General Equilibrium Analysis: Ricardian Trade Model
This tutorial delves into the microeconomics of international trade using the Ricardian trade model. It covers general equilibrium trade analysis, model specifications for two countries - North and South, production possibilities, consumption, and more.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Privacy Australian law in international context Graham Greenleaf Professor of Law & Information Systems, UNSW Legal Studies State Conference 2019 29 March 2019
Overview 1. Why is data privacy valuable? 2. Who/what endangers privacy most? 3. What global standards for data privacy exist? 4. Main features of Australian privacy law 5. Does Australian law meet global standards? 6. Who can protect your privacy?
1. Why is data privacy valuable? 1. ID theft: Without privacy you are exposed to identity theft Very widespread; very damaging; very difficult to repair Biometric loss: Loss of control of biometric data (fingerprints etc) is permanent Biometrics are increasingly required for everyday security applications, which may cause ID theft damage to be permanent Marketing manipulated: Without privacy you are subject to commercial manipulation It is now so complex it cannot be understood, and so subtle it is often not noticed Freedoms compromised: Without privacy, freedom of thought, belief and creativity is endangered How can you be critical, or creative, if businesses and government are looking over your shoulder? 2. 3. 4.
1. Why is data privacy valuable? (cont.) 5. Democracy at risk: Without privacy, democracy is now at risk Facebook/Cambridge Analytica shows that mass manipulation of politics, and even election results, is likely from privacy intrusions If every branch of government can enforce penalties of every other branch, you are powerless to resit oppression Living it down: Without privacy, you cannot live down things in your past you now regret The Right to be Forgotten (RTBF) is a newly-re-discovered privacy principle AI threats: Without privacy, automated decision systems will subject us to built in biases and unfair decisions. Artificial intelligence (AI) will otherwise not explain its decisions about us No need to justify: What do you have to hide? is the wrong Q. Wrongly puts the onus on you to justify wanting privacy. The onus should be the other way. You should have a right to decide how information you disclose can be used ( informational self-determination ), except where the public interest, or other people s interests, take priority 6. 7. 8.
2. Who/what endangers privacy most? 1. 2. Both the private sector and government Largest private sector threats are from global organisations, often located outside Australia Facebook, Google, Amazon and Microsoft are the inventors of, and largest players in, surveillance capitalism Many smaller local companies emulate or use their methods Public sector threats are mainly from our own governments, but some are from other countries Home grown: RoboDebt injustice, MyHealthRecord, data spills But foreign governments get our data through global cyber- espionage, and through 5-Eyes cooperation as well Two levels of solution are therefore needed: global and local We need effective local remedies for small-scale problems But Australia needs to participate in global solutions to privacy problems too large for any one country to solve 3. 4.
2. Who/what endangers privacy most?Private sector threats Zuboff (2019, 600+ pgs) Best analysis known of how surveillance capitalism actually works. Complex and largely invisible capture and use of personal data and metadata ( behavioural surplus ) to predict and control our actions. Origins with Google (2000), Facebook (2003), Amazon; now emulated (and purchased) widely. Argues it is a mutant strain of capitalism and neo-liberalism, dangerous to humanity. Worth searching for reviews for a summary whatever you know, this will reveal more.
2. Who/what endangers privacy most? Public sector threats 1. Snowden s whistle-blowing on US global surveillance of private sector data traffic (2013) exposed threats to non-govt datahttps://en.wikipedia.org/wiki/Edwar d_Snowden Australia is complicit through 5 Eyes sharing of intelligence with foreign governments https://en.wikipedia.org/wiki/Global_survei llance_disclosures_(2013-present) UN Special Rapporteur on the Right of Privacy is working on global answers to limit this https://www.ohchr.org/EN/Issues/Privacy/ SR/Pages/SRPrivacyIndex.aspx 2. 3.
134 Countries with data privacy Laws (to April 2019) Key Comprehensive Public only Private only Most Private Bills 8
Plus 27 with official Bills for new laws (to April 2019) Key Comprehensive Public only Private only Most Private Bills 9
3. What global standards for data privacy exist? 1. 50 years development of data privacy standards through (i) national laws and (ii) international agreements. 2. National: Now 134 countries with data privacy laws (1st = Sweden 1973); 27 more countries have Bills 3. International standards in 3 stages: 1. 1980-1995: Council of Europe data protection Convention 108 (1981) and OECD Guidelines (1980) 2. 1995-2016: European Union data protection Directive (1995, in force 1998); revised CoE Convention 3. 2016 ??: EU General Data Protection Regulation (GDPR) (2016, in force 2018); modernised CoE 108+
3. What global standards for data privacy exist? 4. Result: Since 1995, European standards have gradually become the dominant data privacy standard adopted to some extent by MOST of the 134 countries with laws There is still no global privacy treaty but CoE Convention 108 now includes 54 countries as Parties and is expanding The USA is the most important country resisting EU-type standards; China resisting less so; India?: wait & see 5. What is the current global standard ? (on average) 1. It is almost everywhere stronger than 1980 s OECD Guidelines 2. It is getting closer to 1995 s EU Directive (more than 7/10); 3. It gets stronger with every new or revised law, due largely to GDPR influences.
