Showing posts with label Big Brother. Show all posts
Showing posts with label Big Brother. Show all posts

Tuesday, 7 August 2018

Australian Digital Health Agency is considering adding DNA data to My Health Record


Crikey.com.au, 6 April 2018:

DNA DEBATE

The federal government’s controversial My Health Record program is capable of storing genomic data, such as cancer risks, using technology that both has huge research applications and highlights privacy and security concerns.

The Sydney Morning Herald reports that genome-sequencing company Genome.One, which can track genetic variations and therefore disease risks, has built “necessary infrastructure” for uploading sensitive genomic data into the opt-out system.

University of Canberra privacy expert Bruce Arnold has criticised the inherent risks of DNA-tracking technology and, just a week after the government backdown on police access to My Health Records, today’s news as again demonstrating a lack public consultation.

The Australian Digital Health Agency (ADHA) which is responsibe for My Health Record gave Genome.One, a wholly-owned subsidiary of The Garvan Institute, $40,000 in September 2017 to support the development of this software.

Its GoExplore™ software provides sequencing and analyses of patients’ DNA samples to assesses their risk of developing 52 hereditary conditions, including 31 cancers, 13 heart conditions, as well several other conditions where monitoring or intervention can be of benefit. 

In a change of focus, Genome.One and The Garvan Institute are reportedly no longer offering clinical reporting for genetic disease diagnosis or personal health genomics in Australia. This service was priced at $6,400 plus GST, with no Medicare rebate.

Staffing numbers in Genome.One have been severely cut, new capital is being sought and, Gavan has stated that it intends to spin off Genome.One software into a new company in which it will be a minority shareholder.

However, Genome.One still intends to pilot its genomics technology integrated into GP practice software and on !8 April 2018 its CEO stated; “We're working with some electronic medical record providers and we're hoping that we can get a trial underway at some point this year”.

Sunday, 5 August 2018

Tell me again why the Turnbull Government is insisting My Health Record will become mandatory by the end of October 2018?


It is not just ordinary health care consumers who have concerns about the My Health Record database, system design, privacy issues and ethical considerations.

It is not just the Turnbull Government which has not sufficiently prepared public and private health care organisations for the nationwide rollout of mass personal and health information collection - the organisations themselves are not ready.

Lewis Ryan (Academic GP Registrar)
* 91 % of GP Registrars have never used My Health Record in a clinical context

* 65% of GP Registrars have never discussed My Health Record with a patient

* 78%  of GP Registrars have never received training in how to use My Health Record

* 73% of GP Registrars say lack of training is a barrier to using My Health Record

* 71% of  GP Registrars who have used the My Health Record system say that the user interface is a barrier

* Only 21% of  GP Registrars believe privacy is well protected in the My Health Record system

In fact Australia-wide only 6,510 general practice organisations to date have registered to use My Health Record and these would only represent a fraction of the 35,982 GPs practicing across the country in 2016-17.


UPDATE

Healthcare IT News, 3 August 2018:
The Federal Government’s Health Care Homes is forcing patients to have a My Health Record to receive chronic care management through the program, raising ethical questions and concerns about discrimination.
The government’s Health Care Homes trial provides coordinated care for those with chronic and complex diseases through more than 200 GP practices and Aboriginal Community Controlled Health Services nationally, and enrolment in the program requires patients to have a My Health Record or be willing to get one.
But GP and former AMA president Dr Kerryn Phelps claimed the demand for patients to sign up to the national health database to access Health Care Homes support is unethical.
“I have massive ethical concerns about that, particularly given the concerns around privacy and security of My Health Record. It is discriminatory and it should be removed,” Phelps told Healthcare IT News Australia.
Under a two-year trial beginning in late 2017, up to 65,000 people are eligible to become Health Care Homes patients as part of a government-funded initiative to improve care for those with long-term conditions including diabetes, arthritis, and heart and lung diseases.
Patients in the program receive coordinated care from a team including their GP, specialists and allied health professionals and according to the Department of Health: “All Health Care Homes’ patients need to have a My Health Record. If you don’t have a My Health Record, your care team will sign you up.”
Phelps said as such patients who don’t want a My Health Record have been unable to access a health service they would otherwise be entitled to.
“When you speak to doctors who are in involved in the Heath Care Homes trial, their experience is that some patients are refusing to sign up because they don’t want a My Health Record. So it is a discriminatory requirement.”
It has also raised concerns about possible future government efforts to compel Australians to have My Health Records.
“The general feedback I’m getting is that the Health Care Homes trial is very disappointing to say the least but, nonetheless, what this shows is that signing up to My Health Record could just be made a prerequisite to sign up for other things like Centrelink payments or workers compensation.”
Human rights lawyer and Digital Rights Watch board member Lizzie O’Shea claims patients should have a right to choose whether they are signed up to the government’s online medical record without it affecting their healthcare.
“It is deeply concerning to see health services force their patients to use what has clearly been shown to be a flawed and invasive system. My Health Record has had sustained criticism from privacy advocates, academics and health professionals, and questions still remain to be answered on the privacy and security of how individual's data will be stored, accessed and protected,” O’Shea said. [my yellow highlighting]

