Privacy In Emerging Technology

What Is Privacy?

“Freedom from being observed or disturbed by others.” “The ability to control information about oneself to others.” “Who can, and how can others access information about you.”

What Is Surveillance?

“Close observation, especially for a particular purpose.”

“Any collecting or processing of personal data, whether identifiable or not, for the purposes of influencing or managing those whose data have been gathered.” Surveillance Society: Monitoring Everyday Life (2001) D. Lyon, Buckingham: Open University Press.

What Are Some Emerging Technology Trends That Deal With Privacy?

Mary Meeker is a General Partner at Kleiner Perkins Caulfield Byers who publishes the Internet Trends Report each year.

Kleiner Perkins Caulfield Byers is an American venture capital firm formed in 1972.

They have raised $10 Billion in funds to date and have invested in:

Google.
Twitter.
AirBnB.
Snapchat.
Uber.
Sound Cloud.
Nest.
Waze.
And many, many more…

In the 2014 Internet Trends Report, Meeker explained:

That cybersecurity threats are on the rise.
Instant sharing and communication will “make world better / safer place but potential impact to personal privacy will remain on- going challenge.”

In the 2016 Internet Trends Report , Meeker explained:

That “as data explodes…data security concerns [will also] explode.”

In the 2017 Internet Trends Report, Meeker explained:

That the cloud will accelerating change creating “more applications and more vulnerabilities.”

“In the tangible world, physical limitations prevent the broad abuse of the law… Should the same laws automatically apply to the digital world where a few lines of code can unlock someone’s entire life?” Adam Ghetti, Founder & CEO of Ionic Security, 2016

What Are Some Types Of Emerging Technologies That Influence The Field Of Privacy?

Technology moves beyond the physical:

Drones.

Eye in the sky.

Social media/real time sharing.

Facebook Live.
Snapchat.

Big (meta) data.

Private company data retention.

Internet Of Things (IoT).

Medical.

Etc.

Why Is Privacy Important For Society To Consider, Especially In The Field Of Emerging Medical Technology?

Privacy can be invaded, especially with technology.

Invasion is the unwelcomed intrusion by another.

Four types of invasion:

Intrusion upon the plaintiff’s seclusion or solitude, or into his private affairs.
Public disclosure of embarrassing private facts about the plaintiff.
ublicity which places the plaintiff in a false light in the public eye.
Appropriation (misuse), for the defendant’s advantage, of the plaintiff’s name or likeness.

From: Privacy (1960) William L. Prosser, California Law Review Volume 48, Issue 3.

Importance Of Privacy…

Newspapers have invaded the private precincts of private and domestic life.
The press is overstepping the bounds of propriety and decency.
Gossip has become a trade thereby lowering social standards and morality.
When personal gossip attains the dignity of print, and crowds the space available for matters of real interest to the community, what wonder that the ignorant and thoughtless mistake its relative importance.
An individual should have full protection of the law.

From: The Right to Privacy (1890) Harvard Law Review.

What Are Some Types Of Emerging Medical Technologies That Influence The Field Of Privacy?

Activity/health tracking.
Cheap genomic sequencing.
Disease susceptibility.
Personalized medicine.
Gut microbe tests.
Family history tests.
Cloning .
Euthanasia.
Life extension.
Genetic engineering (modification).
Synthetic biology.
Quantified self.
That’s just the beginning…

What Are Some Ethical And Regulatory Privacy Issues Emerging Technologies Give Rise To?

Activity tracking data, diet information, genome and family history can (and will) accurately determine disease risk and propensity.

However genetic information is very sensitive.

The rapid developments in medical technology raises several of ethical and regulatory privacy issues for emerging technologies:

Contract (and consent.)
Power Attorney/Advance Care Directives (contract and consent).
Ownership of property/Intellectual Property.
Defamation.
What else?

What Are The Current International And Domestic Frameworks That Regulate Privacy, In Particular For Emerging Technology?

Photography

There are no general restrictions on the taking of photographs or film in a public place or from a public place.
However cannot be indecent, of a child in a provocative or sexual manner, be used for voyeurism, protected by a court order (eg. child custody or witness protection), defamatory or being for commercial purposes.

Recording Devices

Recording private conversations is prohibited, unless in the course of duty of that person, in the public interest or for the protection of the lawful interests of that person. Listening and Surveillance Devices Act 1972 (SA).