4. Main features of Australian privacy law IVfactors have inhibited developments Factor I: Driven by politics, not human rights, for over 30 years 1. No constitutional requirements for, or constraints on, legislation very unusual 2. Defeat of Hawke s Australia Card 1987 -> Privacy Act 1988 compromise with Tax File Number (TFN), but public sector only 3. Credit reporting reforms (1992) were world-leading and largely survive 4. Threats of State legislation > 2001 expansion to parts of private sector 5. Political instability since 2007 > defeat of Howard s Health & Welfare Access Card ; few of ALRC recommended reforms enacted; Privacy Act remains stuck in 1990s. 6. Since 2013, new surveillance anti-terrorist laws: data retention law (2015); anti-encryption law (2018)
4. Main features of Australian privacy law Factor II: Absence of the Courts No rights to take actions directly before Courts 1. No constitutional right, or common law (tort) right, or modern breach of confidence unlike most other countries (incl. NZ, Canada, UK) 2. No statutory serious infringement of privacy right of action, despite 4 law reform reports (note current ACCC draft recommendations ) 3. No Privacy Act right of action except via complaint to Privacy Commissioner (note current ACCC draft recommendations ) Privacy Act & Commissioner inhibits appeals to the Courts 1. Appeals to the AAT only possible if the Commissioner (PC) makes a Determination of a complaint under s52 2. Average of 5.5 s52 determinations p/a for last 5 years (average of 5 successful) why are there no losers? (ie potential appeals to AAT) 3. Commissioner dismisses most complaints without a s52 determination either satisfactorily resolved or no breach (in PC s opinion) Result: Almost no case law interpreting, or enforcing, Privacy Act, after 30 yrs we know little about what it means
4. Main features of Australian privacy law (cont.) Factor III: Weak and inconsistent principles 1. The Privacy Act s Australian Privacy Principles (APPs) Enacted 1988, a first generation set of basic principles ( IPPs ) 2001 addition of private sector NPPs added little new substance 2012 conversion into APPs also added little, partly went backwards 2018 Significant addition: data breach notification obligations 2. Not comprehensive, and not uniform Covers both private sector and public sectors except SA, Tas and WA state sectors The APPs are not adopted uniformly across the State/Territory laws, despite this being one of the main aims of the 2012 reforms Privacy Act exempts far too much from scope over 90% of all Australian businesses exempt as small businesses; political parties, the media, employment information, publicly available information ALRC Report recommended scrapping political lobbying too strong
4. Main features of Australian privacy law (cont.) Factor IV: Enforcement weaker than powers 1. Lack of s52 determinations - Court have not set standards for s52 compensation or new powers to order remedies Despite s52 compensation power (no monetary limit), actual awards are very small: $0 (2018); $15K, $23K, $1.5K, S1K, $13K (ttl $43.5K 2017) who would this deter? PC stopped publishing Casenotes (non-s52 settlements) in 2012 (used to be 20 p/a) BUT OAIC Ann. Rep shows they can be substantial $$ but for what breaches? transparency gap results Civil penalties for serious / repeated breaches to $1.7M (2012) unused Also undefined, and only for some breaches Substantial remedies possible following own motion investigations (2012) very little use Result: Compliance with the Privacy Act could be seen as optional, just a minor business/administrative expense 2. 3. 4. 5.
Remedies in 972 conciliated complaints (OAIC Annual Report 2017-8)
Compensation settlements total $664,000+ (OAIC Annual Report 2017-8) Based on median amount of each category below Average settlement about $3,400 over 196 settlements
5. Does Australian law meet global standards? (I) APPs lack many rights/obligations now in EU GDPR 1. 2. 3. 4. 5. 6. Personal data includes cookies, IP addresses etc Positive consent required (not implied or opt out ); Default settings to favour privacy ( privacy by default ); Obligation to design (and re-design) for privacy by design ; Limits on automated decision-making; Right to be forgotten living down the (irrelevant) past; 650K de-linking requests to Google > 1M URLs de-linked as a result Portability of data in digital form from social networks; Demonstrable accountability by data controllers; Data protection impact assessment (DPIA) for any high-risk processing, with possible prohibitions. 10. Numerous rights and obligations support data minimisation . 7. 8. 9. Which of these are necessary to deal with 21st century problems? Many (not all) of 1-10 are now appearing in laws outside the EU
STOP PRESS!!: Privacy ActGDPR reforms announced 24/03/2019 Press Release gives only details; at least a year away 1. Social media/platforms to cease use or disclosure of personal information on request Version of GDPR deletion / right to be forgotten 2. Code of Conduct for social media/platforms More transparent data-sharing arrangements; More specific consent to collection/use of data; This will be an enforceable Code under the Act 3. Extra protections for children / vulnerable groups
5. Does Australian law meet global standards? (cont.) (II) Australian enforcement is behind GDPR 1. GDPR requires data protection authorities (DPA) to be able to fine companies for breaches up to 4% global annual turnover (GAT) (art. 83) 500K fine of Facebook = 18 minutes of GAT French DPA fined Google 50M euros 2. Individuals can sue companies for breaches directly in the Courts (art. 79) Can also appeal against DPA decisions to Courts (art. 78) 3. NGOs specialising in data protection are entitled to represent individuals in complaints to DPAs (art. 80) May receive compensation payable NGO complaints are now driving the GDPR
STOP PRESS!!: Privacy Act GDPR reforms announced 24/03/2019 4. Max. penalties for serious/repeated breaches increased to highest of (i) $10M; (ii) 3 x benefit obtained; or (iii) 10% annual domestic turnover. [Existing $1.7M penalties never used.] New OAIC powers to issue infringement notices for non- cooperationconcerning minor breaches up to $63K for companies, $12.6K for individuals. But this is not an administrative fine for breaches as such Additional remedies incl. prominent publication Additional $25M to OAIC over 3 years to increase capacity Revision after ACCC platforms inquiry report (June) which is likely to recommend: direct right to enforce Privacy Act before Courts; serious invasions of privacy separate action before Courts. Q: Will the OAIC use these new powers? (or existing ones?) 5. 6. 7. 8.
