Galexia

  About Us - Galexia News

 

Digital Transformation Agency (DTA) releases Galexia Privacy Impact Assessment (PIA) on digital identity - 17 March 2017

Related Galexia services and solutions

  • Strategic Privacy Consulting. Read more »
  • Privacy Management Lifecycle: Our Privacy Products and Services. Read more »
  • Issues Management: Public and Stakeholder Consultations. Read more »
  • Identity Management and Authentication - Strategic Consulting. Read more »

Related Galexia news and articles

On 17 March 2017 the Australian government Digital Transformation Agency (DTA) released the initial Privacy Impact Assessment (PIA) on the proposed Trusted Digital Identity Framework (TDIF) and identity platform. Galexia completed the PIA as independent consultants to the agency. Download the PIA from the DTA website » [PDF]

The TDIF and platform are designed to support a federated digital identity system.

The initial PIA examined impacts based on the draft framework and platform architecture as at the completion of the Alpha phase of the Digital Identity Initiative, as defined by the Digital Service Standard.

This initial PIA is the first stage of an independent and multi-phase PIA process.

To accompany the PIA the DTA also issued a blog post providing an update on the overall progress of the project. Read the blog post about Govpass on the DTA website »

Read more about Galexia’s work with the Australian Government and DTA on identity »

Austroads publishes the first Privacy Impact Assessment (PIA) on data messages for connected cars in Australia - March 2017

Related Galexia services and solutions

  • Privacy Management Lifecycle: Our Privacy Products and Services. Read more »
  • Issues Management: Public and Stakeholder Consultations. Read more »
  • International, Comparative and Cross-Border Research. Read more »

Related Galexia news and articles about Privacy Reviews

Related Galexia news and articles about Austroads

Austroads has released a Privacy Impact Assessment (PIA) developed by Galexia on the hot topic of smart roads and driverless cars.

Galexia provided independent privacy advice on the data messages that be wirelessly broadcast and received by vehicles and roadside units in the deployment of Cooperative Intelligent Transport Systems (C-ITS) in Australia. This is a vital part of the infrastructure required to enable automated or 'driverless' car technology to be deployed safely. Read more »

The PIA considered compliance with privacy and security legislation, standards and international developments in this fast moving sector. 

More Information:

  • Title: Privacy Impact Assessment (PIA) for Cooperative Intelligent Transport System (C-ITS) data messages
  • Abstract: This document provides a high level Privacy Impact Assessment for the Cooperative Intelligent Transport System (C-ITS) data messaging system.
  • Keywords: Cooperative Intelligent Transport System, C-ITS, privacy, personal information, cooperative awareness message, decentralised event notification message, legislation
  • Austroads Project No. NT1785?
  • Austroads Publication No. AP-C100-17?
  • Publication date: March 2017 (Prepared August 2016) Pages 46
  • Copyright: Austroads and Galexia 2017
  • Download: <http://www.austroads.com.au/images/CAV/AP-C100-17_PIA_for_CITS_data_messages.pdf>

Galexia has a long history of providing advice on privacy issues related to driver and vehicle licensing and transport platforms. Galexia continues to provide independent privacy advice on a range of new and innovative technologies.

Austroads is the peak organisation of Australasian road transport and traffic agencies. Read more about Galexia’s work with Austroads »

Galexia assisting The University of Sydney on an Identity and Access Management Strategy - February 2017

Related Galexia services and solutions

  • Identity Management and Authentication - Strategic Consulting. Read more »
  • Identity Management and Authentication - Technical Consulting. Read more »

Galexia was successful in a competitive tender and is assisting The University of Sydney with an Identity and Access Management (IdAM) Strategy and Roadmap.

The Galexia team has a long track record in providing IdAM health checks, reviews, strategies and roadmaps to large scale clients.

New Global Cloud Computing Readiness Scorecard being developed for mid 2017 launch - February 2017

Related Galexia services and solutions

Related Galexia projects

Download the 2016 Scorecard and 24 Country Reports



Related BSA reports developed by Galexia (external links)

Related Galexia news

Galexia is working with BSA | The Software Alliance on a significant ‘reboot’ of the Global Cloud Readiness Scorecard for 2017, implementing additional and revised criteria and scoring methodology.

The 2017 report will deliver fresh data and results. The new Scorecard benefits from lessons learned and insights developed in the 2012, 2013 and 2016 scorecards and country reports. The scorecard will also benefit from the lessons and successes of the APAC and EU CyberSecurity Dashboards.

The new scorecard will be released in mid-2017.

The Galexia / BSA Global Cloud Scorecard will analyse the legal and regulatory framework and broadband infrastructure of 24 countries that together make up 80 percent of the global ICT market. The analysis is grouped under seven policy categories that are central to the growth and operation of cloud computing.

