This Week In Digital Trust

We break down the recent record fine against Meta by the Irish data protection regulator, which focuses on Meta's practice of transferring data about its EU customers to the US, where it is exposed to US spy agencies. The fine, and the legal proceedings that led to it, originate with a complaint by an Austrian man called Max Schrems. For over a decade, Schrems and his not-for-profit NOYB have pursued several privacy complaints via the courts - leading to the striking down of major international data transfer agreements. Who is this man that has had an outsized impact on international data protection arrangements? We take a look at his story. Links: Meta hit with record $1.9 billion fine over transfer of users' data to United States (ABC) https://www.abc.net.au/news/2023-05-23/meta-record-fine-facebook-data-eu-us-transfer-data/102379666 IAPP analysis of fine (IAPP) https://iapp.org/news/a/ireland-dpcs-data-transfers-decision-pragmatic-punch-or-knockout-blow/ Max Schrems response to fine (NOYB) https://noyb.eu/en/edpb-decision-facebooks-eu-us-data-transfers-stop-transfers-fine-and-repatriation Interview with Max Schrems https://www.youtube.com/watch?v=I9HhCTnRoow Article about Max Schrems (Irish Times) https://www.irishtimes.com/business/technology/max-schrems-the-man-who-took-on-facebook-and-won-1.3451485 Credits: Music by Bensound.com

This week we dissect proposals to introduce online age verification to protect kids from explicit content and other harmful effects of online platforms. There's significant momentum behind the idea, with various technologies being offered as an answer and the Australian government evaluating a roadmap from the eSafety Commissioner and also considering using digital identity as a solution. But the concept has its complications, including privacy implications, the workability of proposed technologies and potential broader effects on online participation.   Links: Govt mulls digital ID for online age verification (InnovationAus) https://www.innovationaus.com/govt-mulls-digital-id-for-online-age-verification/ Online age verification roadmap https://www.esafety.gov.au/newsroom/media-releases/esafety-provides-age-verification-roadmap-government-for-consideration The Verge article on age verification (The Verge) https://www.theverge.com/23721306/online-age-verification-privacy-laws-child-safety US Bill to protect children from social media https://www.schatz.senate.gov/news/press-releases/schatz-cotton-murphy-britt-introduce-bipartisan-legislation-to-help-protect-kids-from-harmful-impacts-of-social-media Meta uses AI to verify age on Instagram (AdNews) https://www.adnews.com.au/news/meta-uses-ai-to-verify-age-on-instagram Age verification provider Yoti responds to The Verge https://www.linkedin.com/posts/robin-tombs-6928195_online-age-verification-is-coming-and-privacy-activity-7064599256958951424-1KzX/?utm_source=share&utm_medium=member_desktop Amazon age verification for buying beer https://www.aboutamazon.com/news/retail/amazon-one-age-verification   Credits: Music by Bensound.com

It's referred to as the gold standard or high watermark of privacy regulation around the world. This week is five years since the EU's General Data Protection Regulation (GDPR) came into effect. We are joined by elevenM privacy practice lead Melanie Marks to reflect on the history and importance of the regulation and to discuss its impact and shortcomings. Links: What Is GDPR and Why Should You Care? (WIRED) https://www.wired.com/story/how-gdpr-affects-you/ GDPR success summary (European Commission) https://commission.europa.eu/law/law-topic/data-protection/eu-data-protection-rules/gdpr-fabric-success-story_en How GDPR Is Failing (WIRED) https://www.wired.co.uk/article/gdpr-2022 GDPR three-year review (IAPP) https://iapp.org/news/a/three-years-in-gdpr-highlights-privacy-in-global-landscape/ GDPR Enforcement Tracker Report (CMS) https://cms.law/en/deu/publication/gdpr-enforcement-tracker-report NOYB's more critical review of GDPR enforcement https://noyb.eu/en/five-years-gdpr-media-resources NOYB's ongoing complaint about Meta's approach to consent https://noyb.eu/en/breaking-meta-prohibited-use-personal-data-advertising Credits: Music by Bensound.com

