FPF Publishes New Report: A Conversation on Privacy, Safety, and Security in Australia: Themes and Takeaways

On October 27, 2023, the Future of Privacy Forum (“FPF”), in partnership with the UNSW Allens Hub for Technology, Law and Innovation (“Allens Hub”), convened a multidisciplinary meeting of experts on technology, privacy, safety, and security in Sydney, NSW, Australia to discuss benefits, challenges, and unanswered questions associated with the Australian eSafety Commissioner’s (“eSafety”) forthcoming industry standards for the regulation of certain online content. Today, FPF publishes a report summarizing broad themes and takeaways gleaned from this discussion, “A Conversation on Privacy, Safety, and Security in Australia: Themes and Takeaways.”

Australia’s Online Safety Act of 2021 (“Online Safety Act”) mandates the development of industry codes or standards to provide appropriate community safeguards with respect to certain online content, including child sexual exploitation material, pro-terror material, crime and violence material, and drug-related material. Through September 2023, the eSafety has registered six industry codes that cover: Social Media Services, App Distribution Services, Hosting Services, Internet Carriage Services, Equipment, and Internet Search Engine Services. In May 2023, however, the Commissioner rejected proposed codes for relevant electronic services (“RES”) and designated internet services (“DIS”) on account that they “do[] not provide appropriate community safeguards.” Under the Online Safety Act, the rejection of the RES and DIS codes by the Office of the eSafety Commissioner initiated a process in which the Commissioner drafted industry standards for these sectors. A draft of the industry standards was published on November 20, 2023, and is open for public comment until December 21, 2023. 

For purposes of the FPF and meeting, participants were asked to assume the existence of industry standards that satisfies the Online Safety Act’s statutory requirements. As such, the goal was not to solicit arguments about any specific approach, but rather to provide an opportunity for experts to discuss underlying opportunities and challenges in regard to the creation of industry standards, particularly in regard to partially or entirely end-to-end encrypted services. While meeting participants were not in full agreement in regard to any specific point, there were many themes that came up multiple times within the conversation as well as areas of consensus on certain points, including:

1. Participants agreed broadly on the goals of the e-Safety Act and the mission of the e-Safety Commissioner
2. Several participants found deficits in the length and scope of the public consultation available throughout the process
3. Participants identified several potential benefits of an industry code beyond its intended scope
4. Participants broadly opposed any approach that would require otherwise encrypted messaging services to utilize content hashing and/or client-side scanning 
5. Many participants discussed the need for unique treatment for different types of content based on distinctions in context 
6. Participants flagged previous cases of mission drift in regard to certain legal authorities and warned of similar evolution
7. Participants flagged an important role for greater education, both for individuals as well as enforcers
8. Participants supported a broad public dialogue on effective responses and solutions
9. Participants identified a large number of unanswered questions in regard to the creation, implementation, and enforcement of industry codes that left much uncertainty
10. Australia has played a leadership role globally on issues related to Online Safety and is likely to continue to do so