The ACCC is suing Google over tracking users. Here’s why it matters

shutterstock.
Katharine Kemp, UNSW

The Australian Competition and Consumer Commission (ACCC) today announced it is suing Google for misleading consumers about its collection and use of personal location data.

The case is the consumer watchdog’s first move against a major digital platform following the publication of the Digital Platforms Inquiry Final Report in July.

The ACCC follows regulators in countries including the US and Germany in taking action against the way “tech giants” such as Google and Facebook harvest and exploit their users’ data.

What did Google do?

ACCC Chair Rod Sims said Google “collected, kept and used highly sensitive and valuable personal information about consumers’ location without them making an informed choice”.

The ACCC alleges that Google breached the Australian Consumer Law (ACL) by misleading its users in the course of 2017 and 2018, including by:

  • not properly disclosing that two different settings needed to be switched off if consumers did not want Google to collect, keep and use their location data

  • not disclosing on those pages that personal location data could be used for a number of purposes unrelated to the consumer’s use of Google services.

Some of the alleged breaches can carry penalties of up to A$10 million or 10% of annual turnover.

A spokesperson for Google is reported to have said the company is reviewing the allegations and engaging with the ACCC.

The two separate settings that users needed to change to disable location tracking. Android screenshots, Author provided

Turning off “Location History” did not turn off location history

According to the ACCC, Google’s account settings on Android phones and tablets would have led consumers to think changing a setting on the “Location History” page would stop Google from collecting, keeping and using their location data.

The ACCC says Google failed to make clear to consumers that they would actually need to change their choices on a separate setting titled “Web & App Activity” to prevent this location tracking.

Location data is used for much more than Google Maps

Google collects and uses consumers’ personal location data for purposes other than providing Google services to consumers. For example, Google uses location data to work out demographic information, target advertising, and offer advertising services to other businesses.

Digital platforms increasingly track consumers online and offline to create highly detailed personal profiles on each of us. These profiles are then used to sell advertising services. These data practices create risks of criminal data breaches, discrimination, exclusion and manipulation.


Read more: Here’s how tech giants profit from invading our privacy, and how we can start taking it back


Concealed data practices under fire around the world

The ACCC joins a number of other regulators and consumer organisations taking aim at the concealed data practices of the “tech giants”.

This year, the Norwegian Consumer Council published a report – Deceived by Design – which analysed a sample of Google, Facebook and Microsoft Windows privacy settings. The conclusion: “service providers employ numerous tactics in order to nudge or push consumers toward sharing as much data as possible”.

The report said some aspects of privacy policies can be seen as “dark patterns”, or “features of interface design crafted to trick users into doing things that they might not want to do”.

In Canada, an investigation into how Facebook gets consent for certain data practices by the Office of the Privacy Commissioner of Canada was highly critical.

It found that the relevant data use policy “contained blanket statements referencing potential disclosures of a broad range of personal information, to a broad range of individuals or organisations, for a broad range of purposes”. The result was that Facebook users “had no way of truly knowing what personal information would be disclosed to which app and for what purposes”.

Is Facebook next?

The ACCC was highly critical of the data practices of a number of large digital platforms when the Final Report of the Digital Platforms Inquiry was published in July this year. The platforms included included Facebook, WhatsApp, Twitter and Google.

The report was particularly scathing about privacy policies which were long, complex, difficult to navigate and low on real choices for consumers. In its words, certain common features of digital platforms’ consent processes

leverage digital platforms’ bargaining power and deepen information asymmetries, preventing consumers from providing meaningful consents to digital platforms’ collection, use and disclosure of their user data.

The report also stated the ACCC was investigating whether various representations by Google and Facebook respectively would “raise issues under the ACL”.

The investigations concerning Facebook related to representations concerning its sharing of user data with third parties and potential unfair contract terms. So far no proceedings against Facebook have been announced.


Read more: 94% of Australians do not read all privacy policies that apply to them – and that’s rational behaviour


Will this change anything?

While penalties of up to A$10 million or 10% of annual turnover (in Australia) may sound significant, last year Google made US$116 billion in advertising revenue globally.

In July, the US Federal Trade Commission settled with Facebook on a US$5 billion fine for repeatedly misleading users about the fact that personal information could be accessed by third-party apps without the user’s consent, if a user’s Facebook “friend” gave consent. Facebook’s share price went up after the FTC approved the settlement.

