3. “Freedom from being observed or
disturbed by others.”
“The ability to control information
about oneself to others.”
“Who can, and how can others access
information about you.”
6. “Any collecting or processing of personal data,
whether identifiable or not, for the purposes of
influencing or managing those whose data have
been gathered.”
Surveillance Society: Monitoring Everyday Life (2001)
D. Lyon, Buckingham: Open University Press.
7. What Are Some Emerging
Technology Trends That Deal With
Privacy?
8. Technology Trends That
Deal With Privacy…
• Mary Meeker is a General Partner at Kleiner Perkins
Caulfield Byers who publishes the Internet Trends
Report each year.
• Kleiner Perkins Caulfield Byers is an American
venture capital firm formed in 1972.
• They have raised $10 Billion in funds to date and
have invested in:
• Google.
• Twitter.
• AirBnB.
• Snapchat.
• Uber.
• Sound Cloud.
• Nest.
• Waze.
• And many, many more…
9.
10. Technology Trends That
Deal With Privacy…
• In the 2014 Internet Trends Report, Meeker
explained:
• That cybersecurity threats are on the rise.
• Instant sharing and communication will
“make world better / safer place but potential
impact to personal privacy will remain on-
going challenge.”
• In the 2016 Internet Trends Report , Meeker
explained:
• That “as data explodes...data security
concerns [will also] explode.”
• In the 2017 Internet Trends Report, Meeker
explained:
• That the cloud will accelerating change
creating “more applications and more
vulnerabilities.”
11. “In the tangible world, physical limitations prevent the
broad abuse of the law... Should the same laws
automatically apply to the digital world where a few lines
of code can unlock someone’s entire life?”
Adam Ghetti, Founder & CEO of Ionic Security,
2016
12. What Are Some Types Of Emerging
Technologies That Influence The
Field Of Privacy?
13. Types Of Emerging Technologies
That Influence The Field Of
Privacy…
Technology moves beyond the physical:
• Drones.
• Eye in the sky.
• Social media/real time sharing.
• Facebook Live.
• Snapchat.
• Big (meta) data.
• Private company data retention.
• Internet Of Things (IoT).
• Medical.
• Etc.
14. Why Is Privacy Important For
Society To Consider, Especially In
The Field Of Emerging Medical
Technology?
15.
16.
17.
18. Importance Of Privacy…
• Privacy can be invaded, especially with
technology.
• Invasion is the unwelcomed intrusion by
another.
Four types of invasion:
• Intrusion upon the plaintiff’s seclusion or
solitude, or into his private affairs.
• Public disclosure of embarrassing private facts
about the plaintiff.
• Publicity which places the plaintiff in a false
light in the public eye.
• Appropriation (misuse), for the defendant’s
advantage, of the plaintiff’s name or likeness.
From: Privacy (1960) William L. Prosser, California Law Review
Volume 48, Issue 3.
19. Importance Of Privacy…
• Newspapers have invaded the private
precincts of private and domestic life.
• The press is overstepping the bounds of
propriety and decency.
• Gossip has become a trade thereby lowering
social standards and morality.
• When personal gossip attains the dignity of
print, and crowds the space available for
matters of real interest to the community,
what wonder that the ignorant and
thoughtless mistake its relative importance.
• An individual should have full protection of
the law.
From: The Right to Privacy (1890) Harvard Law Review.
20. What Are Some Types Of Emerging
Medical Technologies That
Influence The Field Of Privacy?
.
21. Types Of Emerging Medical
Technologies That Influence The
Field Of Privacy…
• Activity/health tracking.
• Cheap genomic sequencing.
• Disease susceptibility.
• Personalized medicine.
• Gut microbe tests.
• Family history test.
• Cloning .
• Euthanasia.
• Life extension.
• Genetic engineering (modification).
• Synthetic biology .
• Quantified self.
• That’s just the beginning…
22. What Are Some Ethical And
Regulatory Privacy Issues Emerging
Technologies Give Rise To?
23. Ethical And Regulatory Privacy
Issues…
• Activity tracking data, diet information,
genome and family history can (and will)
accurately determine disease risk and
propensity.
• However genetic information is very sensitive.
• The rapid developments in medical technology
raises several of ethical and regulatory privacy
issues for emerging technologies:
• Contract (and consent.)
• Power Attorney/Advance Care Directives
(contract and consent).
• Ownership of property/Intellectual
Property.
• Defamation.
• What else?
24. What Are The Current International
And Domestic Frameworks That
Regulate Privacy, In Particular For
Emerging Technology?
25. Domestic Privacy
Laws…
Photography
• There are no general restrictions on the
taking of photographs or film in a public
place or from a public place.
• However cannot be indecent, of a child
in a provocative or sexual manner, be
used for voyeurism, protected by a court
order (eg. child custody or witness
protection), defamatory or being for
commercial purposes.
26. Domestic Privacy
Laws…
Recording Devices
• Recording private conversations is
prohibited, unless in the course of duty
of that person, in the public interest or
for the protection of the lawful interests
of that person.