International Regulations…

The United Nations General Assembly adopted resolution 68/167 in 2013, “which expressed deep concern at the negative impact that surveillance and interception of communications may have on human rights.”
“The General Assembly affirmed that the rights held by people offline must also be protected online.”
“The General Assembly called on all States to review their procedures, practices and legislation related to communications surveillance, interception and collection of personal data and emphasized the need for States to ensure the full and effective implementation of their obligations under international human rights law.”

A Treaty is: “An agreement between States and Nations.”

Not between Citizens or between a Nations States and Territories.
They serve as a way to practice stable and organized international relations.
Binding at international law.
A contract (contracts needs intent).
It is consent-based governance.
A State can only abide and enforce a treaty by if they consented.
If they didn’t consent then they can ignore it.
Ratification means confirmation.
This maintains State sovereignty (independence).
No State prosecutes treaties unless it’s after a major war like WWI or WWII.
Reality is national shaming, sections, diplomats etc.
Creates issues for Regulating Technology!

Two types:

Bilateral treaty – between two States.
Multilateral treaty – between many States (UN Chatter).

Treaties help:

Create alliances in an interdependent, globalized, tech enabled work.
With international issues that cannot be solved by States alone.
Maintain State sovereignty (independence).
With Australian national interests.
Middle ranking power with finite negotiating resources.
Military and economical stake so we are not vulnerable.
Geo-isolation and population size means we benefit.

Some areas regulated by Treaties:

Space.
Post.
Shipping.
Defence.
Nuclear non-proliferation.
Environment.
Civil aviation.
War.
Sea and maritime boundaries.
Human rights.
World heritage.
Terrorism.
Drug trafficking.
Border protection.
Refugees and asylum seekers.
International organisations.
Etc…

Treaties are established (very simply) by:

Power to enter into treaties is granted under s51 and s61 of The Australian Constitution.
In the jurisdiction of Executive not Legislature (Parliament).
Signed then tabled at Parliament to discuss the benefits and effects of and obligations on Australia and required implementation.
- Consultation with States and Territories, industry and other interest groups.
- Ratification makes the treaty binding, but in domestically.
New domestic laws are not required.
- If current legislation is adequate, then no domestic laws are created.
- If current legislation is inadequate, then commonwealth to state laws are created.
Implementation through Executive action.

Universal Declaration of Human Rights…

Humans have non-binding rights.
Not a treaty, so it does not directly create legal obligations for countries.
Only an expression of the fundamental values which are shared by all members of the international community.
Similar rights granted by Magna Carta and the Rule of Law.

What Are The Current International And Domestic Frameworks That Regulate Privacy, In Particular For Emerging Medical Technology?

Domestic Regulatory Frameworks…

Common Law Law of Contract requires:
Intention of the parties to create a legal relationship.
An offer by one party and the acceptance of the offer by the other.
Valuable consideration – must be worth something.
Legal capacity of the parties. Genuine consent given by the parties.
Legality of the objects & public policy party.

However, there is no common law right to privacy in Australia.

Just because a private organization or individual has information stored about you, doesn’t automatically mean you get access to it – Breen v Williams (1996) 186 CLR 71:

Contract Law does not give rise to access of personal medical records.
May not be in the patient’s best interest, as it could cause undue worry.
Doctor owns the physical property of personal medical records.
Doctor owns the intellectual property (copyright) of personal medical records.
However a fiduciary duty means doctor cannot profit from personal medical records.
No “right to know” for a patient.

Regardless, the common law of defamation may help.

Defamation is when a reputation has been wrongfully attacked to a third party, either by:

Slander (spoken).
Libel (written).

Everyone is presumed to have a good charter until proven otherwise.

Domestic Statutes

There is currently no legislation in South Australia creating a general right to privacy.

However Australian (Commonwealth) Legislation gives a right to privacy.

The Privacy Act 1988 (Cth) and Freedom of Information Act 1982

“Governments are increasingly collecting information about people and making decisions based on that information.”

The Privacy Act 1988 (Cth) sets out rules of conduct in regards to privacy, called Australian Privacy Principles (different than the “Nine Principles of Privacy” (later)).

“The Australian Privacy Principles set out how Commonwealth public sector agencies and private sector organisations should collect, use, keep secure and disclose personal information.”