Wednesday, 1 August 2018

Turnbull Government prepares an end run around the Australian electorate?


In 1986 the Federal Government couldn’t get the national electorate to accept the Australia Card, a national identity card to be carried by all citizens.

Likewise in 2007 the wider electorate rejected the proposed Access Card, a national identity card with a unique personal identification number, which was to be linked to a centralised database expected to contain an unprecedented amount of personal and other information.

Federal Government also failed to have everyone embrace the idea of MyGov, a data sharing, one-stop digital portal for access to government services created in 2013. To date only 11.5 million people out of a population of over 24.9 million hold an account with MyGov.

When after three and a half years the populace did not register in sufficient numbers for the so-called Personally Controlled Electronic Health Record (PCEHR), an intrusive opt-in data retention system, government changed tack.

It relabelled PCEHR as My Health Record (MHR) in 2016 and broadened the number of agencies which could access an individual’s personal/health information. Decreeing it would become a mandatory data collection system applied to the entire Australian population, with only a short an opt-out period prior to full program implementation1.

However, it seems that the Turnbull Federal Government expects around 1.9 million people to opt-out of or cancel their My Heath Record in the next two months. Possibly with more cancellations to occur in the future, as privacy and personal safety become issues due to the inevitable continuation of MHR data breaches and the occurrence of unanticipated software vulnerabilities/failures.

So Turnbull and his Liberal and Nationals cronies have a backup in place in 2018 called the Data Sharing and Release Bill, which Introduces legislation to improve the use and reuse of public sector data within government and with private corporations outside of government, as well as granting access to and the sharing of data on individuals and businesses that is currently otherwise prohibited.

The bill also allows for the sharing of transaction, usage and product data with service competitors and comparison services. An as yet unrealised  provision which is currently being wrapped up in a pretty bow and called a consumer right - but one that is likely to be abused by the banking, finance, insurance, electricity/gas industry sectors.

The bill appears to override the federal privacy act where provisions are incompatible.

This is a bill voters have yet to see, because the Turnbull Government has not seen fit to publish the bill’s full text. Only an issues paper is available at present.

Notes:

1. Federal Government may have succeeded in retaining the personal details of every person who filled in the 2016 Census by permanently retaining these details and linking this information to their future Census information in order to track people overtime for the rest of their lives, but this win for government as Big Brother was reliant on stealth in implementation and was limited in what it could achieve at the time. 

Because not everyone ended up with a genuine unique identification key as an unknown number of individual citizens and permanent residents (possibly well in excess of half a million souls) as acts of civil disobedience deliberately filled in the national survey forms with falsified information or managed to evade filling in a form altogether. 

Sunday, 29 July 2018

When it comes to My Heath Record the words horse, stable, door, spring to mind


In January 2016 the Australian Digital Health Agency (ADHA) became a corporate Commonwealth established under the Public Governance, Performance and Accountability (Establishing the Australian Digital Health Agency) Rule.

It has a board appointed by the Minister for Health in whose portfolio it is situated and the board is the accountable body of the ADHA.

Currently Mr Jim Birch AM, Chair. Mr Rob Bransby, Dr Eleanor Chew, Dr Elizabeth Deven, Ms Lyn McGrath, Ms Stephanie Newell, Dr Bennie Ng,  Professor Johanna Westbrook and Michael Walsh sit on this board.

The executive team is headed by Tim Kelsey as CEO, with Professor Meredith Makeham as Chief Medical Adviser and Bettina McMahon, Ronan O’Connor, Terrance Seymour & Dr. Monica Trujillo as the four executive managers.

ADHA is also the designated Systems Operator for My Health Record which currently holds the personal health information of 5.98 million people across the country and will add the remaining 19 million after 15 October 2018 unless they opt out of being included in this national database.

