Posts in category: Privacy Rules

As the use of technology becomes more prevalent in our daily lives, the importance of protecting our personal data, especially that of children, has become increasingly important.

In recent years, governments around the world have enacted laws to protect children’s data privacy, but there is still much work to be done. 

One of the most comprehensive data privacy laws for children is the Children’s Online Privacy Protection Act (COPPA), which was enacted in the United States in 1998.

COPPA requires websites and online services to obtain parental consent before collecting personal information from children under the age of 13. The law also requires websites to post a clear and concise privacy policy, which must explain what information is being collected, how it is being used, and how it will be shared. 

Additionally, COPPA requires websites to provide parents with the option to review and delete their child’s personal information. 

COPPA has been successful in protecting children’s data privacy, but there are concerns that the law is outdated and does not adequately address newer technologies such as social media and mobile apps. To address these concerns, the Federal Trade Commission (FTC), which enforces COPPA, has proposed updates to the law. These updates include expanding COPPA’s coverage to include social media platforms and mobile apps, as well as strengthening parental consent requirements. 

Other countries have also enacted data privacy laws for children. 

In the European Union, the General Data Protection Regulation (GDPR) includes specific provisions for the protection of children’s data privacy. The GDPR requires parental consent for the processing of children’s personal data up to the age of 16, although individual EU member states can choose to lower this age to 13. 

In Australia, the Privacy Act 1988 includes a set of 13 Australian Privacy Principles (APPs) that govern the handling of personal information by Australian government agencies and businesses. APP 5 specifically addresses the collection of personal information from children under the age of 18 and requires parental consent for such collection. 

Despite the existence of these laws, there are still concerns that companies are not doing enough to protect children’s data privacy.  

A 2019 study by the FTC found that many mobile apps aimed at children were collecting data without parental consent, and a 2020 study by the Norwegian Consumer Council found similar issues with popular social media platforms. 

It is important for parents and caregivers to be aware of these data privacy laws and to take steps to protect their children’s personal information. This includes reading privacy policies, reviewing app permissions, and talking to their children about online privacy. 

In conclusion, protecting children’s data privacy is crucial in today’s digital age. While laws such as COPPA and the GDPR have been enacted to address this issue, there is still much work to be done to ensure that companies are following these regulations and adequately protecting children’s personal information. Parents and caregivers can play a role in this by educating themselves and their children about online privacy and taking steps to protect their personal data. 

Further Reading: 

Federal Trade Commission (n.d.) Children’s Online Privacy Protection Rule: A Six-Step Compliance Plan for Your Business.

Federal Trade Commission. (2020). Complying with COPPA: Frequently Asked Questions.

European Commission. (2018). Data protection rules for children.

Employee Monitoring 

Employee monitoring refers to the use of different surveillance and data collection techniques by an employer. These techniques may include key cards, biometrics, and other electronic monitoring practices, as well as employee monitoring software (such as computer & workstation monitoring, internet & social media monitoring, video & audio monitoring, etc.). 

Most businesses maintain tabs on their workforce to improve employee concentration and productivity while ensuring data security by monitoring how and what information employees utilize. Based on what is being observed and whether the employee is aware that they are being tracked, these employee monitoring techniques can be roughly characterized as invasive or non-invasive. The main employee monitoring tools are discussed below. 

Computer and workstation monitoring – While the EU allows computer monitoring provided employees are notified in advance and it is done for legitimate business purposes without limiting employee rights to privacy, various Acts in the US legalize electronic surveillance of all actions on company-owned computers. 

Internet and social media monitoring – Employers are permitted to create social media policies in the US. Although the GDPR doesn’t have specific guidelines for monitoring social media and internet use at work, its privacy laws may have restrictions on what you can and cannot monitor. 

Monitoring screen content and keystrokes – Employers are permitted to use this technique on company-owned computers in the US, but given the nature of the tool, it is advised that they get employee consent. In most cases, using monitoring tools that record keystrokes or take images of employees’ displays is prohibited by the GDPR. 

Monitoring private messages and emails – Any email or private communication sent or received on a company-owned device is regarded as corporate property in the US. Because of this, it is acceptable for businesses to monitor confidential emails and messages. Email monitoring is legal under GDPR if the employee is informed and consents to it, the information collected about the employee through email monitoring is handled securely, and the company has a retention policy for emails and deletes them when it is up. 

