The Privacy Commissioner, John Edwards has raised concerns about privacy and data protection in the digital age.
In his latest blog, he discusses how to move the burden from consumers to read terms and conditions for services they are using, to the service providers to ensure they are clearly explaining the choices that consumers have, and the consequences for them.
Mr Edwards points to the Chief Justice Helen Winkelmann's lecture on 30 October 2018 in commemorating the first New Zealand Privacy Commissioner, Sir Bruce Slane where she notes that privacy consents will prove to be a significant issue.
"There is good reason for proceeding with caution when weighing the significance to be given to consent when assessing whether the individual expected privacy or had waived it. These are standard contracts people must agree to if they are to access services, sometimes essential services. Most do not read the full content of any such contract. That is especially so with online service providers. Although the privacy policy must be agreed to before services can be accessed, acceptance is easy — simply click on the accept button.
Often the consequential authorised collection of data will occur in the course of a very low to no value transaction. Few would spend time reading a privacy policy before using a search engine or purchasing food to go. And yet by clicking accept, we are agreeing to all of the terms and conditions, if expressed in suitably plain English, contained in the privacy policy of the service provider. Even if we do read the privacy policy, it is doubtful we will have a full understanding of the implications of what we have agreed to. There is a very substantial asymmetry in technical understanding between the customer and most who operate business in an online world."
Mr Edwards says as with many problems that the digital age has created as a by-product of the convenience and access to services these products represent, the solutions need to be found in a range of different areas.
He writes that Privacy by design will play a part. Ensuring that the most privacy protective options are obvious, and the default setting should become the industry norm.
And he says regulation will play a part.
"I and my international colleagues need to grasp the nettle and ensure our consumer protective data protection and privacy laws do exactly that."