What is “upskirting” and what are your rights to privacy under the law?


Shutterstock

Rick Sarre, University of South AustraliaQueensland federal MP Andrew Laming has been accused of taking an inappropriate photograph of a young woman, Crystal White, in 2019 in which her underwear was showing. When challenged about the photo this week, he reportedly replied:

it wasn’t meant to be rude. I thought it was funny

Inappropriate photography is a criminal offence in Queensland. Whether or not Laming’s behaviour amounted to an offence for which he could be charged is a matter for the police to determine. (White is reportedly considering taking her complaint to police.)

So, what do the laws say about this kind of behaviour, and what rights to privacy do people have when it comes to indecent photographs taken by others?

What can ‘upskirting’ include?

A new term has entered the lexicon in this regard: “upskirting”. The act of upskirting is generally defined as taking a sexually intrusive photograph of someone without their permission.

It is not a recent phenomenon. There have been incidents in which people (invariably men) have placed cameras on their shoes and photographed “up” a woman’s skirt for prurient purposes. Other instances have involved placing cameras under stairs where women in dresses or skirts were likely to pass by.

The broader category of “upskirting” can also include indecent filming of anyone without their knowledge, including photographing topless female bathers at a public beach, covertly filming women undressing in their bedrooms, or installing a camera in a dressing room, public toilet or a swimming pool changing room.




Read more:
Andrew Laming: why empathy training is unlikely to work


With every new electronic device that comes on the market comes the possibility of inappropriate use and, thus, the creation of new criminal offences.

We saw that with the advent of small listening devices. With this technology, it was now possible to record private conversations, so legislators had to create offences under the law to deal with any inappropriate use.

The same thing happened with small (and now very affordable) drones, which made it possible to capture images of people in compromising positions, even from a distance. Our laws have been adjusted accordingly.

And in recent years, lawmakers have been faced with the same potential for inappropriate use with mobile phones. Such devices are now ubiquitous and improved technology has allowed people to record and photograph others at a moment’s notice — often impulsively, without proper thought.

How have legislators responded in Australia?

There is a patchwork array of laws across the country dealing with this type of photography and video recording.

In South Australia, for instance, it is against the law to engage in “indecent filming” of another person under part 5A of the state’s Summary Offences Act.

The term “upskirting” itself was used when amendments were made in 2007 to Victoria’s Summary Offences Act. This made it an offence for a person to observe or visually capture another person’s genital region without their consent.

In New South Wales, the law is equally specific in setting out the type of filming that is punishable under the law. It outlaws the filming of another person’s “private parts” for “sexual arousal or sexual gratification” without the consent of the person being filmed.

Queensland’s law, meanwhile, makes it an offence to:

observe or visually record another person, in circumstances where a reasonable adult would expect to be afforded privacy […] without the other person’s consent

Interestingly, the Queensland law is more broadly worded than the NSW, Victorian or South Australian laws since it makes it an offence to take someone’s picture in general, rather than specifying that it needs to be sexually explicit.

The maximum penalty for such an offence in Queensland is three years’ imprisonment.

What would need to be proven for a conviction

Just like any criminal offence, the prosecution in a case like this must first determine, before laying a charge, whether there’s enough evidence that could lead to a conviction and, moreover, whether such a prosecution is in the public interest.

Once the decision to charge is made, a conviction will only be possible if the accused pleads guilty or is found guilty beyond reasonable doubt. (Being a misdemeanour, this could only be by a magistrate, not a jury.)

The role of the criminal law here is to bring offending behaviour to account while also providing a deterrent for the future conduct of that person or any other persons contemplating such an act.




Read more:
View from The Hill: Morrison should appoint stand-alone minister for women and boot Andrew Laming to crossbench


As with any criminal law, its overarching purpose is to indicate society’s disdain for the behaviour. The need to protect victims from such egregious and lewd behaviour is an important consideration too.

Any decision by a Queensland magistrate to convict a person alleged to have taken an indecent photo would hang on three facts:

  • whether the photo was taken by the person accused
  • whether the victim believed she should have been afforded privacy
  • and whether she offered no consent to have the photo taken.

Other mitigating factors might come into play, however, including whether the photograph was impulsive and not premeditated, whether the image was immediately deleted, and whether the alleged offender showed any regret or remorse for his actions.

Recently a Queensland man, Justin McGufficke, pleaded guilty to upskirting offences in NSW after he took pictures up the skirts of teenage girls at a zoo while they were looking at animals.

In another case, a conviction for upskirting was deemed sufficient to deny a man permission to work with children in Victoria.

In a moment of impulsivity — and with the easy access of the mobile phone — anything can happen in today’s world. Poor judgements are common. Women are invariably the targets.