• Listening and Surveillance Devices Act
1972 (SA).
27. International
Regulations…
• The United Nations General Assembly adopted
resolution 68/167 in 2013, "which expressed
deep concern at the negative impact that
surveillance and interception of
communications may have on human rights."
• "The General Assembly affirmed that the rights
held by people offline must also be protected
online."
• "The General Assembly called on all States to
review their procedures, practices and
legislation related to communications
surveillance, interception and collection of
personal data and emphasized the need for
States to ensure the full and effective
implementation of their obligations under
international human rights law."
28. Recall that a Treaty is:
“An agreement between States and
Nations."
29. • Not between Citizens or between a Nations States and Territories.
• They serve as a way to practice stable and organized international
relations.
• Binding at international law.
• A contract (contracts needs intent).
• It is consent-based governance.
• A State can only abide and enforce a treaty by if they consented.
• If they didn’t consent then they can ignore it.
• Ratification means confirmation.
• This maintains State sovereignty (independence).
• No State prosecutes treaties unless it's after a major war like WWI or
WWII.
• Reality is national shaming, sections, diplomats etc.
• Creates issues for Regulating Technology!
Two types:
• Bilateral treaty – between two States.
• Multilateral treaty – between many States (UN Chatter).
30. Treaties help:
• Create alliances in an interdependent,
globalized, tech enabled work.
• With international issues that cannot be
solved by States alone.
• Maintain State sovereignty (independence).
• With Australian national interests.
• Middle ranking power with finite negotiating
resources.
• Military and economical stake so we are not
vulnerable.
• Geo-isolation and population size means we
benefit.
31. • Space.
• Post.
• Shipping.
• Defence.
• Nuclear non-proliferation.
• Environment.
• Civil aviation.
• War.
• Sea and maritime boundaries.
• Human rights.
• World heritage.
• Terrorism.
• Drug trafficking.
• Border protection.
• Refugees and asylum seekers.
• International organisations.
• Etc…
Some areas regulated by Treaties:
32. Treaties are established (very simply) by:
1. Power to enter into treaties is granted under s51 and s61 of
The Australian Constitution.
2. In the jurisdiction of Executive not Legislature (Parliament).
• Signed then tabled at Parliament to discuss the benefits and
effects of and obligations on Australia and required
implementation.
• Consultation with States and Territories, industry and other
interest groups.
3. Ratification makes the treaty binding, but in domestically.
4. News domestic laws are not required.
• If current legislation is adequate, then no domestic laws are
created.
• If current legislation is inadequate, then commonwealth to state
laws are created.
5. Implementation through Executive action.
33. Universal Declaration of
Human Rights…
• Humans have non-binding rights.
• Not a treaty, so it does not directly
create legal obligations for countries.
• Only an expression of the fundamental
values which are shared by all members
of the international community.
• Similar rights granted by Magna Carta
and the Rule of Law.
34. What Are The Current International
And Domestic Frameworks That
Regulate Privacy, In Particular For
Emerging Medical Technology?
35. Domestic Regulatory Frameworks…
Common Law
Law of Contract requires:
• 1. Intention of the parties to create a legal relationship.
• 2. An offer by one party and the acceptance of the offer by
the other.
• 3. Valuable consideration – must be worth something.
• 4. Legal capacity of the parties.
• 5. Genuine consent given by the parties.
• 6. Legality of the objects & public policy party.
36. Domestic Regulatory Frameworks…
• However, there is no common law right to privacy in Australia.
• Just because a private organization or individual has information stored about you,
doesn’t automatically mean you get access to it - Breen v Williams (1996) 186 CLR
71:
• Contract Law does not give rise to access of personal medical records.
• May not be in the patient’s best interest, as it could cause undue worry.
• Doctor owns the physical property of personal medical records.
• Doctor owns the intellectual property (copyright) of personal medical records.
• However a fiduciary duty means doctor cannot profit from personal medical
records.
• No “right to know” for a patient.
37. Domestic Regulatory Frameworks…
• Regardless, the common law of defamation may help.
• Defamation is when a reputation has been wrongfully
attacked to a third party, either by:
• Slander (spoken).
• Libel (written).
• Everyone is presumed to have a good charter until proven
otherwise.
38. Domestic Regulatory Frameworks…
Domestic Statutes
• There is currently no legislation in South Australia creating a general right
to privacy.
• However Australian (Commonwealth) Legislation gives a right to privacy.
• The Privacy Act 1988 (Cth) and Freedom of Information Act 1982
• “Governments are increasingly collecting information about people and
making decisions based on that information.”
• The Privacy Act 1988 (Cth) sets out rules of conduct in regards to privacy,
called Australian Privacy Principles (different than the “Nine Principles of
Privacy” (later)).
39. Domestic Regulatory Frameworks…
Domestic Statutes…
• “The Australian Privacy Principles set out how Commonwealth public
sector agencies and private sector organisations should collect, use, keep
secure and disclose personal information.”