Standards mean that organizations need to:

Be open and transparent.
Provide notice about collection (Privacy Policy etc.)
How information will be used.
Have integrity and security of information.
Provide access…

Provide the standards for:

Commonwealth agencies.
Not-for profits with an annual turnover of more than $3 million.
All health service providers regardless of turnover.
Government contractors.
Some small businesses (selling personal information, residential tenancy, credit reporting, employee association, ballots, etc.) with an annual turnover of $3 million or less.

A Power of Attorney is a document that gives a person (called either the donee, attorney or appointee) the power to act on behalf of the person or company who gives the power (called the donor, principal or appointor.”

Power of Attorney is regulated under the Powers of Attorney and Agency Act 1984 (SA) and the Advance Care Directives Act 2013 (SA). • An Advance Care Directive sets out the wishes for an individual’s future healthcare by an attorney.

Who Has Access To Your Medical Data And How To Obtain Your Data?

Unlike Breen v Williams (1996) 186 CLR 71 Freedom of Information Act 1982 (Cth) allows people to have access to, and control of information that is collected about them by Commonwealth agencies etc.

Under the Australian Privacy Principles a person has the right to access and correct incorrect medical records, transfer of information about you need to be with your knowledge, others cannot arbitrarily access your medical data. Etc.

Unless under exception:

Before 21 December 2001 causing administrative burden, secrecy, personal affairs, crown solicitor, parole board etc.

Case Study – Medical Records

Who Are The Various Stakeholders That Influence The Development Of Legal Regulation Of Emerging Medical Technologies?

International Regulators

United Nations.

Domestic Regulators

The Australian Executive (Department of Industry, Innovation and Science).
Parliament of Australia.

Entrepreneurs, designers, manufacturers, developers & their legal entities

23andMe.
Fitbit.
Etc.

Domestic community

Health insurers or health plan administrators
Employers
Who else?

Activity

The Patient gains a DNA genetic test from a USA based DNA genetic testing company to sequence their genome. The DNA genetic testing company sells the Patients personalised data to an Australian Health Insurer. The Australian Health Insurer denies the Patient health insurance as the Patient has an extreme risk for heart disease (optional: and USA based DNA genetic testing company also sells that information of to the Patients Employer.)
Represent one stakeholder group from before: Patient. – Patient. – DNA genetic testing company. – Australian Health Insurer. – Commonwealth/State regulator. – Employer (optional: if enough groups.) • Determine your stakeholder groups interests (15 minutes).
Create a law based on International treaties and Australian domestic law that regulates privacy DNA genetic test of taking into consideration your stakeholder groups interests (15 minutes). – Consider contract, consent, defamation and property laws as well as privacy ideals.
Discuss if this is mutually beneficial for all stakeholder groups (15 minutes).

Are The Current International And Domestic Frameworks That Regulate Privacy Adequate And Relevant For Emerging Medial Technologies?

Nine Principles of Privacy:

Principle 1: Privacy is a fundamental value worthy of legal protection.
Principle 2: There is a public interest in protecting privacy.
Principle 3: Privacy should be balanced with other important interests.
Principle 4: Australian privacy laws should meet international standards.
Principle 5: Privacy laws should be adaptable to technological change.
Principle 6: Privacy laws should be clear and certain.
Principle 7: Privacy laws should be coherent and consistent.
Principle 8: Justice to protect privacy should be accessible.
Principle 9: Privacy protection is an issue of shared responsibility.

From: Serious Invasions of Privacy in the Digital Era (2014) ALRC Report 123, pp.9-14.

Adequacy And Relevance…

Principle 5: Privacy laws should be adaptable to technological change”
“The design of any legal privacy protection should be sufficiently flexible to adapt to rapidly changing technologies and capabilities, without needing constant amendments. At the same time, laws should be drafted with sufficient precision and definition to promote certainty as to their application and interpretation.”
Serious Invasions of Privacy in the Digital Era (2014) ALRC Report 123,p.36

What is GINA?

The Genetic Information Nondiscrimination Act of 2008.
USA only.

What GINA does?

GINA prevents discrimination of health coverage and employment, particularly by health insurers or health plan administrators, based on genetic information such as genetic tests (including family members, foetus) for disease or disorders.