Given the potential size of this database the question of cyber security springs to mind.

It seems that the Australian Digital Health Agency has not been independently audited for cyber resilience by the Australian National Audit Office (ANAO) ahead of beginning the mammoth task of collecting and collating the personal heath information of those19 million people.

Australian National Audit OfficePotential audit: 2018-19:

Management of cyber security risks in My Health Record

The audit would examine the effectiveness of the Australian Digital Health Agency’s management of cyber security risks associated with the implementation and ongoing maintenance of the My Health Record system.
My Health Record creates a record of Australians’ interactions with healthcare providers, and more than 5.5 million Australians have a My Health Record. The audit would focus on whether adequate controls are in place to protect the privacy and integrity of individual records.

It seems that the Australian general public still only has the honeypot's dubious word that it cannot be raided by unauthorised third parties.

Prime Minister Malcolm Turnbull has reacted to growing community concern about the number of agencies which can access My Health Records with a vague promise of "refinements" and with this outright lie; "The fact is that there have been no privacy complaints or breaches with My Health Record in six years and there are over 6 million people with My Health Records".

The Office of the Australian Information Commissioner has recorded complaints and at least 242 individual My Health Records have been part of mandatory data breach reports in 2015-16 to 2016-17, with nine of the 51 reported breach events involving "the unauthorised access of a healthcare recipient’s My Health Record by a third party".

BACKGROUND

Intermedium, 8 May 2018:

Re-platforming options for the My Health Record (MHR) system will soon be up for consideration, with an Australian Digital Health Agency (ADHA) spokesperson confirming that a request for information will be released in the next few months to inform plans to modernise the infrastructure underpinning Australia’s mammoth patient health database.

An open-source, cloud-based environment has already been flagged as a possibility for the MHR by Department of Health (DoH) Special Adviser for Strategic trategic Health Systems and Information Management Paul Madden at Senate Estimates in May last year. He also said that the re-platforming decision was one of many “variables” that needed to be squared away to accurately gauge how much the MHR system will cost beyond 2019-20.
“The variables in there include the re-platforming of the system to an open source environment, using cloud technology… which will be something we will not know the cost of until we hit the market to get a view on that”, Madden said last year. “Our commitment is to come back to the budget in 2019 to paint out those costs for the four years beyond.”
ADHA is scoping out MHR re-platforming options early, with the existing contract with the Accenture-led consortium not set to expire until 2020. As the “National Infrastructure Operator”, Accenture is tasked with running and maintaining MHR’s infrastructure. The prime contractor works with Oracle and Orion Health to provide the core systems and portals behind MHR.
Accenture was awarded the contract to design, build, integrate and test the then-personally controlled electronic health record system (PCEHR) back in 2011, and has signed 13 contracts worth a total of $709.53 million with DoH in relation to the MHR in that time. With the original infrastructure now over seven years old, ADHA recognise the importance of modernising the environment supporting the MHR....

The Sydney Morning Herald, Letter to the Editor, 26 July 2018. p20:

What happens to medical records when opting out?

Dr Kerryn Phelps reminds us that, if people don't opt out, the My Health Records Act allows disclosure of patients' health information to police, courts and the ATO without a warrant ("My Health Record backlash builds", July 25). This would be in addition to "health information such as allergies, medicines and immunisations" available for emergency staff.

How can the access be restricted to emergency staff? How can only certain categories of information be released when allergies and medication are part of general medical notes? I was not reassured by "serious penalties relating to the misuse of information do not apply to accidental misuse" on the website. I opted out.

My GP has told me that, nonetheless, she will be obliged to upload my records - which sounds credible since I have formally opted out with the government, not with my doctor's practice. So what happens - does my health record get kicked off "the cloud"? What exactly did I opt out of?

Denise De Vreeze [my yellow highlighting]

Tuesday, 24 July 2018

Australian Health Minister Greg Hunt is not being truthful about My Health Record and he knows it


On 16 July 2018 the Australian Minister for Health and Liberal MP for Flinders, Gregory Andrew 'Greg' Hunt, characterised My Health Record as a "secure summary" of an individual's key health information.

The Office of the Australian Information Commissioner (OAIC) tells a rather different story.

One where at least 242 individual My Health Records have been part of mandatory data breach reports in 2015-16 to 2016-17, with nine of the 51 reported breach events involving "the unauthorised access of a healthcare recipient’s My Health Record by a third party".