But this does not mean the ACCC’s proceedings against Google are a pointless exercise. Aside from the impact on Google’s reputation, these proceedings may highlight for consumers the difference between platforms which have incentives to hide data practices from consumers and other platforms – like the search engine DuckDuckGo – which offer privacy-respecting alternatives.The Conversation

Katharine Kemp, Senior Lecturer, Faculty of Law, UNSW, and Co-Leader, ‘Data as a Source of Market Power’ Research Stream of The Allens Hub for Technology, Law and Innovation, UNSW

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Posted in Private Investigations | Leave a comment

How women’s life-long experiences of being judged by their appearance affect how they feel in open-plan offices

Women are more likely to feel watched, exposed or more accountable in open-plan offices. from www.shutterstock.com, CC BY-ND
Rachel Morrison, Auckland University of Technology

A key reason many organisations want to move their employees to open-plan workspaces is to encourage collaboration and improve communication. The assumption is that the increased visibility and access workers have to one another will ease the flow of information and enhance learning, well-being, and collegiality.

Research suggests that, in some circumstances, this can indeed be the outcome. But another study recently found exactly the opposite, with workers engaging in 73% fewer face-to-face interactions, along with a 67% increase in electronic communication.


Read more: A new study should be the final nail for open-plan offices


It is not just face-to-face communication that becomes worse in open-plan offices. There are findings that satisfaction decreases, well-being is impacted, privacy decreases, and people become less friendly.

One undeniable aspect of open-plan offices is the increased exposure and access to others they offer. This is sometimes deemed a benefit – particularly because it increases opportunities to learn from, and network with, high-status colleagues. But our research suggests that being more visible may not be good for everyone.


Read more: Get out of my face! We’re more antisocial in a shared office space


Gender differences

Our study in a large open-plan law firm in Auckland found that, although occupants generally liked this well designed work environment, there was a gender difference in the responses. Every survey respondent who specifically mentioned being visible, watched, observed, exposed or more accountable was a woman. The male occupants, it seems, were oblivious to their increased exposure. This difference in responses was especially striking since we did not set out to explore the gender effects of open-plan work spaces.

It wasn’t that all the women especially disliked being so exposed. In fact, being visible came up several times when they were describing positive aspects of the space, outlining how the open office improved their productivity. One lawyer said:

Overall the effect on my productivity is positive – can always be seen, so always working unless nobody is around.

Another woman commented:

Knowing that other people can see what I am doing also motivates me to be productive.

But this female lawyer was keenly aware of the downside of being so visible:

I don’t like that sometimes it feels like people are judging you for not giving enough face time as everything is so visible. Back at [previous office] there was more of a motto of getting the work done in the time needed and then go home. Now, with open space, it feels more like a fish bowl and I have noticed more subtle pressure to stay later even if you don’t technically need to – based on looks some seniors, even from entirely different teams, give you.

Other research looking at the effect of working in a glass open-plan, largely transparent office, revealed the unexpected outcome of women becoming hyper-aware of being continually observed and evaluated, just as we found. Women (but not men) in this study reported becoming more image conscious, changing the way they dressed, how and where they walked, and feeling exposed.

Why is this? Are women really being looked at more than their male colleagues?

Research into the male gaze and surveillance behaviour on nudist beaches suggests they are. But, whether they are or not, women are socialised, practically from birth, to believe they are being looked at.

Evaluated on appearance

Through their life experiences and their exposure to media, women and girls learn that they are almost constantly being evaluated and appraised. Women are aware of being observed in a way that men are not, simply because their life experiences have routinely included instances of being looked at.

Every time a girl is told she is cute or pretty, or even described in gender-neutral, objective terms such as being tall, she is actually being told she is being looked at and assessed on her appearance. Boys are far more likely to have their behaviour or personality commented on by adults, rather than their appearance – being brave, adventurous or clever.

Even more insidious is the notion that appearance evaluations genuinely matter in numerous situations. The benefits that attractive women receive include everything from social mobility and college admissions to educational attainment and job offers. Women rated as being unattractive or unfeminine are more negatively evaluated than comparably unattractive men.

Better office designs

Given that women’s outcomes are, at least in part, determined by their appearance, it is not surprising that, compared to their male colleagues, female workers are comparatively more aware of their visibility.

