0 Comments |  Legal matters |  PRINT | 

I spy with my little…FBI!

Monday, 20 January 2014 | By Vanessa Emilio

Have you heard the latest about website privacy policies?


Have you heard that the latest draft Australian privacy laws will soon want you to advise your visitors where you may be sending their information, including if you send it overseas using a service provider located in another country?


Thanks to the US and its far-reaching access to other country’s information, this new proposed requirement may come as no surprise to any frequent internet user (or anyone watching the news frankly!). The US seems to have been ‘breaching’ normal privacy laws of other countries for some time, with the FBI accessing information from Australia as well as other countries.


In other words, this means that personal information obtained by your website about your customers and even some visitors may be shared with a US government entity if, for example, you use a US service provider. And you have little control over this happening.


In addition, if the FBI decides to access your own personal information from a US website that you may have used yourself, you do not have the right to be advised of such and cannot object! However, they do inform us that if, in fact, for some reason, they did decide to access this information, it would remain strictly confidential. Hmmm ... so that makes it okay?


Personal information in other countries – and the use thereof


Other countries have varying regulations relating to the taking and use of personal information.


For example, the US patriot and anti-terrorism law gives the FBI extensive investigative powers in many aspects of life and business, including the power to use personal information collected on websites.


The UK on the other hand, is more protective of personal information and requires website owners to advise each visitor of any cookies being dropped on a visitor’s browser collecting information about their use of the site.


New Australian draft regulations regarding privacy policies:


  • New Australian draft regulations, which would require users be informed specifically on how their information is used and stored, does not fit in with US requirements. These new proposed laws are very privacy-oriented and require a website that collects personal information to be completely transparent in how that particular data is collected, stored, used, and if it is shared, to inform the user that their information will be shared.

  • This new draft Australian regulation goes as far as stating that if this information is shared with someone overseas, this needs to be made clear in a privacy policy. Apparently, this law aims to protect consumers’ rights to data protection.


It is quite difficult to reconcile this need to inform customers exactly how their information is used if the material is then shared with a US service provider, and then potentially being used secretly by the FBI.


Stay with me here!


Now, somewhere in the clouds, there are still other issues


Another issue that needs to be considered in conjunction with the protectionist stance of Australian privacy policies is the implication caused by cloud services and where the data is stored exactly.


Cloud services including Facebook, Dropbox, Google, Gmail and Hotmail are perhaps the most pervasive examples of storing information somewhere out in the internet world. However, the problem with this is that there are multiple servers across the world that they all use, where different privacy laws apply.


How can you know exactly where your information may be stored on cloud services, and in turn, you may then not be complying with Australian requirements to notify your customers. So how can you be expected to manage this?


You need to know what your website business does and what you collect as well as what the service providers you employ do and store your website information. This is continuing to become a bigger issue that is being transferred by governments and regulators to individual internet business owners.


So, what does this mean for my website?


Quite apart from being alarming, this proposed law poses problems for Australian website privacy policy requirements and how you may decide to set up your online business.


Australia is now trying to ensure that any website that uses US or other country’s services, notifies their visitors to enable them to make an ‘informed’ decision (or at least are aware) when they are using your website. This may affect how and where you source your service providers for your business. So…


Be aware!


Conduct due diligence in investigating how information is stored and shared, both by your website and your potential service providers before deciding on who to use. Then you can attempt to ensure your privacy policy covers all potential issues and any changes that may arise by the constantly moving Australian privacy laws.


More information on these changes is available at the Office of the Australian Information Commissioner website.