5. Does Australian law meet global standards? (cont.) (III) Australian companies and GDPR Some Australian companies must comply with EU GDPR (in full): If they have an establishment in the EU (GDPR art. 3(1)); If they target customers in the EU (GDPR art. 3(2)(a)); If they monitor the behaviour of individuals in the EU (GDPR art. 3(2)(b)); If their head office requires GDPR compliance ( vertical GDPR-creep ); If they supply services to companies requiring GDPR compliance ( horizontal GDPR-creep ). Illustrates both the hard and soft power of EU standards (IV) Australia was not adequate under the 1995 EU Directive What prospects under GDPR?
6. Who can protect your privacy? (from the personal to the political) 1. You can protect yourself Choose privacy-protective services over surveillance services Use PETs (privacy-enhancing technologies): encryption, anonymising browsers etc Refuse unnecessary data collection (or mis-inform) Social media may respond to complaints and take harmful content down Community Legal Centres (CLCs) can give advice and represent you Eg UNSW s Youth Law Australia has a privacy section The news media do now expose privacy breaches Snowden revelations; Cambridge Analytica expose Individual stories can get media attention: RoboDebt 2. 3. 4.
6. Who can protect your privacy? (cont.) 5. Policy NGOs (APF , NOYB, PI) can take collective action Australian Privacy Foundation (APF) for 32 years since OzCard great on policy, poor on litigation (no funds); None of Your Business (NOYB) NGO founded by Max Schrems, to enforce EU GDPR success with 50M euros Google fine Privacy International (PI, London-based) suing 8 streaming services under GDPR Individual Australian data protection authorities may act May encourage companies and departments to negotiate Aust. Privacy Commissioner won t investigate for 6 months No record of any seriously deterrent fines or compensation At State level, compensation etc is from State administrative tribunals 6.
6. Who can protect your privacy? (cont.) 7. Data protection authorities acting collectively EU s European Data Protection Board (EDPB) of 29 regulators can make & enforce joint decisions (if two disagree) Competition regulators can break up platforms EU aims to prevent interoperability of Facebook companies Australia s ACCC may recommend action (Platforms Inquiry) Governments can legislate Global laws have notbecome a race to the bottom Silicon Valley is not immune to coordinated laws 10. Global treaties on data protection & surveillance may emerge Data protection Convention 108+, and the UN Rapporteur s work Bottom line: To be effective, protection must occur, and strengthen, at both the local and the global levels. 8. 9.
References & Resources 1. Privacy in Australia Most of my articles/presentations are on my SSRN pages (free access)https://papers.ssrn.com/per_id=57970, including: Privacy in Australia (2008) a brief (34 pg) history, 1970-2008 https://papers.ssrn.com/abstract_id=3072270 Australia's 2012 Privacy Act Revisions: Weaker Principles, More Powers (2012) - https://papers.ssrn.com/abstract_id=2252569 Privacy Enforcement in Australia is Strengthened: Gaps Remain (2014) on the 2012 amendments - https://papers.ssrn.com/abstract_id=2468774 GDPR Creep for Australian Businesses But Gap in Laws Widens (2018) Why Australia still falls short of global standards https://papers.ssrn.com/abstract_id=3226835
References & Resources (2) 1. Global Data Privacy Law Library (on WorldLII) (free access) http://www.worldlii.org/int/special/privacy/ 2. Australian Privacy and Surveillance Law Library (on AustLII) (free access) http://www.austlii.edu.au/au/special/privacy/ 3. A useful GDPR Guide https://gdpr-info.eu/ (Intersoft) 4. Some of my articles on global developments: The Influence of European Data Privacy Standards Outside Europe (2012) https://ssrn.com/abstract=1960299
