Already struggling to meet its obligations around data privacy, FOI transparency and breach notifications, the Office of the Australian Information Commissioner (OAIC) has been given further responsibility as it joins a multi-agency crackdown on major digital platforms.
A partnership with the Australian Competition & Consumer Commission (ACCC), Australian Communications and Media Authority (ACMA) and Office of the eSafety Commissioner, the new Digital Platform Regulators Forum (DP-REG) will “increase cooperation and information sharing between digital platform regulators on the common areas of our work,” ACCC chair Rod Sims said as the new initiative was announced.
Having observed “harms to competition, consumers and business users” in a range of ways since the ACCC began monitoring digital platforms in 2017, Sims said, the agency’s partnership with other regulators will be “vital as we consider whether further regulatory reforms are needed to support competition and protect Australian consumers online.”
Flagging the potential for overlap or gaps in their relative responsibilities, the four participating agencies will, they said in a joint public statement, enable information sharing about cross-jurisdictional issues including “consideration of how competition, consumer protection, privacy, online safety and data issues intersect.”
“Digital platforms play an increasingly important role in the lives of Australians for information, entertainment and social contact,” noted ACMA chair Nerida O’Loughlin, saying that the forum would help regulators “ensure these platforms meet the standards expected of them by the Australian community.”
DP-REG has a rotating leadership and “is not a decision-making body”, the initiative’s Terms of Reference document notes, “and has no bearing on members’ existing regulatory powers, legislative functions or responsibilities.”
Cybersecurity and cybercrime activities are outside the scope of DP-REG, which is being positioned within the context of the Morrison Government’s efforts around deregulation, deduplication, and “streamlining overlapping regulation”.
As initially envisioned, outputs of the group include a contact list of “relevant staff” as well as data and information-sharing efforts to support activities by all involved members; staff training and resource sharing to enhance regulatory capabilities; and identifying and pursuing collaboration opportunities.
Circling the wagons against digital giants
In a global climate of increasing regulation, the creation of DP-REG is the latest step in the government’s ongoing battle to bring global digital platforms to heel, which has spawned significant steps including a major digital platforms inquiry and OAIC lawsuit against Meta stemming from Facebook’s Cambridge Analytica privacy breach.
With the creation of DP-REG, Australian information commissioner and privacy commissioner Angelene Falk said, “we are seeking to build a ring of regulatory defence… to address the opportunities and risks posed by the pace and expansion of the digital economy.”
“The use of data, including personal and sensitive information, can be of great benefit to the economy and community but the right protections need to be in place.”
Even as the regulatory group unifies against Web 2.0’s digital giants, however, the landscape is rapidly changing as emerging technology providers drive the transition to a more decentralised Web 3.0 model.
While digital giants controlled nearly 57 per cent of global Internet traffic last year, analyst firm GlobalData recently noted, the blockchain-powered Web 3.0 “envisions to cut tech influence by offering decentralised social networks, browsers, data storage, computation, video and music streaming, content monetisation, banking services, cloud-based payments, and others to create decentralised ecosystems across industries.”
The new responsibilities are yet another burden for an the OAIC, which has struggled to manage the Notifiable Data Breaches (NDB) scheme and recently admitted it is well behind in administering Freedom of Information (FOI) appeals.
The OAIC had 1,404 unresolved privacy complaints as of 4 February, Attorney-General Michaela Cash this month revealed in a questions on notice response, with 136 of those over a year old.
And while the OAIC asserts that it has met its targets, the agency nonetheless had 121 open FOI complaints – of which 36 were more than 12 months old – and its three-person NDB team was wrestling with 85 open issues.
Nonetheless, Falk is optimistic that DP-REG will not only unify the government’s response to digital giants, but facilitate international cooperation on privacy with bodies such as the Global Privacy Assembly.
“Adopting a collaborative and complementary regulatory approach,” she said, “will achieve results that protect and empower consumers and protect personal information wherever it flows.”