Research suggests we should question the notion that, just because we can see and hear our colleagues, we will have more and better in-person conversations. The communication benefits of increased exposure to others afforded by open-plan space may be overstated, and the downside of being so visible may disproportionately impact women in the workplace.

The idea that female and male employees differ in their perceptions of being observed should be acknowledged and incorporated into office design.

How? By ensuring that, within open-plan environments, female workers are afforded opportunities for privacy. This includes allowing them to work with their backs to the wall or to be seated away from busy thoroughfares, and by positioning desks so that women are not forced to walk past numerous colleagues on their way to amenities such as the kitchen or the bathroom.

Or, best of all, allowing people to work remotely (and in total privacy) for at least part of the week.The Conversation

Rachel Morrison, Senior Lecturer, Business School, Auckland University of Technology

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Posted in Business Investigations | Leave a comment

Data lakes: where big businesses dump their excess data, and hackers have a field day

Unlike purpose-built data storage systems, a data lake can be used to dump data in its original form. This data usually remains unsupervised. Shutterstock.com
Mohiuddin Ahmed, Edith Cowan University

Machines and the internet are woven into the fabric of our society. A growing number of users, devices and applications work together to produce what we now call “big data”. And this data helps drive many of the everyday services we access, such as banking.

A comparison of internet snapshots from 2018 and 2019 sheds light on the increasing rate at which digital information is exchanged daily. The challenge of safely capturing and storing data is becoming more complicated with time.

This is where data warehouses and data lakes are relevant. Both are online spaces used by businesses for internal data processing and storage.

Unfortunately, since the concept of data lakes originated in 2010, not enough has been done to address issues of cyber security.

These valuable repositories remain exposed to an increasing amount of cyber attacks and data breaches.


Read more: Australia is vulnerable to a catastrophic cyber attack, but the Coalition has a poor cyber security track record


A proposed panacea for big data problems

The traditional approach used by service providers is to store data in a “data warehouse” – a single repository that can be used to analyse data, create reports, and consolidate information.

However, data going into a warehouse needs to be pre-processed. With zettabytes of data in cyber space, this isn’t an easy task. Pre-processing requires a hefty amount of computation done by high-end supercomputers, and costs time and money.

Data lakes were proposed to solve this. Unlike warehouses, they can store raw data of any type. Data lakes are often considered a panacea for big data problems, and have been embraced by many organisations trying to drive innovation and new services for users.

James Dixon, the US data technician who reputedly coined the term, describes data lakes thus:

If you think of a datamart as a store of bottled water – cleansed and packaged and structured for easy consumption – the data lake is a large body of water in a more natural state. The contents of the data lake stream in from a source to fill the lake, and various users of the lake can come to examine, dive in, or take samples.

Be careful swimming in a data lake

Although data lakes create opportunities for data crunchers, their digital doors remain unguarded, and solving cyber safety issues remains an afterthought.

Our ability to analyse and extract intelligence from data lakes is threatened in the realms of cyber space. This is evident through the high number of recent data breaches and cyber attacks worldwide.

With technological advances, we become even more prone to cyber attacks. Confronting malicious cyber activity should be a priority in the current digital climate.

While research into this has flourished in recent years, a strong connection between effective cyber security and data lakes is yet to be made.

Not uncommon to be compromised

Due to advances in malicious software, specifically in malware obfuscation, it’s easy for hackers to hide a dangerous virus within a harmless-looking file.

False data injection attacks have increased over the past decade.

The attack happens when a cyber criminal exploits freely available tools to compromise a system connected to the internet, to inject it with false data.


Read more: Aerial threat: why drone hacking could be bad news for the military


The foreign data injected gains unauthorised access to the data lake and manipulates the stored data to mislead users. There are many potential motivators behind such an attack.

Components of data lakes

Data lake architecture can be divided into three components: data ingestion, data storage and data analytics.

Data ingestion refers to data coming into the lake from a diverse range of sources. This usually happens with no legitimate security policies in place. When incoming data is not checked for security threats, a golden opportunity is presented for cyber criminals to inject false data.

The second component is data storage, which is where all the raw data gets dumped. Again, this happens without any sizeable cyber safety considerations.

The most important component of data lakes is data analytics, which combines the expertise of analysts, scientists and data officers. The objective of data analytics is to design and develop modelling algorithms which can use raw data to produce meaningful insights.

For instance, data analytics is how Netflix learns about its subscribers’ viewing habits.

Challenges ahead for data experts

The slightest change or manipulation in data lakes can hugely mislead data crunchers and have widespread impact.