A story which also involves at least 96 instances of Medicare uploading data to the wrong digital health records and also uploading claim information to another 123 My Health Records apparently without the knowledge or consent of the persons in whose names these My Health Records had been created.

There were other instances where MyGov accounts held by healthcare recipients were incorrectly linked to the My Health Records of other healthcare recipients.

Prior to the database name change and system change from opt-in to opt-out there had been another 9 data breaches of an unspecified nature reported, involving an unknown number of what are now called My Health Records.

More instances are now being aired in mainstream and social media where My Health Records were created by DHS Medicare Repository Services or other agents/agencies without the knowledge or consent of the individual in whose name the record had been created.
Healthcare IT News 16 July 2018


If this is how the national e-health database was officially functioning malfunctioning by 30 June 2017, how on earth is the system going to cope when it attempts to create millions of new My Health Records after 15 October 2018?

On the first day of the 60 day opt-out period about 20,000 people refused to have a My Health Record automatically created for them and at least one Liberal MP has also opted out, the Member for Goldstein and member of the House of Representatives Standing Committee on Health, Aged Care and Sport Tim Wilson. 

Prime Minister Malcolm Bligh Turnbull has stated his view that mass withdrawals will not kill the national digital health records system - perhaps because he and his government are possibly contemplating adopting the following three coercive recommendations found amongst the thirty-one recommendations included in the Siggins Miller November 2016 Evaluation of the Participation Trials for the My Health Record: Final Report:

20. Use all mechanisms available in commissioning and funding health services as vehicles to require the use of the My Health Record to obtain funds where practical.

21. Consider ways to require the use of the My Health Record system by all healthcare providers and how to best use the Government’s purchasing power directly (e.g. in the aged care sector), via new initiatives as they arise (such the Health Care Home initiative) or via PHNs commissioning clinical services (e.g. require use of the My Health Record system in all clinical and aged care services that receive Commonwealth funds). Such requirements should have a timeframe within which healthcare providers need to become compliant.

22. Explore with health insurers how they could encourage preferred suppliers and clients to use the My Health Record system as part of their push for preventive care and cost containment.

That the My Health Record is not about improving health service delivery for individual patients is indicated by the fact that a My Health Record is retained by the National Repositories Service for between 30 and up to 130 years after death and, even during an individual's lifetime can be accessed by the courts, police, other government agencies and private corporations listed as research organisations requiring medical/lifestyle information for what is essentially commercial gain, at the discretion of the Secretary of the Department of Health or the Digital Health Agency Systems Operator. See: My Health Records Act 2012 (20 September 2017), Subdivision B - s63 to s70

To put it bluntly, this national database will allow federal government to monitor the personal lives of Australian citizens more closely, enforce civil & criminal law, monetise collated data for its own benefit  and, weaponize the personal information collected anytime it feels threatened by dissenting opinion.

NOTES

OAIC annual reports:


The Guardian, 22 July 2018:

Australia’s impending My Health Record system is “identical” to a failed system in England that was cancelled after it was found to be selling patient data to drug and insurance companies, a British privacy expert has said.

My Health Record is a digital medical record that stores medical data and shares it between medical providers. In the UK, a similar system called care.data was announced in 2014, but cancelled in 2016 after an investigation found that drug and insurance companies were able to buy information on patients’ mental health conditions, diseases and smoking habits.

The man in charge of implementing My Health Record in Australia, Tim Kelsey, was also in charge of setting up care.data. 

Phil Booth, the coordinator of British privacy group Medconfidential, said the similarities were “extraordinary” and he expected the same privacy breaches to occur.

“The parallels are incredible,” he said. “It looks like it is repeating itself, almost like a rewind or a replay. The context has changed but what is plainly obvious to us from the other side of the planet, is that this system seems to be the 2018 replica of the 2014 care.data.” [my yellow highlighting]

North Coast Voices , 22 July 2018, Former Murdoch journalist in charge of MyHealth records –what could possibly go wrong?

UPDATE

Australian Parliamentary Library, Flagpost, 23 July 2018:

Section 70 of the My Health Records Act 2012 enables the System Operator (ADHA) to ‘use or disclose health information’ contained in an individual’s My Health Record if the ADHA ‘reasonably believes that the use or disclosure is reasonably necessary’ to, among other things, prevent, detect, investigate or prosecute any criminal offence, breaches of a law imposing a penalty or sanction or breaches of a prescribed law; protect the public revenue; or prevent, detect, investigate or remedy ‘seriously improper conduct’. Although ‘protection of the public revenue’ is not explained, it is reasonable to assume that this might include investigations into potential fraud and other financial offences involving agencies such as Centrelink, Medicare, or the Australian Tax Office. The general wording of section 70 is a fairly standard formulation common to various legislation—such as the Telecommunications Act 1997—which appears to provide broad access to a wide range of agencies for a wide range of purposes. 

