Google and Meta have weighed in on the current review of Australia’s privacy law with arguments for the benefits of ad-supported apps and cloud services, in a bid to loosen data collection rules and to exclude location data from the category of protected “sensitive” data. . The Privacy Act 1988, Australia’s main privacy law, has been under review since 2020 as lawmakers seek to modernize it.
Meta’s submission to the review gathered statistics and survey results that ranged between small business benefits and consumer preferences, while Google focused more specifically on excluding location data not specific to the category of sensitive data.
Tech companies seek to put their stamp on Australia’s privacy law update
Meta opened his statement by praising the federal government’s review of Australia’s outdated privacy law, which in some cases applies pre-internet terms and views to an internet-connected world, and stating that he agrees with stricter protections for consumers. However, the company clearly has a very distinct take on what those protections should look like.
As he did when he publicly opposed Apple’s recent privacy changes on devices, Meta invoked the needs of small businesses. But in this case, it focused more on free ad-supported services that display ads rather than businesses that buy targeted ads.
One of his points of contention was a proposed “right to object” to the use of personal data, which would allow Australian consumers to essentially opt out of any on-demand marketing service. Meta argued that this would hamper ad-supported business models, essentially forcing these services out of business if they are required to continue operating without a source of revenue. It seeks to obtain protected access to information “necessary to provide the service”, which would include personal data collected in the case of advertising-supported applications and websites.
Meta also called for the definition of “personal data” to be refined to include only data that could reasonably be expected to identify a real person, and suggested that the targeted advertising industry in line receives unfair attention when the Office of the Australian Information Commissioner (OAIC) reports similar, if not greater, amounts of privacy complaints in other sectors (e.g. finance and retail business).
Finally, the company cited a survey showing that a majority of Australians prefer to “pay” for online services with personal data rather than cash. However, the question has been framed in terms of the absolute: a theoretical Internet where either everything costs money to access it or the services are supported by advertisements.
Google took a different approach with its submission, focusing on the technical specifics. The focus was on location data. Google argued that more general location data, for example a “suburb or postcode”, but not a specific block or address, should not be considered special protected information under Australian privacy law. confidentiality.
Submissions to the Australian privacy law review were made public on the Attorney General’s website in late February, in cases where the author has given permission for their letters to be published. 199 organizations filed public responses, including the Australian Association of National Advertisers, Telstra, Australian Banking Association, Microsoft, Snap and Amazon Web Services.
Australia’s privacy law being reviewed in a series of slow steps
The Privacy Act review is tied to the development of the Online Privacy Protection Bill, introduced in late 2021 and focused on what are sometimes referred to as ‘gatekeeper’ companies : large social media platforms and online services with at least 2.5 million annual users. It is also aimed at data brokers in the targeted advertising space, adding new rules and rather strict data protection obligations in addition to guaranteeing the right of data subjects to opt out and to have access to their personal information collected. .
The whole process began in late 2019 with the Australian Competition and Consumer Commission’s digital platforms inquiry report, with foreseeable delays attributed to the Covid-19 pandemic. It’s still unclear what Australia’s privacy law will ultimately look like, with the Privacy Act Review and Online Privacy Bill developing alongside it. Lawmakers have expressed a desire to bring national legislation into relative parity with the EU’s General Data Protection Regulation, but this will require significant revision as the two bills are currently far apart in a number of areas. Current Australian law has no concept of data processors or controllers, clear demonstration of user consent or rights to certain things such as data portability and access to stored data.
In addition to the demands listed by Meta and Google in their submissions, there has been some controversy over other aspects of the bill and how Australian privacy law should ultimately tilt. Privacy advocates want the definition of personal information to be broadened, covering not only expected sensitive categories of first-hand information, but also items related to a person in such a way that they could make a person individually identifiable. . Calls have also been made for a right to “prompt review” of complaints by the OAIC (a required first step before legal action can be taken) and an end to data privacy exemptions for registered political parties.