Reading time: 5 minutes

Some estimates predict that by the year 2020, over 26 billion electronic devices all over the world will be able to connect to the internet. While the statistic no doubt excites technology aficionados, the products and services that comprise the ‘Internet of Things‘ could significantly affect our privacy. Privacy requirements are a major issue for commercial entities whose business is part of the Internet of Things. This article discusses the recent report, what it means for these businesses and how they can meet their privacy obligations.

Global Privacy Enforcement Network Report

The Global Privacy Enforcement Network has (GPEN) recently released the results of its global sweep of products and services making up the Internet of Things, some of which are used daily by Australians. GPEN is an organisation made up of 26 national privacy enforcement authorities. These enforcement authorities, including the Australian Privacy Commissioner, scrutinised the privacy policies of over 300 businesses around the world. Australians use the devices and services of approximately 45 of these entities regularly. The Australian Report revealed some concerning statistics:

  • 71% did not explain properly how they stored information (no privacy policy);
  • 69% did not adequately explain how consumers could delete their information off the device; 
  • 38% did not include easily identifiable contact details in cases where a customer had a privacy concern; and
  • 91% did not advise a customer to customise their privacy settings.

Also, the Australian businesses assessed in the sweep did not typically inform customers about how the organisations managed their information. Over 50% did not adequately explain how they collected, used and disclosed data.

In response to these findings, the Australian Privacy Commissioner reminded Australians that while the Internet of Things provides some great products and convenience, consumers should not integrate the technology into their lives before considering whether they are comfortable with how their personal data is collected and managed. The Commissioner recommended all consumers check the business’ privacy policy before using any device.

This report and the Commissioner’s words are a timely reminder to all businesses who fall under the Australian Privacy Principles that they are obliged to have a clearly expressed and up-to-date privacy policy. Even if an entity does not formally have to comply with the APP, it is best practice for them to ensure that consumers know how a particular business handles their data. This can increase confidence and trust on the part of customers.

Australian Privacy Principles

The Australian Privacy Principles (APP) are located in Schedule 1 of the Privacy Act 1988 (Cth) (The Act). A business must comply with the APP if they are an APP entity under the Act. APP 1 requires all APP entities to manage their personal information openly and transparently. They must put in place practices, procedures and systems relating to their activities that ensure the business complies with the APP (and any relevant APP Code) and can deal with customer queries and complaints about their compliance with an APP or relevant Code. APP 1.3 mandates that all APP entities have a clearly expressed and up-to-date privacy policy which lets consumers know about that business’ management of personal information. Under the Act, personal information refers to information or an opinion about an identified individual or a person reasonably identifiable irrespective of whether it is true or not or whether it is recorded in a material form or not.

At a minimum, a privacy policy must include information about the type of personal information an entity collects and retains and include how it collects and holds that data. It must specify the purposes for which the entity collects, holds, uses and discloses personal information as well as how a person can access retained information about themselves and correct it. The policy should also detail how a person can complain about a breach of the APP or a registered APP Code applicable to the entity and how the entity will manage that complaint. If a business is likely to disclose personal information to an overseas recipient, their policy must set out how this information and data will be managed.

The entity must by law take all reasonable steps in the circumstances to ensure that its policy is available at no cost and in an appropriate form. Making a policy available on an business’s website is a common means of assuring that consumers can access it. 

Key Takeaways

The recent survey of devices and services that make up the Internet of Things reveals that many businesses in the area do not provide a privacy policy correct under the prescribed form. It serves as a reminder that all entities covered by the Australian Privacy Principles must have an up-to-date and clearly expressed privacy policy. The consequences of non-compliance with privacy requirements can not only result in action from governing bodies but also leaves businesses vulnerable to privacy breaches and litigation. If you’d like to speak with a lawyer about your business’s privacy obligations, get in touch with LegalVision today. Questions? Call us on 1300 544 755 or fill out the form on this page.

Webinars

The COVID-19 Vaccine Rollout: Considerations for Employers

Thursday 22 April | 11:00 - 11:45am

Online
Are you a business owner or employer? Attend this webinar to learn about what you need to know about the COVID-19 vaccine rollout.
Register Now

How to Recover Unpaid Invoices

Thursday 13 May | 11:00 - 11:45am

Online
What do you do if your customers don't pay your invoices? Attend this webinar to learn about how to recover unpaid invoices.
Register Now

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.

The majority of our clients are LVConnect members. By becoming a member, you can stay ahead of legal issues while staying on top of costs. From just $119 per week, get all your contracts sorted, trade marks registered and questions answered by experienced business lawyers.

Learn more about LVConnect

Need Legal Help? Get a Free Fixed-Fee Quote

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • 2020 Excellence in Technology & Innovation – Finalist – Australasian Law Awards 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice – Winner – Australasian Lawyer 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Fastest Growing Law Firm - Financial Times APAC 500 2020 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review 2020 AFR Fast 100 List - Australian Financial Review
  • 2020 Law Firm of the Year Finalist - Australasian Law Awards 2020 Law Firm of the Year Finalist - Australasian Law Awards
  • Most Innovative Law Firm - 2019 Australasian Lawyer 2019 Most Innovative Firm - Australasian Lawyer