While this should mean that requests for data by police, Home Affairs and other authorities will be individually assessed, and that any disclosure will be limited to the minimum necessary to satisfy the request, it represents a significant reduction in the legal threshold for the release of private medical information to law enforcement. Currently, unless a patient consents to the release of their medical records, or disclosure is required to meet a doctor’s mandatory reporting obligations (e.g. in cases of suspected child sexual abuse), law enforcement agencies can only access a person’s records (via their doctor) with a warrant, subpoena or court order....

It seems unlikely that this level of protection and obligation afforded to medical records by the doctor-patient relationship will be maintained, or that a doctor’s judgement will be accommodated, once a patient’s medical record is uploaded to My Health Record and subject to section 70 of the My Health Records Act 2012. The AMA’s Guide to Medical Practitioners on the use of the Personally Controlled Electronic Health Record System (from 2012) does not clarify the situation.

Although it has been reported that the ADHA’s ‘operating policy is to release information only where the request is subject to judicial oversight’, the My Health Records Act 2012 does not mandate this and it does not appear that the ADHA’s operating policy is supported by any rule or regulation. As legislation would normally take precedence over an agency’s ‘operating policy’, this means that unless the ADHA has deemed a request unreasonable, it cannot routinely require a law enforcement body to get a warrant, and its operating policy can be ignored or changed at any time.

The Health Minister’s assertions that no one’s data can be used to ‘criminalise’ them and that ‘the Digital Health Agency has again reaffirmed today that material … can only be accessed with a court order’ seem at odds with the legislation which only requires a reasonable belief that disclosure of a person’s data is reasonably necessary to prevent, detect, investigate or prosecute a criminal offence…..

Although the disclosure provisions of different agencies may be more or less strict than those of the ADHA and the My Health Records Act 2012, the problem with the MHR system is the nature of the data itself. As the Law Council of Australia notes, ‘the information held on a healthcare recipient’s My Health Record is regarded by many individuals as highly sensitive and intimate’. The National Association of People with HIV Australia has suggested that ‘the department needs to ensure that an individual’s My Health Record is bound to similar privacy protections as existing laws relating to the privacy of health records’. Arguably, therefore, an alternative to the approach of the current scheme would be for medical records registered in the MHR system to be legally protected from access by law enforcement agencies to at least the same degree as records held by a doctor.

Sunday, 22 July 2018

Former Murdoch journalist in charge of MyHealth records –what could possibly go wrong?



Former news editor of the notorious Newscorp publication The Sunday Times which was involved in the UK hacking scandal, former  Executive Director of Transparency and Open Data in the UK Cabinet Office and then National Director for Patients and Information and head of the toxic government Care.data project which stored patient medical information in a single database. before ending up as the commercial director of Telstra Health in Australia, Tim Kelsey, was appointed as CEO of the Australian Digital Health Agency by the Turnbull Coalition Government to progress the stalled My Health Record national database in 2016 with a salary worth $522,240 a year.

 A curriculum vitae which may go some way to explaining why reports are beginning to emerge of individuals seeking to opt-out of My Health Record finding out they have been registered by stealth in the Australian national database some years ago.

Crikey.com.au, 18 July 2018:

The bureaucrat overseeing My Health Record presided over a disaster-plagued national health record system in the UK, and has written passionately about the belief people have no right to opt out of health records or anonymity.

Tim Kelsey is a former British journalist who moved into the electronic health record business in the 2000s. In 2012, he was appointed to run the UK government’s national health record system, Care.data, which was brought to a shuddering halt in 2014 after widespread criticism over the sale of patients’ private data to drug and insurance companies, then scrapped altogether in 2016. By that stage, Kelsey had moved to Telstra in Australia, before later taking a government role. There was considerable criticism about the lack of information around Care.data, and over 700,000 UK people opted out of the system.

Kelsey vehemently opposed allowing people to opt out — the exact model he is presiding over in Australia. In a 2009 article, “Long Live The Database State”, for Prospect…..

For Kelsey, this was necessary for effective health services…….

Kelsey also expressed his opposition to the anonymisation of data, even of the most personal kind…... 

