and in an appropriate form. Making a policy available on an business’s website is a common means of assuring that consumers can access it. 

Key Takeaways

The recent survey of devices and services that make up the Internet of Things reveals that many businesses in the area do not provide a privacy policy correct under the prescribed form. It serves as a reminder that all entities covered by the Australian Privacy Principles must have an up-to-date and clearly expressed privacy policy. The consequences of non-compliance with privacy requirements can not only result in action from governing bodies but also leaves businesses vulnerable to privacy breaches and litigation. If you’d like to speak with a lawyer about your business’s privacy obligations, get in touch with LegalVision today. Questions? Call us on 1300 544 755 or fill out the form on this page.


Construction Contract Essentials

Thursday 12 August | 11:00 - 11:45am

Understand how construction contracts are drafted and how to protect your construction business.
Register Now

Startup 101: Understanding Cap Tables and ESOPs

Thursday 19 August | 11:00 - 11:45am

Cap tables and employee share option plans are essential for fast-growing startups. Learn more with this free webinar.
Register Now

Expanding to NZ: Structuring Your Business For Success

Thursday 26 August | 2:00 - 2:45pm

Launching a business in New Zealand? Understand how to structure your business for success with this free webinar.
Register Now

Preventing Modern Slavery: Your Business’ Legal Obligations

Thursday 9 September | 11:00 - 11:45am

Are you an Australian business with $100m+ annual consolidated revenue? Learn how to determine if you are a modern slavery reporting entity and your obligations under the legislation with this free webinar.
Register Now

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • 2020 Excellence in Technology & Innovation – Finalist – Australasian Law Awards 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice – Winner – Australasian Lawyer 2020 Employer of Choice Winner – Australasian Lawyer
  • 2021 Fastest Growing Law Firm - Financial Times APAC 500 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review 2020 AFR Fast 100 List - Australian Financial Review
  • 2021 Law Firm of the Year - Australasian Law Awards 2021 Law Firm of the Year - Australasian Law Awards
  • Most Innovative Law Firm - 2019 Australasian Lawyer 2019 Most Innovative Firm - Australasian Lawyer