Lawmakers struggling to keep up with digital world
OPINION: So far 2018 has been an annus horriblis for Facebook. The Cambridge Analytica data breach findings keep on getting bigger and bigger. Now a #deletefacebook movement is gaining force and CEO Mark Zuckerberg has been grilled by the Senate for two days.
I’ve listened to a decent whack of the Zuckerberg tapes, and three things stand out.
First, how little apparently educated Congress-people understand about Facebook’s business model.
Second, how often Zuckerberg deferred to his army of advisers on data plumbing issues.
Third, the extent to which Facebook had provided open slather on raw data to thousands of application developers.
Many of the congressional members referenced the EU’s General Data Protection Regulation (GDPR), which comes into effect in May. GDPR sets a new ‘‘ground zero’’ around privacy regulation for Europeans, and for anyone who does business with Europeans (including New Zealand companies).
This new European law will take effect at the same time as the new Privacy Bill starts its journey through our Parliament. It’s been a long time coming.
Way back in 2011, I was one of a number of people asked to provide comments on a Law Commission review of the Privacy Act. The review itself had been floating around in various forms for five years prior to that.
At the time, it seemed surprising that the Government would allow such sluggish trajectory on such a vital area. Sluggish slowed to glacial, as it’s taken a further seven years for the Privacy Bill to enter the House.
The bill aims to modernise the 25-year-old Privacy Act and implement many of the commission’s 2011 recommendations. Which is great, except it might result in a piece of legislation that would have provided a pretty good approach to the privacy environment of 2012.
Back then, Facebook had 550 million users and the majority of New Zealanders still used dial-up.
Significantly, the massive data breaches of the past few years – like eBay’s breach of 145 million accounts, Facebook’s breach of 87 million and Yahoo’s massive breach of 3 billion – had yet to occur. Clearly time has moved on.
Rather than wait around for officials to further postpone progress on the Privacy Bill, Justice Minister Andrew Little has wisely decided to at least get it into the House. However, it’s clear the bill will need a few tweaks.
First, it needs to have a proper ‘‘right to be forgotten’’. This right is built into GDPR already. It means you can ask to have certain data deleted so that third parties can no longer track you, and gives you the ability to have personal data and images deleted from digital records.
Also, the Office of the Privacy Commissioner needs greater firepower. In Europe the equivalent office can deliver penalties of up to 4 per cent of a company’s revenue. In Australia it’s fines of up to $100,000 for individuals and $1 million for organisations.
Here in Aotearoa, Privacy Commissioner John Edwards has no real ability to enforce Privacy Act compliance, other than a frightening frown.
This stuff is not just important at an individual liberty level, it’s also a commercial issue.
Currently, New Zealand enjoys real competitive advantages when it comes to overnight processing of data, being one of the very few countries that the EU recognises as meeting their standards. We risk losing millions of dollars.
The real challenge now is to make the bill fit for 2020 then temper this with a round of consultation; all without losing momentum at a time when privacy has moved from the periphery to the core of public policy.
Otherwise it could go from annus horriblis for Facebook, to a pain in the butt for all of us.
❚ Mike ‘‘MOD’’ O’Donnell is a professional director, consultant and writer. His Twitter handle is @modsta and he’d like to have a frightening frown.