Kelsey’s vision was of a vast state apparatus collecting, consolidating and distributing private information to enable an interventionist state.

Moreover, he stated others should have access to data…..

ADHA, Kelsey is doing little to fix his reputation for controversy. On Saturday, ADHA released an extraordinary 1000-word attack on News Corp health journalist Sue Dunlevy who correctly pointed out the strong risk to privacy in the My Health Record system. The statement repeatedly criticised Dunlevy, accusing her of “dangerous fearmongering” and being “misleading and ignorant”.

Dunlevy had rightly noted the lack of any effective information campaign about My Health record (exactly the criticism made of Care.data), prompting ADHA to boast of its $114 million campaign at Australia Post shops, Department of Human Services “access points” and letters to health practitioners. It makes you wonder why even News Corp’s Janet Albrechtsen said she’d never heard of My Health Record until last week…. 

Wednesday, 11 April 2018

Almost right from its very beginning Facebook Inc was not the benign Internet presence it pretended to be


Facebook Inc. - incorporated in July 2004 and headquartered at 1 Hacker Way (so named by Facebook management), Menlo Park, California 94025 - has at least twelve data centres around the world which collect, transmit, collate, store and monetise data drawn from an est. 2 billion active Facebook accounts. 

In May 2017 this social media company was worth est. US$407.3 billion according to Forbes.com.

Now that the social media giant finds itself being officially investigated to varying degrees by the United Kingdom, Australia and the United States on matters of user data collection, data retention, privacy and safety - as well as being the object of a number of lawsuits - here is a timeline indicating how Mark Zuckerberg brought Facebook to this low point......


FACEBOOK INC
2005

Facebook Privacy Policy states that Thefacebook takes appropriate precautions to protect our users' information. Your account information is located on a secured server behind a firewall. However it also states When you visit the Web Site you may provide us with two types of information: personal information you knowingly choose to disclose that is collected by us and Web Site use information collected by us on an aggregate basis as you and others browse our Web Site.
When you register on the Web Site, you provide us with certain personal information, such as your name, your email address, your telephone number, your address, your gender, schools attended and any other personal or preference information that you provide to us.
When you enter our Web Site, we collect the user's browser type and IP address. This information is gathered for all users to the Web Site. In addition, we store certain information from your browser using "cookies." A cookie is a piece of data stored on the user's computer tied to information about the user. We use session ID cookies to confirm that users are logged in. These cookies terminate once the users close the browser. We do not use cookies to collect private information from any user.
Thefacebook also collects information about you from other sources, such as newspapers and instant messaging services. This information is gathered regardless of your use of the Web Site. 

2006

Facebook’s privacy policy is now expressing this sentiment; We understand you may not want everyone in the world to have the information you share on Facebook; that is why we give you control of your information. Our default privacy settings limit the information displayed in your profile to your school, your specified local area, and other reasonable community limitations that we tell you about….

However the company is still collecting as much information about Facebook users that it can, as well as informing account holders that; Facebook may also collect information about you from other sources, such as newspapers, blogs, instant messaging services, and other users of the Facebook service through the operation of the service (e.g., photo tags) in order to provide you with more useful information and a more personalized experience. By using Facebook, you are consenting to have your personal data transferred to and processed in the United States.

2007

Facebook Platform  - app developers can now access the “’social graph’ ie., tracked connections between users and their friends.

Beacon - shares what users are doing on other websites with their Facebook friends without specific consent.

2008

Facebook Connect - corrects Beacon’s mistakes by requiring users to take deliberate action before they share activity from other websites when logged in using Facebook.

2009


Beacon officially shut down after at least one lawsuit commenced over privacy issue.

Facebook hosts the Farmville game which was later revealed as a data miner.

2010

Facebook’s privacy policy states; When you connect with an application or website it will have access to General Information about you. The term General Information includes your and your friends’ names, profile pictures, gender, user IDs, connections, and any content shared using the Everyone privacy setting. ... The default privacy setting for certain types of information you post on Facebook is set to “everyone.” ... Because it takes two to connect, your privacy settings only control who can see the connection on your profile page. If you are uncomfortable with the connection being publicly available, you should consider removing (or not making) the connection.

On 28 April 2010 Electronic Frontiers Foundation reported that: Facebook announced a plan to transform most of the bits in your profile (including your hometown, education, work, activities, interests, and more) into connections, which are public information. If you refuse to make these items into a Connection, Facebook will remove all unlinked information.