The laws on filming, recording and in some cases distributing the images of another person are clear — and the potential consequences for the accused are substantial. One would hope that any potential offenders are taking note.The Conversation

Rick Sarre, Emeritus Professor of Law and Criminal Justice, University of South Australia

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Not just complacency: why people are reluctant to use COVID-19 contact-tracing apps



Mark Coote/Bloomberg via Getty Images

Farkhondeh Hassandoust, Auckland University of Technology

This week’s announcement of two new COVID-19 vaccine pre-purchase deals is encouraging, but doesn’t mean New Zealanders should become complacent about using the NZ COVID Tracer app during the summer holidays.

The immunisation rollout won’t start until the second quarter of 2021, and the government is encouraging New Zealanders to continue using the app, including the recently upgraded bluetooth function, as part of its plan to manage the pandemic during the holiday period.




Read more:
How to keep COVID-19 at bay during the summer holidays — and help make travel bubbles a reality in 2021


During the past weeks, the number of daily scans has dropped significantly, down from just over 900,000 scans per day at the end of November to fewer than 400,000 in mid-December.

With no active cases of COVID-19 in the commmunity, complacency might be part of the issue in New Zealand, but as our research in the US shows, worries about privacy and trust continue to make people reluctant to use contact-tracing apps.

Concerns about privacy and surveillance

We surveyed 853 people from every state in the US to identify the factors promoting or inhibiting their use of contact-tracing applications. Our survey reveals two seemingly contradictory findings.

Individuals are highly motivated to use contact-tracing apps, for the sake of their own health and that of society as a whole. But the study also found people are concerned about privacy, social disapproval and surveillance.

The findings suggest people’s trust in the data collectors is dependent on the technology features of these apps (for example, information sensitivity and anonymity) and the privacy protection initiatives instigated by the authorities.

With the holiday season just around the corner — and even though New Zealand is currently free of community transmission — our findings are pertinent. New Zealanders will travel more during the summer period, and it is more important than ever to use contact-tracing apps to improve our chances of getting on top of any potential outbreaks as quickly as possible.

How, then, to overcome concerns about privacy and trust and make sure New Zealanders use the upgraded app during summer?

The benefits of adopting contact-tracing apps are mainly in shared public health, and it is important these societal health benefits are emphasised. In order to quell concerns, data collectors (government and businesses) must also offer assurance that people’s real identity will be concealed.

It is the responsibility of the government and the office of the Privacy Commissioner to ensure all personal information is managed appropriately.




Read more:
An Australia–NZ travel bubble needs a unified COVID contact-tracing app. We’re not there


Transparency and data security

Our study also found that factors such as peer and social influence, regulatory pressures and previous experiences with privacy loss underlie people’s readiness to adopt contact-tracing apps.

The findings reveal that people expect regulatory protection if they are to use contact-tracing apps. This confirms the need for laws and regulations with strict penalties for those who collect, use, disclose or decrypt collected data for any purpose other than contact tracing.

The New Zealand government is working with third-party developers to complete the integration of other apps by the end of December to enable the exchange of digital contact-tracing information from different apps and technologies.

The Privacy Commissioner has already endorsed the bluetooth upgrade of the official NZ COVID Tracer app because of its focus on users’ privacy. And the Ministry of Health aims to release the source code for the app so New Zealanders can see how their personal data has been managed.

Throughout the summer, the government and ministry should emphasise the importance of using the contact-tracing app and assure New Zealanders about the security and privacy of their personal data.

Adoption of contact-tracing apps is no silver bullet in the battle against COVID-19, but it is a crucial element in New Zealand’s collective public health response to the global pandemic.The Conversation

Farkhondeh Hassandoust, Lecturer, Auckland University of Technology

This article is republished from The Conversation under a Creative Commons license. Read the original article.

83% of Australians want tougher privacy laws. Now’s your chance to tell the government what you want



Shutterstock

Normann Witzleb, Monash University

Federal Attorney-General Christian Porter has called for submissions to the long-awaited review of the federal Privacy Act 1988.

This is the first wide-ranging review of privacy laws since the Australian Law Reform Commission produced a landmark report in 2008.

Australia has in the past often hesitated to adopt a strong privacy framework. The new review, however, provides an opportunity to improve data protection rules to an internationally competitive standard.

Here are some of the ideas proposed — and what’s at stake if we get this wrong.




Read more:
It’s time for privacy invasion to be a legal wrong


Australians care deeply about data privacy

Personal information has never had a more central role in our society and economy, and the government has a strong mandate to update Australia’s framework for the protection of personal information.

In the Australian Privacy Commissioner’s 2020 survey, 83% of Australians said they’d like the government to do more to protect the privacy of their data.

The intense debate about the COVIDSafe app earlier this year also shows Australians care deeply about their private information, even in a time of crisis.

