Facebook has endorsed a range of measures to strengthen Australian privacy law but rejected some of the recommendations from the Digital Platforms Inquiry of the Australian Competition and Consumer Commission (ACCC).
Facebook says that some ACCC’s recommendations would “make targeted advertising practically unworkable in Australia” and put Australia “out of step with other countries such as Singapore and the European Union.”
In a response to a government consultation on the ACCC’s recommendations in the final report of the inquiry, the social networking giant called for Australian alignment with the European Union’s GDPR privacy regime. The company said some ACCC recommendations would deliver a much more expansive definition of personal information than that outlined in the EU privacy rules.
Among the ACCC’s recommendations were a range of changes to the Privacy Act, including updates that clarify the term “personal information” captures “technical data such as IP addresses, device identifiers, location data, and any other online identifiers that may be used identify an individual”.
“This would be at odds with the GDPR,” Facebook argued, which treats such data as personal information “only where it is used, or combined with other data, to identify an individual”.
“All critical subtleties of the GDPR concept of ‘personal data’ must be retained if it is to be translated into the Privacy Act,” Facebook’s submission states. “To ensure proper alignment and consistency, the aim should be to stick as closely as possible to the GDPR wording.”
Similarly in relation to a further ACCC recommendation, Facebook argued that it does not believe “anonymised, pseudonymous and aggregated data should constitute personal information under the Privacy Act,” citing guidance from the Office of the Australian Information Commissioner (OAIC) that states de-identified data is not personal information.
(There have been a number of high-profile cases in recent years where Australian government agencies have released supposedly anonymised data which was not effectively de-identified.)
Facebook said it opposed ACCC recommendations that would make mandatory to present concise and accessible notices before a business or other organisation collects personal information from a consumer. Under the ACCC’s proposals, businesses would also be required to obtain the consent of consumers before collecting, using or disclosing personal information. Consent should not be the default, the ACCC said.
Prohibiting default opt-in or similar measures “will not necessarily be favourable for consumers,” Facebook argued.
“For example, such an approach may disrupt data processing activities that have broader system benefits” such as data processing for fraud detection and network security, the company argued.
The government's consultation period closed last week.