Wednesday, 8 March 2023 Privacy in Australia is generally perceived as a straightforward notion aligned with our society’s rights and freedoms. Yet from a global perspective, the concept of privacy is far from universal and can mean very different things to different people. Beliefs and legal constructs around privacy issues – from freedoms within one’s personal life to the right to free speech – vary greatly across cultures. These differing interpretations are rooted in ancient history and times when formative ideas of privacy diverged according to a society’s cultural, heritage, religious and socio-economic influences. The strength of these resultant beliefs is evident in the many anchoring legal systems of privacy in most countries around the world today. In modern times, the politics of privacy faced by security and privacy professionals is challenging and complex. Digitisation has brought about one of the most recent and significant shifts in global interpretations of privacy. The world is now filled with numerous societal perceptions around what privacy means in such contexts as social media, the plethora of messaging services and how private data may be collected, stored and used. For cyber professionals and organisations, this development has made clear that successful cybersecurity design will increasingly depend on having a thorough understanding of privacy norms in different global contexts. Cyber professionals charged with protecting privacy encounter greater variations between beliefs across jurisdictions. This presents a challenge for the cybersecurity industry in general because a community’s expectations may be framed by the extent to which it has valued, or currently values, privacy in the circumstance. Both legal context and community expectations need to be considered: accepting that interpretations of privacy are highly subjective can avoid inflammatory situations sparked by acting in ignorance or unintentionally overlooking nuanced legalities. For instance, an Australian cybersecurity or privacy professional operating in a police state or country under a system of government that differs to Australian norms could find that social surveillance is part of the social system. They would, therefore, be best to act according to the local context rather than in line with the more liberal beliefs of Western democratic societies. Australians need to be particularly mindful of gaps between our privacy standards and others when operating in a global context. Even our own Privacy Act which has served Australians well since its passing in 1988 is currently undergoing a major and long overdue review. In fact, the exhaustive review process has culminated with 116 recommended changes by the Commonwealth Attorney General, Mark Dreyfus SC. If these proposed reforms are passed, they will significantly reshape Australia’s privacy laws around data protection and bring them up to speed with those in Europe and the US. Furthermore, the Western democratic concept of privacy, the privacy norms which permeate through the Abrahamic faiths of Judaism, Christianity and Islam, and the Eastern definitions of privacy found across most of Asia differ significantly. Adding to the complexity, permutations of what privacy is further exist within each of these traditions. As an example, within the anglosphere, there is much commonality in legal traditions, spirituality and societal beliefs and expectations. Yet, numerous differences exist in terms of how privacy is executed, subtle or otherwise. Consider beliefs around the right to personal privacy and security in one’s own home. Under the ‘castle doctrine’ in the US, a person can use lethal force to protect their family and home without facing legal prosecution. While Australia does not have the castle doctrine, per se, a person can claim they acted in self-defence in a murder trial which the prosecution would then have to disprove. However, each Australian state also has its own definition of what constitutes self-defence.1 Further compounding these differences are the glaring variations between Australia and the US existing in relation to the power of the latter’s courts, a power that recently caught world attention in the overturning of Roe v Wade – a case that was effectively about the privacy afforded women to choose what they do with their own bodies. The future calls for professionals in the cybersecurity sphere to remain keenly aware of the fluid nature of privacy beliefs, laws and systems around the world. In an increasingly interconnected and digital world where data often traverses jurisdictional borders, it has never been more important to understand what privacy looks like in the region and political system under which you are working. Through better, contextual understanding of privacy norms and needs, organisations and cyber professionals will be able to improve cybersecurity design and implement policies and practices that are acceptable and embraced by users. As a result, this will provide a far greater degree of cybersecurity uplift for organisations, particularly those which comprise of diverse workforces operating across borders and regions in the global economy. 1 Spandas Lui, Is It Legal To Kill Home Invaders? (28 May 2018) Life Hacker <https://www.lifehacker.com.au/2018/05/is-it-legal-to-kill-home-invaders/#:~:text=This%20is%20called%20the%20Castle,all%20states%20in%20the%20country.>