Privacy laws and enforcement can hardly keep up with the ever-increasing digitalisation of our lives. Data-driven innovation provides valuable services that many of us use and enjoy. However, the government’s issues paper notes:

As Australians spend more of their time online, and new technologies emerge, such as artificial intelligence, more personal information about individuals is being captured and processed, raising questions as to whether Australian privacy law is fit for purpose.

The pandemic has accelerated the existing trend towards digitalisation and created a range of new privacy issues including working or studying at home, and the use of personal data in contact tracing.

Australians are rightly concerned they are losing control over their personal data.

So there’s no question the government’s review is sorely needed.

Issues of concern for the new privacy review

The government’s review follows the Australian Competition and Consumer Commission’s Digital Platforms Inquiry, which found that some data practices of digital platforms are unfair and undermine consumer trust. We rely heavily on digital platforms such as Google and Facebook for information, entertainment and engagement with the world around us.

Our interactions with these platforms leave countless digital traces that allow us to be profiled and tracked for profit. The Australian Competition and Consumer Commission (ACCC) found that the digital platforms make it hard for consumers to resist these practices and to make free and informed decisions regarding the collection, use and disclosure of their personal data.

The government has committed to implement most of the ACCC’s recommendations for stronger privacy laws to give us greater consumer control.

However, the reforms must go further. The review also provides an opportunity to address some long-standing weaknesses of Australia’s privacy regime.

The government’s issues paper, released to inform the review, identified several areas of particular concern. These include:

  • the scope of application of the Privacy Act, in particular the definition of “personal information” and current private sector exemptions

  • whether the Privacy Act provides an effective framework for promoting good privacy practices

  • whether individuals should have a direct right to sue for a breach of privacy obligations under the Privacy Act

  • whether a statutory tort for serious invasions of privacy should be introduced into Australian law, allowing Australians to go to court if their privacy is invaded

  • whether the enforcement powers of the Privacy Commissioner should be strengthened.

While most recent attention relates to improving consumer choice and control over their personal data, the review also brings back onto the agenda some never-implemented recommendations from the Australian Law Reform Commission’s 2008 review.

These include introducing a statutory tort for serious invasions of privacy, and extending the coverage of the Privacy Act.

Exemptions for small business and political parties should be reviewed

The Privacy Act currently contains several exemptions that limit its scope. The two most contentious exemptions have the effect that political parties and most business organisations need not comply with the general data protection standards under the Act.

The small business exemption is intended to reduce red tape for small operators. However, largely unknown to the Australian public, it means the vast majority of Australian businesses are not legally obliged to comply with standards for fair and safe handling of personal information.

Procedures for compulsory venue check-ins under COVID health regulations are just one recent illustration of why this is a problem. Some people have raised concerns that customers’ contact-tracing data, in particular collected via QR codes, may be exploited by marketing companies for targeted advertising.

A woman uses a QR code at a restaurant
Under current privacy laws, cafe and restaurant operators are exempt from complying with certain privacy obligations.
Shutterstock

Under current privacy laws, cafe and restaurant operators are generally exempt from complying with privacy obligations to undertake due diligence checks on third-party providers used to collect customers’ data.

The political exemption is another area of need of reform. As the Facebook/Cambridge Analytica scandal showed, political campaigning is becoming increasingly tech-driven.

However, Australian political parties are exempt from complying with the Privacy Act and anti-spam legislation. This means voters cannot effectively protect themselves against data harvesting for political purposes and micro-targeting in election campaigns through unsolicited text messages.

There is a good case for arguing political parties and candidates should be subject to the same rules as other organisations. It’s what most Australians would like and, in fact, wrongly believe is already in place.




Read more:
How political parties legally harvest your data and use it to bombard you with election spam


Trust drives innovation

Trust in digital technologies is undermined when data practices come across as opaque, creepy or unsafe.

There is increasing recognition that data protection drives innovation and adoption of modern applications, rather than impedes it.

A woman looks at her phone in the twilight.
Trust in digital technologies is undermined when data practices come across as opaque, creepy, or unsafe.
Shutterstock

The COVIDSafe app is a good example.
When that app was debated, the government accepted that robust privacy protections were necessary to achieve a strong uptake by the community.

We would all benefit if the government saw that this same principle applies to other areas of society where our precious data is collected.


Information on how to make a submission to the federal government review of the Privacy Act 1988 can be found here.




Read more:
People want data privacy but don’t always know what they’re getting


The Conversation


Normann Witzleb, Associate Professor in Law, Monash University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Towards a post-privacy world: proposed bill would encourage agencies to widely share your data


Bruce Baer Arnold, University of Canberra

The federal government has announced a plan to increase the sharing of citizen data across the public sector.

This would include data sitting with agencies such as Centrelink, the Australian Tax Office, the Department of Home Affairs, the Bureau of Statistics and potentially other external “accredited” parties such as universities and businesses.