Monitoring company phone conversations – Employers may only listen to calls and voicemails for proper business purposes in the US. However, since businesses have the right to monitor their own phones, there is some ambiguity when an employee uses a corporate phone for a personal call. Voicemails and phone calls are considered personal information under the GDPR; therefore, corporations must first get the participants’ consent before listening in on them. 

Video surveillance – Video surveillance is permitted under federal law when done for legitimate business-related purposes. This might be done to keep things safe generally or to stop theft. However, an audio recording shouldn’t be included with the video recording. Most surveillance tapes typically feature people who have not given their agreement to be watched, and under GDPR, identifiable faces are considered personal data. 

Monitoring personal devices – Monitoring of personal devices is permitted in the US if the employer has established clear standards regarding it. The GDPR is highly strict regarding personal device monitoring since it places a strong emphasis on defending employees’ privacy. It forbids employers from accessing the personal information on employees’ devices through scanning software. 

Monitoring employee location – Although it is strongly advised to tell employees and gain their approval, US regulations don’t specifically regulate monitoring locations. If a business wants to track the whereabouts of remote employees, GDPR mandates that they execute a DPIA (Data Protection Impact Assessment). You will then have a legal foundation for monitoring your staff thanks to the DPIA. 

GDPR and CCTV 

For businesses around the nation, CCTV is an essential security tool. However, if you don’t have the proper CCTV policy in place, you can end up breaking rigorous privacy regulations that defend people’s rights. 

The GDPR Act, which emphasizes that personal data should only be kept for as long as required, applies to any surveillance operations conducted outside of a person’s domestic property. Employers must therefore be able to justify the use of surveillance, identify those who are recorded, state how long they want to retain the footage, and describe how the data will be maintained and protected. 

Recommendations 

Look at the relevant laws – To be sure they are adhering to the law, employers should contact law firms. This is particularly crucial when specific employment laws change, and revised procedures are required. Employers who implement monitoring techniques for a remotely located crew that is spread out globe are highlighted. 

Be transparent about everything – Even though it’s not required, it’s usually a good idea to be open and honest with employees regarding monitoring procedures. They will be more open and accepting to the measures because they will understand the reasoning behind them better. 

Use employee-friendly tools – Employers should refrain from using equipment that secretly watch on their employees, like background-running keyloggers. Employee trust could decline as a result, and there may also be legal repercussions. 

Australia’s privacy law is governed by the Privacy Act 1988, which outlines the principles of privacy protection and regulates the handling of personal information by private and public organizations. 

This article aims to provide a comprehensive guide to privacy law in Australia, covering the Privacy Act, data protection, and privacy rights in the country. 

Privacy Act 1988 

The Privacy Act 1988 is the primary law governing privacy in Australia. It applies to private sector organizations with an annual turnover of over AUD 3 million, all Australian government agencies, and some other organizations such as health service providers, credit reporting agencies, and businesses that handle tax file numbers. 

The Privacy Act regulates the collection, use, storage, and disclosure of personal information by organizations. It also provides individuals with the right to access and correct their personal information held by organizations. 

Data Protection 

The Privacy Act also contains the Australian Privacy Principles (APPs), which set out the standards for handling personal information. The APPs cover various aspects of data protection, including the collection, use, and disclosure of personal information, data quality and security, and the right to access and correct personal information. 

Under the APPs, organizations must obtain an individual’s consent before collecting their personal information, and they must only collect information that is necessary for their functions or activities. Organizations must also take reasonable steps to ensure that personal information is accurate, up-to-date, and secure. 

Privacy Rights in Australia 

In addition to the rights provided by the Privacy Act, individuals in Australia also have other privacy rights. For example, the Australian Constitution does not explicitly recognize a right to privacy, but the High Court has recognized that it is an implied right. This right protects individuals from unreasonable intrusions into their private lives and allows them to maintain control over their personal information. 

In addition, Australia has enacted other laws that protect privacy rights, such as the Telecommunications (Interception and Access) Act 1979, which regulates the interception of communications, and the Spam Act 2003, which regulates the sending of unsolicited electronic messages. 

Conclusion 

Privacy is a crucial aspect of individual freedom, and it is essential to understand how it is protected in your country. In Australia, privacy law is governed by the Privacy Act 1988, which regulates the handling of personal information by organizations. The Act contains the Australian Privacy Principles, which set out the standards for data protection. Individuals in Australia also have other privacy rights, including the implied right to privacy recognized by the High Court. By understanding privacy law in Australia, individuals can better protect their personal information and maintain control over their privacy.