elevenM Senior Consultant Tessa Loftus looks at the connection between privacy and accessibility, and the steps being taken to address it in the Privacy Act review.
One of the questions that is commonly asked when an organisation is starting the complex and sometimes expensive process of making their online services accessible, is “but how many people with <<this particular need>> are going to use this service anyway?” This is the wrong question. The right question is “if you became disabled tomorrow, would you still want to be able to access services via the internet?” And the answer is, of course, yes.
Public buildings have had an accessibility requirement since 1993, and government websites have been required to meet the Web Content Accessibility Guidelines 2.0 since 2014 (although compliance is patchy at best). And while the Disability Discrimination Act aims to do what it says on the tin, the ability for people with a disability to access services on the internet is unreliable.
When the APPs came into force in 2014, they introduced the requirement for organisations covered by the Privacy Act to “manage personal information in an open and transparent way” and one of the primary methods for achieving this is to have a “clearly expressed and up to date policy about the management of personal information”.
Speaking as a consumer, a privacy professional, and a plain English specialist, I think I could count on the fingers of one hand the number of ‘clearly expressed’ privacy policies I have encountered.
We know that very few people read privacy policies. This is largely because they are long, boring, complex, and tend to be written as tool for managing legal risk, not as the consumer communication tool that they were intended to be.
Privacy, accessibility and the Privacy Act review
One of the proposals elevenM made to the current review of the Privacy Act is that privacy policies and collection notices should be accessible. That this has now been (at least partially) taken up is a good start. The final report of the review proposes a new requirement for “collection notices to be clear, up-to-date, concise and understandable. Appropriate accessibility measures should also be in place.” It also includes the proposal that “APP entities that provide online services should be required to ensure that any privacy settings are clear and easily accessible for service users.” To have a system based on notice and consent without a requirement for accessibility undermines a significant number of individuals’ ability to access that notice or validly provide that consent. In other words, for it to be “open and transparent”, it must also be accessible.
Proposed changes to the definition of consent will also improve accessibility. The current definition of consent simply states that “consent can be express or implied”, without further clarification. The proposals in the report propose that the definition be changed to “must be voluntary, informed, current, specific, and unambiguous”. While this is consistent with current OAIC guidance, organisations are not currently required to comply with OAIC guidance, therefore a definition is both a stronger protection and a step in the right direction. There are a range of interesting details in the explanation of these terms, many of which pick up on issues of accessibility. For example, “an individual must have a genuine opportunity to provide or withhold consent” and “an individual must be provided with sufficient information in an understandable form so that [they are] likely to be aware of the implications of providing or withholding…entities should ensure that they use clear and plain language when presenting consents to individuals.”
Photo credit: Daniel Ali on Unsplash