The draft Data Availability and Transparency Bill released today will not fix ongoing problems in public administration. It won’t solve many problems in public health. It is a worrying shift to a post-privacy society.

It’s a matter of arrogance, rather than effectiveness. It highlights deficiencies in Australian law that need fixing.




Read more:
Australians accept government surveillance, for now


Making sense of the plan

Australian governments on all levels have built huge silos of information about us all. We supply the data for these silos each time we deal with government.

It’s difficult to exercise your rights and responsibilities without providing data. If you’re a voter, a director, a doctor, a gun owner, on welfare, pay tax, have a driver’s licence or Medicare card – our governments have data about you.

Much of this is supplied on a legally mandatory basis. It allows the federal, state, territory and local governments to provide pensions, elections, parks, courts and hospitals, and to collect rates, fees and taxes.

The proposed Data Availability and Transparency Bill will authorise large-scale sharing of data about citizens and non-citizens across the public sector, between both public and private bodies. Previously called the “Data Sharing and Release” legislation, the word “transparency” has now replaced “release” to allay public fears.

The legislation would allow sharing between Commonwealth government agencies that are currently constrained by a range of acts overseen (weakly) by the under-resourced Australian Information Commissioner (OAIC).

The acts often only apply to specific agencies or data. Overall we have a threadbare patchwork of law that is supposed to respect our privacy but often isn’t effective. It hasn’t kept pace with law in Europe and elsewhere in the world.

The plan also envisages sharing data with trusted third parties. They might be universities or other research institutions. In future, the sharing could extend to include state or territory agencies and the private sector, too.

Any public or private bodies that receive data can then share it forward. Irrespective of whether one has anything to hide, this plan is worrying.

Why will there be sharing?

Sharing isn’t necessarily a bad thing. But it should be done accountably and appropriately.

Consultations over the past two years have highlighted the value of inter-agency sharing for law enforcement and for research into health and welfare. Universities have identified a range of uses regarding urban planning, environment protection, crime, education, employment, investment, disease control and medical treatment.

Many researchers will be delighted by the prospect of accessing data more cheaply than doing onerous small-scale surveys. IT people have also been enthusiastic about money that could be made helping the databases of different agencies talk to each other.

However, the reality is more complicated, as researchers and civil society advocates have pointed out.

Person hitting a 'share' button on a keyboard.
In a July speech to the Australian Society for Computers and Law, former High Court Justice Michael Kirby highlighted a growing need to fight for privacy, rather than let it slip away.
Shutterstock

Why should you be worried?

The plan for comprehensive data sharing is founded on the premise of accreditation of data recipients (entities deemed trustworthy) and oversight by the Office of the National Data Commissioner, under the proposed act.

The draft bill announced today is open for a short period of public comment before it goes to parliament. It features a consultation paper alongside a disquieting consultants’ report about the bill. In this report, the consultants refer to concerns and “high inherent risk”, but unsurprisingly appear to assume things will work out.

Federal Minister for Government Services Stuart Roberts, who presided over the tragedy known as the RoboDebt scheme, is optimistic about the bill. He dismissed critics’ concerns by stating consent is implied when someone uses a government service. This seems disingenuous, given people typically don’t have a choice.

However, the bill does exclude some data sharing. If you’re a criminologist researching law enforcement, for example, you won’t have an open sesame. Experience with the national Privacy Act and other Commonwealth and state legislation tells us such exclusions weaken over time

Outside the narrow exclusions centred on law enforcement and national security, the bill’s default position is to share widely and often. That’s because the accreditation requirements for agencies aren’t onerous and the bases for sharing are very broad.

This proposal exacerbates ongoing questions about day-to-day privacy protection. Who’s responsible, with what framework and what resources?

Responsibility is crucial, as national and state agencies recurrently experience data breaches. Although as RoboDebt revealed, they often stick to denial. Universities are also often wide open to data breaches.

Proponents of the plan argue privacy can be protected through robust de-identification, in other words removing the ability to identify specific individuals. However, research has recurrently shown “de-identification” is no silver bullet.

Most bodies don’t recognise the scope for re-identification of de-identified personal information and lots of sharing will emphasise data matching.

Be careful what you ask for

Sharing may result in social goods such as better cities, smarter government and healthier people by providing access to data (rather than just money) for service providers and researchers.

That said, our history of aspirational statements about privacy protection without meaningful enforcement by watchdogs should provoke some hard questions. It wasn’t long ago the government failed to prevent hackers from accessing sensitive data on more than 200,000 Australians.

It’s true this bill would ostensibly provide transparency, but it won’t provide genuine accountability. It shouldn’t be taken at face value.




Read more:
Seven ways the government can make Australians safer – without compromising online privacy


The Conversation


Bruce Baer Arnold, Assistant Professor, School of Law, University of Canberra

This article is republished from The Conversation under a Creative Commons license. Read the original article.