For instance, compromised data lakes have huge implications for healthcare, because any deviation in data can lead to a wrong diagnosis, or even casualties.

Also, government agencies using compromised data lakes may face mayhem in international affairs and trade situations. The defence, finance, governance and educational sectors are also vulnerable to data lake attacks.


Read more: Who’s afraid of the bad, big data? You might want to read this


Considering the volume of data stored in data lakes, the consequences of cyber attacks are far from trivial.

And since generating huge amounts of data in today’s world is inevitable, it’s crucial that data lake architects try harder to ensure these at-risk data depots are correctly looked after.The Conversation

Mohiuddin Ahmed, Lecturer of Computing & Security, Edith Cowan University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Posted in Uncategorized | Leave a comment

Why the government’s proposed facial recognition database is causing such alarm

Andrew Hastie said the broad objectives of the identity-matching system were sound, but key changes were needed to ensure privacy and transparency. Lukas Coch/AAP
Sarah Moulds, University of South Australia

Since before the 2019 election, the Morrison government has been keen to introduce a new scheme that would allow government agencies, telecos and banks to use facial recognition technology to collect and share images of people across the country.

While there are some benefits to such a system – making it easier to identify the victims of natural disasters, for example – it has been heavily criticised by human rights groups as an attempt to introduce mass surveillance to Australia and an egregious breach of individual privacy.

The plan hit a roadblock when the government-controlled Parliamentary Joint Committee on Intelligence and Security (PJCIS) handed down an extensive report calling for significant changes to the legislation to ensure stronger privacy protections and other safeguards against misuse.


Read more: Close up: the government’s facial recognition plan could reveal more than just your identity


What are the identity-matching laws?

The identity-matching bills aim to set up a national database of images captured through facial recognition technology and other pieces of information used to identify people, such as driver’s licenses, passports, visa photos. This information could then be shared between government agencies, and in some cases, private organisations like telcos and banks, provided certain legal criteria are met.

The proposed database follows an agreement reached by the Commonwealth and the states and territories in 2017 to facilitate the “secure, automated and accountable” exchange of identity information to help combat identity crime and promote community safety.

Critical to this agreement was that the system include “robust privacy safeguards” to guard against misuse.

The agreement gave the federal government the green light to introduce laws to set up the identity-matching system.


Read more: Why regulating facial recognition technology is so problematic – and necessary


Access to the service could potentially encompass a wide range of purposes. For example, a government agency could use the system to identify people thought to be involved in identity fraud or considered threats to national security.

But the bill also includes more pedestrian uses, such as in cases of “community safety” or “road safety”.

The proposed laws contain some safeguards against misuse, including criminal sanctions when an “entrusted person” discloses information for an unauthorised purpose. In addition, access by banks or other companies and local councils can only occur with the consent of the person seeking to have their identity verified.

However, much of the detail about precisely who can access the system and what limits apply is not set out in the bills. This will be determined through government regulation or subsequent intergovernmental agreements.

Concerns about scope and safeguards

The Coalition government’s bills were first introduced in 2018, but didn’t come up for a vote. After the government reintroduced the bills in July, the PJCIS launched an inquiry and invited public submissions.

Legal bodies have argued that amendments are needed to tighten the boundaries of who can access the identity-matching services and for what purposes. They note that as currently drafted, the proposed laws give too much discretionary power to government officials and actually create opportunities for identity theft.


Read more: DNA facial prediction could make protecting your privacy more difficult


This is particularly problematic when coupled with the potential for the rapid spread of facial recognition technology in Australian streets, parks and transport hubs.

The Human Rights Law Centre said the proposed system is “more draconian” than the one launched in the UK. Another concern is that it could be used by a wide range of agencies to confirm the identity of any Australian with government-approved documentation (such as a passport or driver’s license), regardless of whether they are suspected of a crime.

The Australian Human Rights Commission also pointed to research suggesting the software used to capture or match facial imagery could result in higher error rates for women and people from certain ethnic groups.

What’s next for the bills?

When handing down the committee’s unanimous report, Andrew Hastie said the broad objectives of the identity-matching system were sound, but key changes were needed to ensure privacy protections and transparency.

While the PJCIS cannot actually stop the bills from being passed, it has a strong track record of turning its recommendations into legislative amendments.

