Wednesday, February 14, 2024

Data Is What Data Does

 Data Is What Data Does: Regulating Based on Harm and Risk Instead of Sensitive Data, 118 Nw. U. L. Rev. 1081 (2024). 

“Heightened protection for sensitive data is becoming quite trendy in privacy laws around the world. Originating in European Union (EU) data protection law and included in the EU’s General Data Protection Regulation, sensitive data singles out certain categories of personal data for extra protection. 

Commonly recognized special categories of sensitive data include racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sexual orientation and sex life, and biometric and genetic data. Although heightened protection for sensitive data appropriately recognizes that not all situations involving personal data should be protected uniformly, the sensitive data approach is a dead end. The sensitive data categories are arbitrary and lack any coherent theory for identifying them. 

The borderlines of many categories are so blurry that they are useless. Moreover, it is easy to use nonsensitive data as a proxy for certain types of sensitive data. Personal data is akin to a grand tapestry, with different types of data interwoven to a degree that makes it impossible to separate out the strands. With Big Data and powerful machine learning algorithms, most nonsensitive data give rise to inferences about sensitive data. 

In many privacy laws, data giving rise to inferences about sensitive data is also protected as sensitive data. Arguably, then, nearly all personal data can be sensitive, and the sensitive data categories can swallow up everything. As a result, most organizations are currently processing a vast amount of data in violation of the laws. 

This Article argues that the problems with the sensitive data approach make it unworkable and counterproductive as well as expose a deeper flaw at the root of many privacy laws. These laws make a fundamental conceptual mistake—they embrace the idea that the nature of personal data is a sufficiently useful focal point for the law. But nothing meaningful for regulation can be determined solely by looking at the data itself. Data is what data does. 

To be effective, privacy law must focus on harm and risk rather than on the nature of personal data. The implications of this point extend far beyond sensitive data provisions. In many elements of privacy laws, protections should be proportionate to the harm and risk involved with the data collection, use, and transfer.”




2021 WA Liberals' election loss to be laid bare as WhatsApp messages from Mathias Cormann's 'Clan' offer glimpse



PwC, Scyne leaders reveal their pay packets

PwC Australia CEO Kevin Burrowes has told a Senate inquiry he is earning $2.4 million a year, almost half the amount earned by his predecessor Tom Seymour.
PwC Australia CEO Kevin Burrowes at the Senate inquiry into consulting on Friday. Alex Ellinghausen
The disclosure was made during one of the final public hearing days of the Senate inquiry into consulting.
The hearing, which was held on Friday in Parliament House, was also told about the pay packets of the head of PwC spin-off Scyne Advisory and its board members.

Mr Burrowes answered quickly when asked about his salary by Labor senator Deborah O’Neill.
The salary is almost the lowest of the big four firm leaders, and it is well below the $4.6 million a year that former PwC Australia CEO Tom Seymour took home in 2022 to 2023. Mr Seymour stepped down from the CEO role mid-last year after confirming he had received emails relating to the firm’s tax leaks scandal.
Scyne Advisory managing partner Richard Gwilym. Alex Ellinghausen
Mr Burrowes also said the pay of the firm’s inaugural independent chairman had not yet been set, as it would be negotiated with whoever was appointed to the role. KPMG’s independent board members are paid $160,000 a year.
Later in the hearing, Scyne managing partner Richard Gwilym revealed he was being paid $922,000 annually. That figure, which excludes incentives such as an annual performance bonus and potential equity grants, is just below the average yearly pay of $950,000 for PwC partners and it is well below the pay of the big four leaders.
Scyne chairman John Mullen said he was being paid $280,000 a year. Board member and chairman of the firm’s ethics committee Andrew Greenwood said he was being paid $150,000 a year.
Find out the inside scoop about Accenture, Deloitte, EY, KPMG, PwC and McKinsey. Sign up to our weekly Professional Life newsletter.
Edmund Tadros leads our coverage of the professional services sector. He is based in our Sydney newsroom.Connect with Edmund on Twitter. Email Edmund at edmundtadros@afr.com.au