SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
New report considers consumer rights around personal data
Fri, 2nd Aug 2019
FYI, this story is more than a year old

Despite there being regulations and laws around privacy and data, a new report has found that there is no clear standard for access to consumer data.

This includes personal data collected via social media, online searches, telecommunications and leading fitness trackers.

The study, titled Consumer Rights to Personal Data, was conducted by researchers Dr James Meese, Dr Punit Jagasia and Professor James Arvanitakis from the University of Technology Sydney (UTS) and Western Sydney University (WSU).

The goal of the research team was to understand if people can access their own data from a range of communications companies, including social media platforms (Facebook, Instagram, Twitter), online companies (Google), telecommunications companies (Optus, Vodafone, Telstra) and fitness wearables (Fitbit, Apple Watch).

UTS researcher Dr James Meese says, “We established a set of best practice standards, based on what consumers could reasonably expect from companies, and then we assessed how each company performed against these standards.

“While all companies were compliant with the data access procedures required under the Privacy Act, and provided the data that they were legally required to, we found that many companies failed to provide all the user data they were collecting,” Meese says.

The data provided by the communications companies was not always provided in a portable format, which meant that at times consumers could not transfer data to other service providers, the research found.

In some cases, it was also hard to interpret the data provided, which suggests there is scope for companies to improve the way they present data in order to assist consumer understanding, according to the study.

The report also considers the introduction of a Consumer Data Right (CDR), following on from these results and the growing information disconnect between consumers and companies.

The reform aims to simplify and standardise the process of accessing and transferring data, however the report notes that a range of valid stakeholder and consumer concerns are not adequately addressed in the draft bill.

Meese says, “The CDR should form part of a broader suite of comprehensive data rights for consumers.

The report also notes that a range of government bodies are conducting reviews of privacy related issues.

It suggests the Federal government should wait until these reports are complete before introducing the CDR as part of a broader suite of data rights for Australian consumers.

The Consumer Rights to Personal Data study was funded by a grant from the Australian Communications Consumer Action Network and is available on the ACCAN website.

The project also produced a set of guides to help consumers understand existing data access procedures and a Facebook data visualiser to help consumers make sense of the Facebook data currently provided to them.