• Standards mean that organizations need to:
• Be open and transparent.
• Provide notice about collection (Privacy Policy etc.)
• How information will be used.
• Have integrity and security of information.
• Provide access…
40. Domestic Regulatory Frameworks…
Domestic Statutes…
• Provide the standards for:
• Commonwealth agencies.
• Not-for profits with an annual turnover of more than $3 million.
• All health service providers regardless of turnover.
• Government contractors.
• Some small businesses (selling personal information, residential
tenancy, credit reporting, employee association, ballots, etc.) with an
annual turnover of $3 million or less.
41. Domestic Regulatory Frameworks…
• A Power of Attorney is a document that gives a person (called
either the donee, attorney or appointee) the power to act on
behalf of the person or company who gives the power (called
the donor, principal or appointor.”
• Power of Attorney is regulated under the Powers of Attorney
and Agency Act 1984 (SA) and the Advance Care Directives Act
2013 (SA).
• An Advance Care Directive sets out the wishes for an
individual’s future healthcare by an attorney.
42. Who Has Access To Your Medical
Data And How To Obtain Your Data?
43. Domestic Regulatory Frameworks…
• Unlike Breen v Williams (1996) 186 CLR 71 Freedom of Information Act
1982 (Cth) allows people to have access to, and control of information
that is collected about them by Commonwealth agencies etc.
• Under the Australian Privacy Principles a person has the right to access
and correct incorrect medical records, transfer of information about you
need to be with your knowledge, others cannot arbitrarily access your
medical data. Etc.
• Unless under exception:
• Before 21 December 2001 causing administrative burden, secrecy,
personal affairs, crown solicitor, parole board etc.
45. Who Are The Various Stakeholders
That Influence The Development Of
Legal Regulation Of Emerging
Medical Technologies?
46. Stakeholders That Influence The Development
Of Regulation Emerging Medical Technology…
International Regulators
• United Nations.
Domestic Regulators
• The Australian Executive (Department of Industry, Innovation and Science).
• Parliament of Australia.
Entrepreneurs, designers, manufacturers, developers & their legal entities
• 23andMe.
• Fitbit.
• Etc.
Domestic community
Health insurers or health plan administrators
Employers
Who else?
47. Activity
• The Patient gains a DNA genetic test from a USA based DNA genetic testing company to sequence their
genome. The DNA genetic testing company sells the Patients personalised data to an Australian Health Insurer.
The Australian Health Insurer denies the Patient health insurance as the Patient has an extreme risk for heart
disease (optional: and USA based DNA genetic testing company also sells that information of to the Patients
Employer.)
• Represent one stakeholder group from before: Patient.
– Patient.
– DNA genetic testing company.
– Australian Health Insurer.
– Commonwealth/State regulator.
– Employer (optional: if enough groups.)
• Determine your stakeholder groups interests (15 minutes).
• Create a law based on International treaties and Australian domestic law that regulates privacy DNA genetic
test of taking into consideration your stakeholder groups interests (15 minutes).
– Consider contract, consent, defamation and property laws as well as privacy ideals.
• Discuss if this is mutually beneficial for all stakeholder groups (15 minutes).
48. Are The Current International And
Domestic Frameworks That
Regulate Privacy Adequate And
Relevant For Emerging Medial
Technologies?
49. Adequacy And
Relevance…
Nine Principles of Privacy:
• Principle 1: Privacy is a fundamental value worthy of legal
protection.
• Principle 2: There is a public interest in protecting privacy.
• Principle 3: Privacy should be balanced with other
important interests.
• Principle 4: Australian privacy laws should meet
international standards.
• Principle 5: Privacy laws should be adaptable to
technological change.
• Principle 6: Privacy laws should be clear and certain.
• Principle 7: Privacy laws should be coherent and
consistent.
• Principle 8: Justice to protect privacy should be accessible.
• Principle 9: Privacy protection is an issue of shared
responsibility.
From: Serious Invasions of Privacy in the Digital Era (2014) ALRC
Report 123, pp.9-14.
50. Adequacy And
Relevance…
• Principle 5: Privacy laws should be
adaptable to technological change”
• “The design of any legal privacy
protection should be sufficiently flexible
to adapt to rapidly changing
technologies and capabilities, without
needing constant amendments. At the
same time, laws should be drafted with
sufficient precision and definition to
promote certainty as to their application
and interpretation.”
• Serious Invasions of Privacy in the Digital
Era (2014) ALRC Report 123,p.36
51. Adequacy And Relevance…
What is GINA?
• The Genetic Information Nondiscrimination
Act of 2008.
• USA only.
What GINA does?
• GINA prevents discrimination of health
coverage and employment, particularly by
health insurers or health plan administrators,
based on genetic information such as genetic
tests (including family members, foetus) for
disease or disorders.
52. More Questions…
• Does the direct to consumer market mean data is more easily disclosed
and sold?
• Is this the wild west?
• Does the “handover” waypoint change ownership.
• What standards should private and international companies be held to?
• Are the Privacy Principle Recommendations enough?