I have only looked at Choice’s response, and read the great contributions so far.
Access to tech: Making sure no-one is left behind. - I think that people with no “fixed abode” need to be mentioned as separate category. There is an inherent bias believing that everyone has a single address home. For example, the homeless don’t have access to the internet because 1. they can’t afford data plans, and 2. they have to find free wi-fi to connect. That’s limiting. The ones that do, only have a phone. Nothing with a larger screen to read or to be able to respond with.
Finance and General Insurance. There is a total power imbalance in this. The consumers have to disclose everything and be totally transparent, or have your loan/policy voided. Yet the businesses don’t have to disclose anything to the consumers about… well, anything really except the most rudimentary information. The information power imbalance needs to be redressed.
Consumer Data Right
Businesses should have to divulge and provide all the information (plus the derivatives and indicators this produces) that they hold about a consumer, whether they are a client or not.
Consumers should also have the absolute right to have any erroneous data held about them corrected or deleted as they choose.
There is nothing in there about a business “creating data” as opposed to collecting and storing real information. This could be done to discriminate/exclude.etc, or to facilitate/help/etc. This needs to be regulated and penalised.
There should also be protections which ensure that the data held actually pertains to the person it is held against. I have read of a case of mixed up phone bills where both the people had the same surname, first name and birthday day and month. They did have different middle names, and lived on opposite sides of Australia. Yet they were mixed up, and the onus was on them to prove that they weren’t who the biller erroneously claimed even though it was apparent at a glance.
We are expected to prove who we are when they call us, by giving our personal details, yet they are not required to prove who they are. Surely this too should be a two way street. There should be a way that they can pass some sort of validation (token) to us to prove who they are before we have to prove who we are.
Another thing that hasn’t been covered is the storage and backing up of our data. Where it is initially stored, are there copies, how it’s backed up, the security applied to the data, how long it’s stored, where it’s stored, jurisdictions etc… For example: if we give our data to an Australian based business, what happens if they store it in the cloud, or in a foreign country. What rights do we have with our data? What about if we give our data to a foreign business; do we have any rights at all? Can or would the Australian Government enforce any our data rights held by a foreign entity?
What about the linkage of data across Government Departments? Many years ago the idea was mooted to set up a Government data centre where all Department’s data would be merged and stored. With advances in technology, one day this may be feasible.
What rights do we have to oppose Government Departments sharing data as does the ATO and Centrelink? What about if the HRC shared data with other Government entities? What if Our Health Record shared data with Centrelink and the ATO? All of a sudden very sensitive and private matters could be open to view by people who have no need to see it. Many people will say if you have nothing to hide… etc, but equally many people would not want their data spread about.
There needs to be some sort of checks and balances process to go through before the Government can go ahead with such sharing.
Speaking of Government Departments, what rights do we have in relation to very poorly written computer programs unfairly discriminating against people, like RoboDebt did? Again there should be some checks and balances. What quality controls were implemented? What testing was carried out? What rights did the average person have to have a determination reviewed quickly?
Another thing to think about: The recent High Court determination that correspondence from a computer could not be relied on even though it came from an authoritative source, because no thinking had gone into it. How is a average person in the street to know if a computer generated letter has had thinking behind it or not? So when do we rely on a letter and when do we ignore it? It appears that the concept of ‘duty of care’ stops when a computer gets involved. Should ‘duty of care’ not extend to cover computer generated material?
Which leads me to ask: in the future will we see people in organisations hiding behind technology and refuse to accept responsibility for what the technology has been programmed to do (as happened in the ATO case)? Will we be able to rely on technology to do the right thing? My answer is no, we can’t rely on technology The thinking about human rights and technology must hold organisations’ most senior people accountable for organisation’s technology now and in the future.
Any appeal rights relating to our data need to external to the organisation in question to avoid perceived and potential bias. Internal reviews can be too easily manipulated to suit the organisation. Even external review organisations can get too close to those they are meant to monitor, as seen in the Financial Services Royal Commission. Therefore the external review entity must be completely independent and at arm’s length to those being being appealed against.