2011

Social reporting tool – allows Facebook users to directly contact other users to request a post or image takedown if either relates directly to them. Any takedown is voluntary if content doesn't breach Facebook rules.

Facebook Inc initially refuses to take down a defamatory site invading the privacy of Clarence Valley highschool students. It only does so after direct pressure is applied by a community member.

2012

In February the Parliament of Australia invites the Australian public to connect with it via Facebook.

Facebook begins roll out Facebook Camera for iOS to English-speaking countries - a standalone photos app where users can shoot, filter, and share single or sets of photos and scroll through a feed of photos uploaded to Facebook by friends.


2013

Facebook begins collaboration with Dr. Alexandr Kogan eventually supplying him with data on 57 million Facebook friendships by 2015. User data supplied to Kogan for his research was later sent to Cambridge Analytica without Facebook users knowledge or consent.

Facebook hosts Hangouts - live video.

2014

Facebook Groups - app for iOS and Android introduced and then deleted some months later.

Facebook buys WhatsAppMessaging.

Facebook conducts a number of psychological experiments on users without their knowledge or consent. It is reported that 689,000 users had their home pages manipulated.


2015

Security Checkup - new tool to simplifying privacy controls.

Head of Research at Facebook Inc, Peter Fleming, and one of the company’s  contract researchers are listed as co-authors of Alexander Kogan’s published research on the relationship of social class and international friendships. 


2016


2017

Privacy Basics - new tool to simplify privacy controls.

Becomes public knowledge that Facebook revealed to one Australian advertiser that it had a database of young users – 1.9 million high schoolers, 1.5 million tertiary students and 3 million young workers – and that it could tell advertisers when young workers were particularly vulnerable.

Facebook reported to be planning $750 million data center in New Albany, Ohio employing only 50 permanent staff.

Facebook admits to US Securities and Exchange Commission that 1.5% of its 2.01 billion accounts worldwide are “undesirable” - that is likely to be fake accounts. Yahoo Finance calculates that to be upwards of 30 million accounts.

In December Germany’s Federal Cartel Office released preliminary investigation findings and stated: The Bundeskartellamt has informed the company Facebook in writing of its preliminary legal assessment in the abuse of dominance proceeding which the authority is conducting against Facebook. Based on the current stage of the proceedings, the authority assumes that Facebook is dominant on the German market for social networks. The authority holds the view that Facebook is abusing this dominant position by making the use of its social network conditional on its being allowed to limitlessly amass every kind of data generated by using third-party websites and merge it with the user's Facebook account. These third-party sites include firstly services owned by Facebook such as WhatsApp or Instagram, and secondly websites and apps of other operators with embedded Facebook APIs.

Google search engines now host multiple Facebook apps.

By 2017 numerous government departments and agencies in Australia have Facebook accounts, from which the company can harvest visitor data whether or not the visitor has a Facebook account.

Included on the long list of government departments/agencies is the federal Dept. of Human Services (DHS)DHS states that it posts on its Facebook page about payments and services, answers questions, gives useful tips, shares news, and give updates on relevant issues. This means that anyone who visits or interacts with the five DHS Facebook pages will have their Internet usage data scraped, information contained in any questions asked retained and collated with any other information Facebook holds on that visitor. DHS appears to be aware of privacy vulnerabilities in its use of Facebook as it is at pains to point out that The department is not responsible for the privacy practices or content of Facebook.......

Australian federal and state electoral commissions also have active Facebook pages.

In December 2017 Facebook rolled out Messenger Kids app which is installed via an adult's Facebook account. This app offers video and text chats for children using their own digital devices. Although Messenger Kids displays no ads it does not appear to be exempt from Facebook's user data collection.

Facebook Inc initially refuses to remove a scam account attempting to raise money and only does so after media pressure

2018

On 16 March Facebook Inc. announces it has suspended the accounts of Aleksandr Kogan, Cambridge Analytica and Strategic Communication Laboratries Group on the basis they had misused Facebook user data,  

In late March it was revealed that Facebook's Android app is capable of hoovering up extensive call data without users knowledge or consent.

Facebook-created VR app like Spaces obtain information about what users doing there, much in the same way that any third-party app developer would. Facebook also records a “heatmap” of viewer data for 360-degree videos, for instance, flagging which parts of a video people find most interesting.

Facebook admits that it archived unpublished and deleted user videos created using a now redundant video streaming function. 