This week we look at the Federal Government's budget commitments to privacy, cyber security and online safety. Notably, the Government has signifantly increased funding for privacy regulation for the next four years, while its funding commitments for cyber security reflect an important shift towards building broad-based economy-wide resilience.  We break down the various commitments and their likely impact.   Links: Budget documents https://budget.gov.au/content/documents.htm OAIC portfolio budget statements https://www.ag.gov.au/system/files/2023-05/2023-24-AG-PBS-OAIC.PDF eSafety funding quadruples (InnovationAus) https://www.innovationaus.com/esafety-resources-quadruples-as-national-cyber-office-funded/ OAIC welcomes additional Budget funding https://www.oaic.gov.au/newsroom/oaic-welcomes-additional-budget-funding Cyber funding reporting (The Mandarin) https://www.themandarin.com.au/219732-budget-2023-chalmers-champions-sustainable-funding-of-government-services/ Cyber Wardens program https://cyberwardens.com.au/   Credits: Music by Bensound.com

Momentum continues to build for the need to rein in AI. Despite it being a global challenge, the approaches to regulating AI vary from country to country in some fairly fundamental (and even philosophical) ways. In this week's episode, we explore these different approaches.Links: Australian experts call for AI regulator (InnovationAus) https://www.innovationaus.com/australian-experts-want-a-ai-regulator-investigation-of-failures/ Microsoft warns against AI regulation in favour of industry-led sandbox approach (InnovationAus) https://www.innovationaus.com/microsofts-warning-against-sovereign-data-and-tech-capability/ Lina Khan essay (NYTimes) https://www.nytimes.com/2023/05/03/opinion/ai-lina-khan-ftc-technology.html Thomas Friedman column (NYTimes) https://www.nytimes.com/2023/05/02/opinion/ai-tech-climate-change.html?mkt_tok=MTM4LUVaTS0wNDIAAAGLhrcb_2iwIVn93sPquIulsJEQEQ0RujT-BPq3FwH1gj19MxjnR0yiBdgoPfirc5aCuIEM3ysagc7lccIAo43z7PuSD-HaSSbhs_HGRyryZ_Gm White House AI meeting fact sheet https://www.whitehouse.gov/ostp/news-updates/2023/05/04/fact-sheet-biden-harris-administration-announces-new-actions-to-promote-responsible-ai-innovation-that-protects-americans-rights-and-safety/ EU AI Act explained (WEF) https://www.weforum.org/agenda/2023/03/the-european-union-s-ai-act-explained/#:~:text=The%20Artificial%20Intelligence%20Act%20aims,of%20AI%20for%20industrial%20use.%E2%80%9D   Credits: Music by Bensound.com

It's Privacy Awareness Week, so we're peeling back the layers on one of the most common concepts used to raise awareness about privacy: the creepy test. It's that sense of "ew!" we sometimes feel when we encounter technologies or business practices that step over the bounds of responsible use of our personal information. This week, we break down the concept of the creepy test and evaluate its usefulness.   Links: "A Theory of Creepy" (Paper by Tene and Polonetsky) https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2326830 Criticisms about the creepy test (Slate) https://slate.com/technology/2021/12/why-privacy-matters-excerpt-creepiness.html Article about Target predicting a teenager was pregnant (NYTimes) https://www.nytimes.com/2012/02/19/magazine/shopping-habits.html Privacy Awareness Week (OAIC) https://www.oaic.gov.au/engage-with-us/events/privacy-awareness-weekCredits: Music by Bensound.com

This week, we discuss the push to abolish anonymity on social media, as a means to preventing online abuse.   Policymakers have been grappling with the challenges of trolling and online abuse for a few years, but it has come into the spotlight after the complaints of several prominent Australian footballers and athletes.   While enforcing real identity seems an obvious solution, Arj and Jordan debate its effectiveness and explore its adverse side effects on other internet users.   Links: Article about abuse of NRL players (Fox Sports) https://www.foxsports.com.au/nrl/nrl-premiership/social-media-abuse-in-sport-special-investigation-latrell-mitchells-dire-warning-of-youth-suicide/news-story/061024cdebe27ccc4f3a73cd4f31ec72   Comments by AFL inclusion manager (ABC News) https://www.abc.net.au/news/2021-08-09/tanya-hosch-says-afl-must-continue-to-stamp-out-racism/100360890   Article about Anti-Trolling Bill (SMH) https://www.smh.com.au/national/morrison-government-s-plan-to-unmask-online-trolls-creates-legal-confusion-20211128-p59cuu.html   Article about Korea's ban on anonymity (Ars Technica) https://arstechnica.com/tech-policy/2011/08/what-south-korea-can-teach-us-about-online-anonymity/   UK Government inquiry into anonymity https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1123426/Report_into_the_Connection_between_Abuse_and_Anonymity.pdf   Credits: Music by Bensound.com

