Menu
LEGAL CLINIC: The Net worth of getting personal

LEGAL CLINIC: The Net worth of getting personal

All of you know that information is valuable, particularly details regarding your customers, and in turn, their customers. As a consequence of the quest to make money out of the Internet, the following issues have become very contentious:

1. The collection of information about Internet surfers without their knowledge or consent;

2. The use of cookie technology;

3. The development of undetectable information tracking devices. One of the more recent information tracking devices is the "Web bug" or "1-pixel gif". Unlike cookies, however, Web bugs are difficult to detect because anti-cookie filters do not catch them. One of the benefits of the devices is their ability to store passwords and log on information;

4. The use of collected information to build up consumer profiles of individuals to produce targeted advertising.

Obviously, advertising agencies and Web site owners find this technology extremely valuable for marketing, assessing the effectiveness and popularity of their current and future advertisements and Web sites. Many have insisted that the identities of site visitors remain anonymous and that information collected remains private, even if evidence suggests these claims are somewhat overstated. Privacy advocates however, have become increasingly concerned with the collection of private information about individuals' knowledge, and further, with the actual or potential linking of an individual's surfing habits to personal information (eg, an e-mail address). This has led to the commencement of litigation in the US alleging the secret collection and subsequent use of the personal information of Internet users.

The "DoubleClick" case

The concern about the linking of general surfing information with an individual's personal information has been a key reason for the commencement of litigation against the US corporation, DoubleClick.

In November 1999, DoubleClick purchased Abacus Direct, a company possessing detailed consumer profiles on more than 90 per cent of US households. Out of this arose the very real possibility that the merging of Abacus' consumer databases with DoubleClick's Internet databases would result in DoubleClick linking information about individual's surfing habits with their personal identifying information.

After the merger, several private suits were filed against DoubleClick claiming that DoubleClick's cookies secretly tracked users' activities on the Internet and collected personal information, and in February the state Attorney-General of Michigan also commenced proceedings against the company, claiming it had violated consumer protection laws.

In response to public concerns over DoubleClick's merger with Abacus, DoubleClick has announced that it will not link its Internet data with Abacus' consumer data until the government and industry agree upon privacy standards.

The Australian response

The Commonwealth Privacy Amend-ment (Private Sector) Bill 2000, which amends the Commonwealth Privacy Act 1988, has been introduced into Federal Parliament. The Bill will become law 12 months after royal assent and contains requirements for organisations collecting and dealing with personal information. Amongst other things, the Bill sets out for organisations that collect personal information:

1. Standards for the collection, use, disclosure and storage of the information;

2. Requirements for maintaining the quality and security of the data held and the anonymity of individuals dealing with the organisation;

3. The requirement to set out the organisation's policy for the management of the information;

4. The requirement to provide individuals with access to any of their personal information held by those organisations; and

5. Restrictions on transfer of information (collectively, the "Principles").

If the Bill is enacted in its present form, its provisions will apply to "organisations" which includes individuals acting in a business capacity, companies, partnerships, other unincorporated associations and trusts, but does not include businesses with an annual turnover of less than $3 million unless those businesses hold sensitive or health information or collect or disclose personal information for a benefit, are contracted to provide a service to the Commonwealth or are prescribed by legislation as being covered by the Bill.

Organisations covered by the Bill must not breach any of the Principles in relation to personal information relating to the individual or, if the organisation is bound by an approved privacy code in relation to the personal information, the organisation must not breach the approved privacy code.

The way forward

The Bill has not yet been passed into law by Parliament. If the Bill becomes law and the law applies to your organisation, you may be required to modify your information collection procedures, and if it is not "necessary" for you to collect certain information, you will no longer be permitted to collect it. You may be restricted in your use and disclosure of collected information. You will be required to formulate a new, or update your existing, privacy policy and publicise that policy. You may also need to modify or expand your security arrangements with respect to collected information and you will probably be required to provide individuals with access to their personal information. In the meantime, it would be advisable to adopt a clear and open policy about your organisation's collection of personal information and/or use of personal information tracking devices and ensure that individuals whose information you hold are aware of what information is collected, how it is used, stored and disclosed and how can it be accessed and updated by them.

(With thanks to Fiona McGuire, solicitor, Barker Gosling. The material contained in this article is no more than general comment. Readers should not act on the basis of this material without professional advice relating to their particular circumstance.)

Mark Addison is IT partner at Barker Gosling Lawyers. Contact him at maddison@nsw.bglaw.com.au


Follow Us

Join the newsletter!

Error: Please check your email address.
Show Comments