In November, Simply Privacy attended the IAPP ANZ Summit in Melbourne. Despite the rubbish weather it was a great opportunity to get up to date with what is happening in the world of privacy on both sides of the Tasman, and also to connect with other privacy professionals from across Australia and Aotearoa New Zealand.
In terms of themes, there were a number of common threads:
- Privacy is a human right – Running through many of the topics and discussions was the recognition – and a reminder – that privacy is at its heart a human right, and when it is not protected people can suffer real and serious harm.
- Bodily autonomy – Bodily autonomy was discussed in sessions on biometrics, facial recognition technology and indigenous data sovereignty. The NZ Privacy Commissioner Michael Webster referenced the work his office has been doing on genomic testing for insurance, as well as the ongoing work to develop a biometrics code of practice.
- Biometrics – Biometrics was a particularly hot topic of discussion, particularly given the extensive media coverage of the decision from the Australian Privacy Commissioner determining that Bunning’s use of in-store facial recognition was unlawful. Our Principal and Director, Daimhin Warner, moderated a panel of experts from Air NZ, Meta and the Centre for Information Policy Leadership, who discussed biometrics regulation and agreed that we needed to strike the right balance when regulating the use of biometric technology, taking care not to over-regulate in a way that could prejudice beneficial and safe uses of biometric data or under-regulate in a way that could leave individuals and communities open to harm.
- AI governance – There is no question that AI governance is a focus for privacy and other professionals in the region. Our Principal and Director, Frith Tweedie, moderated an expert panel discussing practical aspects of generative AI governance, with speakers from Air NZ, Xero and CultureAmp. A key takeaway was that privacy functions play a key role in ensuring the responsible use of generative AI, ideally working alongside others in multi-disciplinary teams.
We were also fortunate this year to hear from a number of inspirational keynote speakers.
- Australian Privacy Commissioner Carly Kind discussed the new legislation banning under 16 year olds from social media platforms in Australia. She noted the significant privacy implications involved in age verification, as well as asking whether by taking this approach Australia was ‘giving up the ghost’ and accepting that it wasn’t a viable option to instead require social media companies to make changes to the platforms to make them safe for kids.
- Author Anna Funder spoke about the link between the right to privacy and how tyrannical governments seek to control their people, referencing her excellent book Stasiland about the East German secret police and their network of civilian informants. She also drew parallels between the mass invasion of privacy brought about by social media platforms and the destabilisation of democracy around the world.
- Separate panels on Australian and New Zealand indigenous privacy perspectives provided important insights into the ways our indigenous communities are impacted by privacy issues and regulatory approaches. We heard about the important and painstaking consultation work being done by the National Centre for Indigenous Genomics to manage a historic collection of blood samples taken from Indigenous Australians in ways that gave precedence to privacy and data sovereignty while also enabling the community to make decisions about any potential benefit. The NZ panel also referenced the role of Te Tiriti in providing Māori with rights over Māori data, and spoke to the work being done by the OPC in developing a partnership with Māori. In both panels a key point was the importance of trust when it comes to processing personal information – something which takes “ten years to gain, and forty-six seconds to lose”.
- Melbourne law school lecturer Jessica Lake taught us that the concept of a legal ‘right to privacy’ did not start with the (in)famous 1890 Warren and Brandeis Harvard Law School Review article but rather arose from a series of lawsuits taken by American women in the preceding decades who were annoyed by their photographs being used without their permission for advertising (or worse – if you thought deep fake porn was a recent problem, think again).