Facebook Inc. admits that up to 87 million account holders may have had their personal information accessed by the Trump presidential campaign-linked data miner Cambridge Analytica. Either because  Facebook users accessed the thisisyourdigitallife app or because they had friended a person had done so.

Only 53 Australian Facebook users took the thisisyourdigitallife personality quiz but the app hoovered up the data on est 311,127 other users included in friendship lists once it accessed those 53 accounts. Just 10 New Zealanders used the app but data from another est. 67,000 users was collected via their friendship groups.

Facebook also admits that its software allowed reverse searching of its user pages employing only ‘phone numbers and email addresses and that “malicious actors” may have used this feature to scrap public profile data from most of its 2 billion users.

The company admits that its account recovery process can also allow these malicious actors to access user data.


In April Facebook announces a tightening of its privacy controls and states it intends to police all third party requests for access to user data. Given the company stated it had in total 215,000 staff worldwide as of December 2017 and, not all those staff would be available to personally monitor third party requests relating to Facebook’s est. 2 billion active monthly users, one wonders just how reliable this latest ‘promise’ from Facebook Inc. will be.

On 4 April 2018 USA Today reported that: Members of the House and Senate committees that will question Facebook CEO Mark Zuckerberg about user privacy protection next week are also some of the biggest recipients of campaign contributions from company employees and the Facebook Inc. PAC.
The committee that got the most Facebook contributions is the House Energy and Commerce Committee, which announced Wednesday morning it would question Zuckerberg on April 11.

Open Secrets lists Facebook Inc PAC contributions to 2016 U.S. federal election campaigns:
Contributions from this PAC to federal candidates (list recipients)
(44% to Democrats, 55% to Republicans)
$519,500
Contributions to this PAC from individual donors of $200 or more (list donors)
 $619,240

In April Facebook admits that it has entered an unspecified number of the 1.3 billion 
Messenger accounts and, without users knowledge or consent, selectively removed messages sent to those users by Mark Zuckerberg and other unnamed Facebook Inc executives/employees

Australian Privacy Commissioner launches investigation into Facebook Inc.

Five U.S. state attorneys-general reported to have begun investigations into how Facebook Inc. collects, shares and does or doesn't protect user information.

According to the Insurance Journal on 5 April 2018: Users and investors have filed at least 18 lawsuits since last month’s revelations about Cambridge Analytica. Beyond privacy violations, they are accusing Facebook of user agreement breaches, negligence, consumer fraud, unfair competition, securities fraud and racketeering.

On 6 April Facebook Inc annouces that it has suspended the account of Canadian tech company AggregateIQ because of its involvenment in the Cambridge Analytica scandal and three days later suspends CubeYou on similar grounds while it investigates.

On 9 April TNW reports that Facebook's cryptocurrency ad filter failed.

The Washington Post  reported on 9 April:
As for Facebook itself, former FBI special agent Clinton Watts told me that, in one sense, the numbers should not be surprising since “everyone has a message to get out, and Facebook is the best place to do it. Russia, Cambridge Analytica or any campaign for that matter has to go to social media to be effective.” The problem arose in Facebook’s mode of operating. “Their motto was move fast and break things, and they did, they moved fast and in the end broke the trust of their users with the platform,” Watts said. “They didn’t do solid assessments of who was accessing data on their platforms, and they didn’t effectively scrutinize advertisements and accounts surfacing on their platforms.”

By 10 April it was being reported that a number of Facebook IT engineers were quitting or asking to change departments over ethical concerns.

On 11 April 2018 Facebook Inc. founder, CEO and controlling shareholder, 33 year-old Mark Elliot Zuckerberg appears before the US House of Representatives House Energy and Commerce Committee's Facebook: Transparency and Use of Consumer Data hearing.

The day before Zuckerberg fronted the Senate Committee on the Judiciary, Senate Committee on Commerce, Science, and Transportation’s  Facebook, Social Media Privacy, and the Use and Abuse of Data hearing.

Despite all of the above, as of 11 April 2018 the Australian Government Dept of Human Services retains its "Humans Services", "Student Update", "Families Update" and "Seniors Update" Facebook pages and, the departmental website still links to "How to 'Like' " instructions and shows visitors how to set up their own Facebook account with a link to its very own 'how to' YouTube video. Cenrelink's General Manager also still has an official Facebook account.

Note:
Given the federal Department of Human Services admitted that it had employed third parties to monitor social media including Facebook for information about welfare recipients that it could match with internal departmental data, one has to wonder what range of methods were used to undertake this surveillance and exactly who the contractors were.