Protection of Privacy on the Social Networking Websites in Australia - Research Paper Example

Law and the Internet: Protection of Privacy on the Social Networking Websites in Australia Student’s Name: Instructor’s Name: Course Code and Name: University: Date of Submission: Law and the Internet: Protection of Privacy on the Social Networking Websites in Australia Introduction From the outset, this paper’s thesis is to the effect that the Australian privacy laws do not securely protect individual privacy concerning the personal information that is available onto the internet’s social networking websites. This, as will be illustrated herein later is as a result of the fact that relevant Federal legislation, Commonwealth Privacy Act (Cth) of 1988, does not make for the tortuous liability from breaches arising from unauthorized access to personal information. Breaches relating to personal information, no doubt, infringe upon an individual’s privacy. Privacy refers to the condition or the state where an individual is free from any unnecessary public attention or freedom from any intrusions into or any interference with one’s decisions or acts, as the case may be.1 One of the world’s greatest challenges today is the concept of globalization. Globalization is a nominalization of the word global which in its basic understanding connotes the spread of concepts and ideas across the globe. This has contributed towards making the world to be a small place that has variously been described as “the global village,” which phrase illustrates and emphasizes of just how much things are interconnected with each other across the entire breadth of the globe.2 In its lexical meaning however, globalization is understood as the process that makes a certain thing, such as business activities, operate in several countries across continents.3 In its broadest context however, the media uses the term globalization to refer to a variety of changes within the political, sociological, economic and environmental trends within the world.4 However, the term is used in its narrower sense within the business context to mean the process of production, distribution as well as the marketing of the world’s goods and services at the international level so that there is an enhanced level of trade between all the corners of the globe.5 It is acknowledged that globalization is caused by three main factors.6 The same are outlined as including, firstly, a drop in trade and investment barriers in the period subsequent to the Second World War. Secondly, the phenomenon also has been enhanced by the high growth as well as the increase within the size of the world’s developing countries economies. Lastly, and more importantly for this research paper, is the rapid transition in the world’s technological growth and know-how.7 One of the aspects of technological development that the world has undergone remains within the information and communication technology, ICT. This has greatly contributed to the enhanced level of globalization since people are able to easily communicate with each other. Consequently, people are able to transact with each other. Among the major aspects of ICT development that the world has witnessed is the concept of the internet. The internet is a computer system which enables a community of computer users around the world to exchange information.8 One of the latest entrants within the internet technological advancement is the concept of social networking websites, herein-later SNWs. An SNW refers to an internet based service that allows the community of computer users to share any information that is of common interests as well as experiences.9 Most internet users find themselves hooked to the internet because it saves its users the trouble of having to interact directly. Both the internet and the SNW usage have radically redefined the manner in which personal information is collated, kept and transferred through dissemination within this particular age. This is because any kind of information once posted onto the internet, the same becomes public hence becomes accessible to all and sundry who may choose to access the same. This ease of access of personal information within the internet, while being beneficial for improved access to information, has nonetheless raised highly legitimate concerns about personal privacy within the society.10 Within the general context, there are different problems that are likely to arise concerning information uploaded onto the internet, especially within the SNWs. Firstly, there is a real likelihood that the information can be taken out of context by any other person who may access the said information once it is uploaded onto the internet.11 Secondly, there is equally the inherent danger that some people may post other people’s personal information on the internet without permission. The last danger with regard to the internet concerns circumstances when people willfully upload their own personal information on the internet.12 In each of these circumstances, the end result is that personal information gets onto the internet with the daunting likelihood that the same information, being public, risks being accessed and used by other people who may not be well meaning. On a specific level however, online security analysts have synchronized the security threats that personal information have on SNWs into four categories.13 The four security concern is what is described as the sites’ operation’s security, otherwise abbreviated as OPSEC. This warns users of the danger of the fact that any information that they may post onto the internet automatically becomes public hence making the same vulnerable to unnecessary public intrusion.14 The second security threat is known as the Cross-Site Scripting, abbreviated as XSS. This involves an attack using code injecting usually by use of a browser-side script. The third problem posed by the SNWs is that of impersonation whereby bogus people may impersonate the legitimate site owners hence posing security and privacy concerns to everyone. The last kind of privacy concern with regard to personal information on the SNWs is the likelihood of accessing malicious content from the networks.15 Given the security and privacy concerns with regard to personal information on the SNWs, a number of governments have put in place measures to help mitigate the challenges that relate thereto. One such country that was able to