In a world driven by data, cyber law and cyber security are critical issues.
Although the internet is less than 50 years old – a mere blip in human history – it’s almost impossible to imagine life without it.
Revolutionising the way we work, communicate, interact and shop, it has evolved from an information repository into a dazzling array of technologies that connect us to anywhere in the world at any time.
However, the flipside of 24/7 instant networking is the threat posed to personal information privacy and security.
Each time we jump online we leave a tell-tale cyber trail: websites we visit, products we buy, messages we send, information we share.
And those personalised ads and suggestions that mysteriously pop up on our screen? That’s no mystery, that’s data tracking - where your information is sold to create targeted advertising.
Online profiles can be sold to highest bidder and tech leviathans like Google, Facebook, Amazon and Apple have an insatiable appetite for information.
Deakin Law School (DLS) senior lecturer Dr Vicki Huang says providing personal information, both on and offline, always carries a risk.
‘When we sign up to digital platforms and tick “agree” we usually agree for those service providers to use and then share our information – this can be shared or sold to data brokers or other third parties. A serious issue is that consumers are often unaware of where their data goes and how it’s being used,’ she explains.
Data tracking gives organisations a snapshot of our health, socio-economic status, sexual orientation, political leanings, shopping habits and even personality traits.
And that’s highly valuable information for targeted advertising - the more a company knows about you, the more money it can make.
Dr Huang teaches cyber law, intellectual property law and property law, and her research focuses on projects on intellectual property, big data, free speech, race and gender.
She says that while data tracking is legal, the problem is the informed consent model.
‘It’s “broken” in the sense that consumers can’t (or don’t) read the terms and conditions. The New York Times found that it would take the average consumer 76 days to read all the privacy policies they have “agreed to” in a year.’
Competition law is also a problem because there’s little regulatory oversight into the way companies use our private information.
‘For example, Facebook now owns Instagram and WhatsApp. So, if you discuss “apples” in a WhatsApp group, you may see targeted advertising for “apples” on your Instagram feed. While “apples” is fairly benign, personal data can be used to target people who may be vulnerable to, for example, online gambling,’ says Dr Huang.
While targeted advertising may be annoying, Dr Huang says the bigger concern is the potential for personal manipulation.
‘Data tracking can be used to manipulate political leanings, encourage discrimination and spread misinformation. A less nefarious aspect is consumption of news on social media where data tracking may lead to consumers only getting news that confirms or fits their world view. This can be extremely problematic as listening to contrary views is a necessary part of a healthy democracy.’
She warns that manipulation is particularly high for the generation who has grown up with the internet and is more comfortable with disclosing vast amounts of personal information.
‘We are only now coming to terms with concepts such as the “right to be forgotten” and the “right of erasure” and asking ourselves whether these should be fundamental human rights.’
Because of the increasing amount of personal data shared online, there is increased exposure to the risks of that data being misused – managing that risk is a huge technical and legal challenge.
Australian companies of a certain size are now subject to a data breach notification scheme and new laws in the banking sector will allow consumers to access and control their data held by that sector. These types of laws will be rolled out to other sectors such as energy.
Meanwhile, the EU’s adoption of the GDPR (General Data Protection Regulation 2016/679) has seen Australian companies ramp up their data protection policies in order to maintain business links with Europe.
‘Data is now global, so when one influential player adopts a more rigorous regime, other countries must follow. In this sense we are part of a global jurisdiction,’ says Dr Huang.
But when it comes to more personal harms, she adds that jurisdictions vary depending on the type of harm.
‘When we sign up to an overseas service, we usually agree to terms and conditions. This “contract” will often state the relevant jurisdiction should a dispute arise.’
In breach of privacy issues – such as the circulation of intimate images, hacking, identity theft, financial theft and fraud – Dr Huang says there’s no singular Australian law.
‘Laws vary between the Commonwealth, states and territories to cover some of these scenarios’.
The biggest challenge, says Dr Huang, is to improve and maintain consumer trust in the digital economy.
‘The data economy is here to stay and we want Australia to benefit from it. For the majority of the time, the benefits of the internet far outweigh the risks. However, consumers lack bargaining power and often have to “take it or leave it” when dealing with access to digital services. The only way to build trust is through informed consent to transparent processes with governments and industries that are overseen by regulation. This is a challenge faced by all economies across the globe and students today need to be prepared to engage with this task’
Deakin’s Graduate Certificate of Cyber Law is a fully online, one- year course that’s designed to meet the needs of anyone interested in cyber law. It will also appeal to both legal specialists in cyber security and cyber professionals with legal expertise. It delivers two units of cyber law from the Deakin Law School and two units of cyber security and analytics from Deakin's School of Information Technology. Completion of the Graduate Certificate of Cyber Law provides a pathway into Deakin’s Master of Laws and Master of Cyber Security (Australia’s first accredited cyber security course).