This should be very familiar to people working with data in a lot of jurisdictions. I can speak to Europe but I think similar things exist elsewhere - data is less restricted in how and what you collect than it is how you use it. This makes a lot of sense, you should be able to have a basic record of ip addresses and access times for rate limiting, but that shouldn’t mean you can use it for advertising.
Similarly it seems reasonable that shops should be able to record for some purposes but not all.
I don't think "less restricted" is a good framing. How you are using it is the core, and you get to collect and store what's necessary for your legal uses, and use it for those uses.
You don't get to have access logs because there is no restriction on logging IPs, you get them because you argue a justified use of them, and thus you can have them to use them for it (and not for anything else).
I don't think it does, because it is completely unverifiable. It's like allowing people to buy drugs, but not to use them.
I'm not worried about people collecting IPs, I'm worried about people who collect IPs being able to send those IPs out and get them associated with names, and send those names out and be supplied with dossiers.
When they start putting collecting IPs in the same bag as the rest of this, it's because they're just trying to legitimize this entire process. Collecting dossiers becomes traffic shaping, and of course people should be allowed to traffic shape - you could be getting DDOSed by terrorists!
edit: I'm not sure this comment was quite clear - it's 1) the selling of private, incidentally collected information by service providers, and 2) the accumulation, buying, and selling of dossiers on normal people whom one has no business relationship that is the problem. IPs are just temporary identifiers, unless you can resolve them through what are essentially civilian intelligence organizations.
You forget store. This depends a lot on the type of data. Duration, specific laws related to it and protection are very different for randomised numbers vs medical as an example.
This is good. It means we have laws and rulings that understand the technology. That balance the need for business to protect their stores with people's privacy.
Free to record data but not free to process data... sounds a lot like books being stored rightfully but not analyzed by machine learning.
I have data on Google. Google has a TOS that says they can use my data. This could cover even future use cases, even though those future use cases I did not anticipate. So does Google have the right to use my data in this particular way?
There are all manner of things you can and cannot do with 'data'. For example, you cannot purchase a Blu-Ray, rip its contents and post them on the internet. This shouldn't be that "interesting".
I noticed that as well, it's a bit frustrating. I personally think if you're allowed to do something legally, you should be allowed to do it using technology.
It's seems silly to me that you can have a human being eyeball someone and claim it's so and so, but you can't use incredibly accurate technology to streamline that process.
I personally don't like the decay of polite society. I don't like asking a worker for a key to buy some deodorant. Rather than treat everyone like a criminal, why don't we just treat criminals like criminals. It's a tiny percentage of people that abuse polite society and we pretend like it's a huge problem that can only be attacked by erecting huge inconveniences for everyone. No, just punish criminals and build systems to target criminals rather than everyone. If you look at arrests, you'll see that among persons admitted to state prison 77% had five or more prior arrests. When do you say enough is enough and we can back off this surveillance state because we're too afraid to just lock up people that don't want to live in society.
Target the criminals. Yes, the criminals, according to the altruistic government that serves its people and never breaks the constitution or international law. According to its perfectly defined code. Someone who got an abortion in another state after rape, for example. Or said "children shouldn't be murdered"? but said it out loud at a campus. Run the tech of the most powerful trillionaires on the masses, the poor people and find out who is dissenting. Keep the prisons full. One man's prison is another man's pension. Make this system more powerful.
We are all potential criminals under tomorrow's government. Remember that!
First paragraphs pretty clearly read to me like the issue isn’t “processing it,” it’s the indiscriminate filming of everybody who enters the store without consent that’s the problem.
Security filming is common in Australia and not outlawed by this ruling. It is specifically the non-discriminate use of facial recognition technology this ruling applies to.
The specific difference is "sensitive information". General filming with manual review isn't considered to be collecting privacy sensitive information. Automatic facial recognition is.
The blog post makes this point about how the law is applied:
> Is this a technology of convenience - is it being used only because it’s cheaper, or as an alternative to employing staff to do a particular role, and are there other less privacy-intrusive means that could be reasonably used?
Everyone who enters almost any store is "filmed" with their implicit consent. Cameras are everywhere, and certainly are everywhere in every Australian court as well.
The root comment is precisely right. Deriving data from filmed content -- the illusory private biometric data that we are leaving everywhere, constantly -- is what the purported transgression was.
Is this from the 90s? Who doesn't expect to be recorded when entering a retail chain? How the hell does the government have the right to decide what this private company can do on their private land? If you enter onto someone else's property you should play by their rules.
IanCal|5 months ago
Similarly it seems reasonable that shops should be able to record for some purposes but not all.
detaro|5 months ago
pessimizer|5 months ago
I don't think it does, because it is completely unverifiable. It's like allowing people to buy drugs, but not to use them.
I'm not worried about people collecting IPs, I'm worried about people who collect IPs being able to send those IPs out and get them associated with names, and send those names out and be supplied with dossiers.
When they start putting collecting IPs in the same bag as the rest of this, it's because they're just trying to legitimize this entire process. Collecting dossiers becomes traffic shaping, and of course people should be allowed to traffic shape - you could be getting DDOSed by terrorists!
edit: I'm not sure this comment was quite clear - it's 1) the selling of private, incidentally collected information by service providers, and 2) the accumulation, buying, and selling of dossiers on normal people whom one has no business relationship that is the problem. IPs are just temporary identifiers, unless you can resolve them through what are essentially civilian intelligence organizations.
consp|5 months ago
nenenejej|5 months ago
nashashmi|5 months ago
I have data on Google. Google has a TOS that says they can use my data. This could cover even future use cases, even though those future use cases I did not anticipate. So does Google have the right to use my data in this particular way?
catigula|5 months ago
bko|5 months ago
It's seems silly to me that you can have a human being eyeball someone and claim it's so and so, but you can't use incredibly accurate technology to streamline that process.
I personally don't like the decay of polite society. I don't like asking a worker for a key to buy some deodorant. Rather than treat everyone like a criminal, why don't we just treat criminals like criminals. It's a tiny percentage of people that abuse polite society and we pretend like it's a huge problem that can only be attacked by erecting huge inconveniences for everyone. No, just punish criminals and build systems to target criminals rather than everyone. If you look at arrests, you'll see that among persons admitted to state prison 77% had five or more prior arrests. When do you say enough is enough and we can back off this surveillance state because we're too afraid to just lock up people that don't want to live in society.
https://mleverything.substack.com/p/acceptance-of-crime-is-a...
nenenejej|5 months ago
We are all potential criminals under tomorrow's government. Remember that!
nemomarx|5 months ago
Forgeties79|5 months ago
nl|5 months ago
The specific difference is "sensitive information". General filming with manual review isn't considered to be collecting privacy sensitive information. Automatic facial recognition is.
The blog post makes this point about how the law is applied:
> Is this a technology of convenience - is it being used only because it’s cheaper, or as an alternative to employing staff to do a particular role, and are there other less privacy-intrusive means that could be reasonably used?
https://www.oaic.gov.au/news/blog/is-there-a-place-for-facia...
llm_nerd|5 months ago
The root comment is precisely right. Deriving data from filmed content -- the illusory private biometric data that we are leaving everywhere, constantly -- is what the purported transgression was.
mrits|5 months ago