The states and territories also have an interest in ensuring a national identity-matching scheme gets the balance right when it comes to addressing identity crime and assisting law enforcement and protecting individual privacy.

The question is whether these calls for improvements will be loud enough to put these bills back on the drawing board.

The future of the legislation will tell us something important about the strength of human rights protections in Australia, which rely heavily on parliamentary bodies like the PJCIS to help raise the alarm when it comes to rights-infringing laws.The Conversation

Sarah Moulds, Lecturer of Law, University of South Australia

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Posted in Uncategorized | Leave a comment

How to be legal, and ethical, when overseeing a redundancy

How to be legal, and ethical, when overseeing a redundancy

David Sharrock / Thursday, August 22, 2019

When it comes to making an employee redundant, there are lots of traps.

For the employer, whenever redundancy is considered, it pays to be very careful indeed about proper reason, good process and appropriate payment.

Proper reason

When considering making an employee redundant, an employer should determine that the position itself no longer needs to be filled by anyone (or the employer has become bankrupt or insolvent, compelling redundancies).

Commonly in the former instance, redundancy arises with new technology, a downturn in business, the closure of a business, relocation of premises, or with restructure or organisational changes from a sale of business, merger or takeover. These are the usual triggers for a genuine redundancy.

With a genuine redundancy, an employer can distribute the work differently by having a smaller number of team members take over the work of the employee who is to be made redundant. Contracting the work out to an independent contractor or upgrading the role to require qualifications, albeit, with similar duties, both involve a genuine redundancy.

Naturally, it all depends on the circumstances. But there must be an actual commercial reason for the position to no longer be required.

If a purported redundancy is not based on these sorts of triggers and in these sort of circumstances, then there are real risks for an employer.

A concocted reason to be rid of an unwanted employee or to avoid a claim for unfair dismissal or unlawful termination of employment is always risky.

Good process

However, notwithstanding good reason for a redundancy, an employer might fail to adopt good and essential process, such as complying with consultation obligations and exploring reasonable redeployment opportunities.

Consultation by an employer is essential to afford due process to the employee and may also be required by an employment contract, award or enterprise agreement.

Commonly, there is a requirement upon the employer to speak to or meet with an employee to advise the circumstances surrounding the redundancy decision. Input and feedback should be sought on ways to minimise the effect of the redundancy on the employee and to give consideration to what an employee is saying. Outplacement counselling might be offered.

An employer is obliged to consider reasonable redeployment possibilities for the employee within the enterprise.  This obligation might extend to other positions, perhaps either in other departments or in an associated employer entity.  Questions of reasonableness and commerciality arise, with appropriate explanations being given to the employee about the nature of any other positions, necessary qualifications, the employee’s skills, qualifications and experience, location, and remuneration.

Good process includes retaining supporting documents relevant to the redundancy, the keeping of notes about conversations during the consultation process, detail concerning reasonable redeployment opportunities, and the reasons why a particular employee has been selected over other employees.

An appropriate letter to the employee should then include such full particulars and advise termination of employment based on redundancy.

During this process, care, concern and respect for the employee are important.

Appropriate payment

Whenever employment has been terminated on the basis of redundancy, a redundancy payment must be made, unless the employee is casual, or has been continuously  employed for less than 12 months, or is employed on a fixed-term or project-based contract (where there is no reasonable expectation of an extension or where it is customary for employment to end upon project completion), or unless the employer is a small business employer having fewer than 15 employees (noting that some modern awards might require a small business employer to pay redundancy pay regardless).

Furthermore, redundancy pay is not required where the business is sold or transferred with the employee accepting employment with that new business owner and having their previous period of service with the original employer recognised.

If a business is sold or transferred and the employee refuses to accept employment with the new business owner, upon substantially the same terms of employment as provided by the original employer, then the employee cannot demand a redundancy payment in the absence of application being made to the Fair Work Commission.

An employer can apply to the commission for relief if there is a claim for redundancy which is unaffordable or lacks merit because a suitable alternative position was found for the employee.

The amount of redundancy pay is calculated with reference to an employee’s period of continuous service at minimum levels set out in the Fair Work Act.  Employment contracts, awards and enterprise agreements may have more generous redundancy provisions.

Proper reason, good process and appropriate payment will ensure legal compliance and protection for an employer against a claim for unfair dismissal or unlawful termination of employment.

Article found HERE at SmartCompany.com.au

Posted in Business Investigations | Leave a comment