This week, we discuss the emerging response to now well-documented concerns about generative AI from regulators and lawyers. With data protection authorities seemingly leading the charge, we discuss whether privacy is actually the right lever to be pulling when it comes to taking action against these technologies, in light of broader concerns about discrimination, defamation and copyright infringement. Or is this like getting Al Capone on tax evasion charges?   Links: ChatGPT is entering a world of regulatory pain in Europe (Politico) https://www.politico.eu/article/chatgpt-world-regulatory-pain-eu-privacy-data-protection-gdpr/ Statement by Italian data protection regulator https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/9874751#english ChatGPT response to Italian regulator (Reuters - paywall) https://www.reuters.com/technology/openai-propose-remedies-italian-ban-chatgpt-2023-04-06/ Story about Australian mayor defamation claim (BBC) https://www.bbc.com/news/technology-65202597 Story about Getty Images suing Stable Diffusion for scraping content (The Verge) https://www.theverge.com/2023/1/17/23558516/ai-art-copyright-stable-diffusion-getty-images-lawsuit The FBI on locking up Al Capone https://archives.fbi.gov/archives/news/stories/2005/march/capone_032805 Sam Altman tweet https://twitter.com/sama/status/1641897800236687360?lang=en  Credits: Music by Bensound.com

This week, we discuss the merits of recent ideas to pause the development or rollout of harmful technologies and data practices. Recent widespread consternation about AI (particularly ChatGPT and GPT-4 from OpenAI) has led to an open letter from various AI and tech personalities calling for a 6-month pause in future development. But Jordan and Arj discuss that the letter may not be all that it seems. The open letter comes at the same time as a new paper from Australia's Consumer Policy Research Centre (CPRC), which argues for a new Privacy Safety Regime which would allow governments and regulators to stop or limit obviously harmful uses of or harmful practices. The paper also proposes the introduction of a duty of care or best-interests duty that would oblige businesses to act in the best interests of consumers.   Links: Open letter to pause AI https://futureoflife.org/open-letter/pause-giant-ai-experiments/ Analysis of open letter (Platformer) https://www.platformer.news/p/the-ai-industry-really-should-slow ChatGPT blocked in Italy over privacy concerns https://www.abc.net.au/news/2023-04-01/chatgpt-ai-chatbot-blocked-itay-over-privacy-concerns/102175640 Paper from CPRC https://cprc.org.au/in-whose-interest/ Credits: Music by Bensound.com

This week, we finally weigh in on a debate that arises frequently - is privacy dead?   Arj and Jordan explore the apparent contradiction between people's stated desire for privacy and their behaviours that accept companies or technologies that repeatedly fall short of acceptable privacy practices. They look at several studies and experiments that help explain why it's not reasonable to leave safeguarding of privacy up to individuals alone. Links:  IAPP global survey on privacy https://iapp.org/news/a/most-consumers-want-data-privacy-and-will-act-to-defend-it/   Australian Community Attitudes to Privacy Survey 2020 (OAIC) https://www.oaic.gov.au/__data/assets/pdf_file/0015/2373/australian-community-attitudes-to-privacy-survey-2020.pdf   Research paper by Alessandro Acquisti https://www.heinz.cmu.edu/~acquisti/papers/acquisti-privacy-worth.pdf   Solove's The Myth of the Privacy Paradox https://scholarship.law.gwu.edu/cgi/viewcontent.cgi?article=2738&context=faculty_publications   Credits: Music by Bensound.com