foresee the danger long before most of its compatriots on this matter was Australia. This paper therefore turns its attention into the Australia’s legal framework that governs privacy of personal information over the internet. Australia’s Common Law and Statutory Protection of Privacy Like most other jurisdictions the world over, Australia has put into place a legal framework to address the various concerns regarding the privacy of personal information available on the social networking sites. The said legal framework encompasses a blend of both the statutory enactments together with the Common Law. The paper shall proceed by first considering the statutory framework that covers privacy to information within the internet in Australia. The legal framework that regulates on privacy of information within Australia, like the rest of the Australia’s legal framework consists of three tiers. The three levels through which the country’s legal framework exists include the federal level (Commonwealth), state level and lastly the territorial level. At the federal level, the relevant legislative framework that governs the country’s privacy matters is the Commonwealth Privacy Act (Cth). Among the different states, most of them also have their individual legislations whose provisions serve to complement those of the Federal Commonwealth Privacy Act (Cth). Among the states that have their respective legislations include New South Wales with the Privacy and Personal Information Protection Act of 1988, New Territory with Information Act of 2002, Queensland with Information Privacy Act of 2009, Tasmania with the Personal Information and Protection Act of 2004 and Victoria with Information Privacy Act of 2000. For the sake of uniformity, this paper shall confine itself to the Commonwealth Privacy Act (Cth) which governs the entire Australia. The Commonwealth Privacy Act, at Division 2 of Part III, elaborately lays down principles concerning the privacy of information. It identifies, and outlines eleven principles that govern information privacy within Australia. Sequentially, the principles include firstly, the regulation of the manner and purpose in which any personal information. The second principle governs the solicitation of personal information form individuals concerned while the third principle regulates the process of solicitation of information generally. The fourth principle regulates the storage and security of personal information while the fifth principle concerns itself with the information relating to information kept by a record keeper. The next principle relates to access to records containing personal information, while the seventh one concerns itself with the alteration of records containing personal information.16 The eighth principle obligates the record-keeper to verify the accuracy of any personal information before using the same with the ninth one requiring the sparing use of personal information, at least when it is really for relevant purposes. The tenth principle limits the use of personal information, while the last principle limits the disclosure of personal information. While each of these principles remains very crucial concerning matters that relate to privacy, there is no doubt that with respect to SNWs, the fourth principle remains the starting point. This principle obligates people who have in their possession or control any personal information, must ensure that they put in place reasonable adequate security so as to check against the loss, unauthorized access of the information, the use, modification of the information, disclosure of such information, and against any other misuse of the information. The language of this particular provision is large enough so as to protect literally every kind of personal information that may be held by any other third party. For instance, with regard to information storage within the internet and the SNWs, the Internet Service Providers, ISPs, must ensure that all personal information in their custody is secured as against any losses, any unauthorized access of the information, any kind of use, modification, disclosure to third parties and any other kind of misuse. As was pointed out above, some of the most common infringements concerning privacy of personal information involve the offences that have been provided against by the fourth principle. Consequently, by the operation of Division 1 of Part III, the outlined acts of infringement on personal information become criminal acts which are punishable per the terms of the Act. Another principle that strikingly stands out and should be very handy in ensuring there is adequate protection of private personal information within the internet and other SNWs is the tenth principle which limits the use of personal information by any record keeper. Primarily, it predicates any record-keeper who intends to use any personal information within their custody upon the consent of the owner of the information. The other circumstances when the Act permits a record-keeper to use the personal information of any third party are when the same is permitted by law, or if the record keeper reasonably believes that the use of the information is necessary for any humanitarian reasons or if the use of the information is consistent with the purpose for which the information had been procured in the first place. This principle places a very high standard of care upon all persons who have within their custody, any personal information. Primordially, SNW record-keepers are required to ensure that any information within their control is secure as against unauthorized access by illegitimate third parties who may access the same through such unorthodox means like hacking. Conversely, the same requires of the record-keepers to put into place very up to date records which may enable them to keep tabs upon their clients so as to ensure they meet the requisite threshold with regard to security of the personal information contained within their websites. Having considered some of the poignant statutory provisions which ensue from the Commonwealth Privacy Act of 1988, the paper now shifts a little bit to explore the position of the Common Law with respect to the protection of an individual’s right to privacy, especially within the SNWs. The general legal position within the Australian system is that the courts have set precedents which make persons whose rights are breached entitled to damages for the offence. In order to illustrate this position, this paper shall consider two court decisions. These are, firstly, Grosse v Purvis17 and Giller v Procopets.18 The former decision was a case that came in the courts at the Australian territory of the State of Queensland. The defendant had been sued for persistently stalking the plaintiff. The court, while finding in favour of the plaintiff, held that the act of stalking not only offends against the criminal law, but also violates the victim’s right to privacy. Upon this reasoning, the judge awarded to the plaintiff damages amounting to Aus$ 178,000 for the violation of the victim’s right to privacy. Although this ruling was a trailblazer as it seemed to suggest that an individual could pursue the right to privacy as an independent tortuous claim, it however remains somewhat obscure within the hierarchy of judicial authorities since it was delivered by the state’s District Court.19 Given the lowly nature of the court that delivered the ruling within the Australian judicial hierarchy, it therefore means its verdict cannot be invoked on the basis of the Common Law principle of precedent to influence higher courts in the course of their judgments. The decision in the case of Grosse v Purvis can only be contrasted with that in Giller v Procopets. In this case, the defendant male partner had been secretly videoing their love escapades with the plaintiff. The defendant then availed the videos to other third parties. In a suit by the plaintiff as against the defendant, one crucial statement that the court made was to the effect that the Australian legal system had not by then recognized breaches to privacy as being tortuous.20 However, the court was able to get around this position to find for the plaintiff, at least on the basis of trespass. The court then awarded the plaintiff aggravated compensatory damages which amounted to Aus$ 50,000. According to the court, this award was to ameliorate for the hurt feelings of the plaintiff, the plaintiff’s humiliation as well as an affront to their dignity which had been aggravated during the trespass. This decision is particularly important in two respects. Firstly, is because of the fact that it was a decision of a higher court within the hierarchy of the Australian judicial system, and secondly, is because of the fact that it was delivered later than Giller v Procopets. Consequently, without any contrary court decisions, it closely represents the Australian Common Law position with regard to the protection of an individual’s privacy. Conclusion To conclude this discussion, it imperative that the paper reviews the tasks it had set out to illustrate. Primarily, it had sought to illustrate the fact that the legal basis upon which the protection of privacy in Australia founds is both statutory as well as Common Law. The federal statute that is responsible for this is the Commonwealth privacy Act of 1988. The law sets out, very explicitly, an individual’s right to privacy of their information as well the obligations that the record keeper has regarding the personal information of third parties within their custody. Regarding common law, it has been established through the case of Giller v Procopets. This case has unequivocally restated that the breach of any right to privacy cannot constitute any tortuous actions within the Australian law. Instead, an aggrieved person may only succeed where they can be able to illustrate that the breach of their privacy constituted the tort of trespass to their person as well. This make privacy a wrong with a very high threshold needed for it to be proved. As a result, its commission by any defendant becomes hard to prove as the same needs to be accompanied by proof of trespass. The corollary is that people are left so exposed for as long as the breaches of the right to privacy remain not to be tortuous. This therefore calls for the enactment of legislation to make breaches to the right to privacy tortuous. Bibliography Articles/Books and Reports Alan Davidson, Privacy reforms: technological considerations in the age of the internet (2008) 10 (9) Internet Law Bulletin 110 Bullon, Stephen (ed). Longman Dictionary of Contemporary English. New Edition. London: Pearson Education Limited (2003) 686 Final Report (Australian Law Reform Commission 108, 2008) Volume 3, pages 2534-2586 Garner, Bryan A. Black’s Law Dictionary. 8th Edition. St. Paul Minnesota: Thompson West (2004) 1233 Information Assurance Directorate, Social Networking Sites. Available at http://www.hss.doe.gov/secop/documents/Social_Networking_Sites_and_Security.pdf Interagency OPSEC Support Staff, OPSEC and Social Networking. Available at http://www.internetsafetyawards.org/pdfs/opsec.sn.pdf Lisa Egan, Challenges to the regulation of privacy in the online environment (2006) 9 (1)Internet Law Bulletin National Security Agency, United States of America, Systems and Network Analysis Center Review of Privacy Act 1988, For Your Information: Australian Privacy Law and Practice, Final Report (Australian Law Reform Commission 108, 2008) Volume 1, pages 387-415 Review of Privacy Act 1988, For Your Information: Australian Privacy Law and Practice, Review of Privacy Act 1988, For Your Information: Australian Privacy Law and Practice, Final Report (Australian Law Reform Commission 108, 2008) Volume 1, pages 387-415 Review of Privacy Act 1988, For Your Information: Australian Privacy Law and Practice, Final Report (Australian Law Reform Commission 108, 2008) Volume 3, pages 2534– 2586 Robert K. Schaeffer. Understanding Globalization. Lanham, MD: Rowman & Littlefield Publishers, Inc., (1997) 1. Available at http://www.trenton.k12.nj.us/technology/profiles/tchs/Projects/Harvey/BoundReport-md.doc The National Security Agency, United States of America, Systems and Network Analysis Center Information Assurance Directorate, Social Networking Sites. Available at http://www.hss.doe.gov/secop/documents/Social_Networking_Sites_and_Security.pdf Case Law Giller v Procopets [2004] VSC 113 at paras [417-483] or at http://www.austlii.edu.au/au/cases/vic/VSC/2004/113.html Grosse v Purvis [2003] QDC 15) Statutes Commonwealth Privacy Act, 1988 Information Act of 2002 Information Privacy Act of 2000. Information Privacy Act of 2009 Personal Information and Protection Act of 2004 Privacy Act, 1988 (Cth) Privacy and Personal Information Protection Act, 1988 Other Sources None Read More