The study will include a detailed country-by-country analysis of legislation, regulations, case law, government policy and standards. The assessments include an evaluation of enforcement and implementation of existing laws in each country, as well as an assessment of compliance with relevant treaties and global agreements where applicable. The Scorecard analysis is based upon a combination of published information and statistics and evaluation by independent experts at Galexia.

Galexia presenting at CPDP2017 (The Age of Intelligent Machines) Computers, Privacy & Data Protection 10th International Conference, Brussels - 25 January 2017

Related Galexia services and solutions

Related Galexia news and articles


[ Galexia Dots ]

Galexia Director Chris Connolly will be presenting at CDPD2017 - The Age of the Intelligent Machine at the 10th International Computers, Privacy & Data Protection (CPDP) International Conference in Brussels on 25 January 2017. 

CPDP (now in its 10th year) is one of the largest gatherings of privacy experts in the world. More information about the conference is available at: <http://www.cpdpconferences.org>


[ Galexia Dots ]

CPDP offers the cutting edge in legal, regulatory, academic and technological development in privacy and data protection. Within an atmosphere of independence and mutual respect, CPDP gathers academics, lawyers, practitioners, policy-makers, computer scientists and civil society from all over the world to exchange ideas and discuss the latest emerging issues and trends. This unique multidisciplinary formula has served to make CPDP one of the leading data protection and privacy conferences in Europe and around the world.

CPDP2017 adopts “Artificial Intelligence” as its overarching theme to pave the way for a timely and thorough discussion over a broad range of ethical, legal and policy issues related to new technologies. CPDP2017 will stage more than 70 panels addressing current debates in the area of information technology, privacy and data protection. Session topics range from the implementation of the GDPR, ePrivacy Directive review, the implications of Brexit for data protection, de-identification, EU-US Privacy Shield to Big Data and insurance, algorithmic decision-making, cybersecurity, IoT, the ethics of AI and much more. 


[ Galexia Dots ]

Chris will be speaking on the topic of international data transfers as part of an expert panel considering Legal challenges to the international transfer of data: Privacy Shield and standard contractual clauses (SCCs):

  • Chair: Bruno Gencarelli, DG JUST (EU)
  • Moderator: Guido Lobrano, Business Europe (EU)
  • Panel:
    • Thomas Boué, BSA (US)
    • Chris Connolly, Galexia (International)
    • Fanny Hidvegi, AccessNow (International)
    • Christopher Kuner, Brussels Privacy Hub (BE)
  • Theme: The panel will focus on the recent legal challenges to data transfers from Europe to the rest of the world: from the Schrems II case on the use of Standard Contractual Clauses to the recent formal complaints against Privacy Shield seeking to annul the European Commission implementing decision, and what these could entail for global data transfer mechanisms. After a brief explanation of the various challenges and the transfer tools put into question, we will focus on the implications that these challenges may have if they were to succeed. This panel will allow for a timely and very topical discussion on a series of ongoing legal developments that may have a profound impact on the future of the Europe and its economy.

    The Panel will ask:
    • What is at stake with regard to the legal challenges to data transfers from Europe today??
    • Why is Privacy Shield qualitatively different from Safe Harbor??
    • Are Standard Contractual Clauses (SCCs) and Privacy Shield comparable??
    • If both the use of SCCs and Privacy Shield are annulled, what then??

More information about this stream: <http://www.cpdpconferences.org/25012017/cave.html>

The Panel is organised by BSA | The Software Alliance. Read more about Galexia’s work with BSA »


More information about the conference is available at: <http://www.cpdpconferences.org>

Galexia completes initial Privacy Impact Assessment (PIA) for the Australian Government Digital Transformation Agency (DTA) on the proposed Trusted Digital Identity Framework (TDIF) - December 2016

Related Galexia services and solutions

  • Strategic Privacy Consulting. Read more »
  • Privacy Management Lifecycle: Our Privacy Products and Services. Read more »
  • Issues Management: Public and Stakeholder Consultations. Read more »
  • Identity Management and Authentication - Strategic Consulting. Read more »

Related Galexia news and articles

In December 2016 Galexia completed an initial Privacy Impact Assessment (PIA) on the proposed Trusted Digital Identity Framework (TDIF) and identity platform being developed by the Australian Government Digital Transformation Agency (DTA).

The TDIF and platform will support a federated digital identity system.

The initial PIA will determine impacts based on the draft framework and platform architecture as at the completion of the Alpha phase of the Digital Identity Initiative, as defined by the Digital Service Standard.

This PIA is the first stage of an independent and multi-phase PIA process.

On 17 March 2017, the DTA has published this PIA. Read more »

Read more about Galexia’s work with the Australian Government and DTA on identity »

Galexia presenting at the Annual European Data Protection and Privacy Conference, Brussels - 1 December 2016

Related Galexia services and solutions

Related Galexia news and articles

Galexia Director Chris Connolly will be presenting at the 7th Annual European Data Protection and Privacy Conference in Brussels on 1 December 2016. This event has become the principal annual data protection and privacy conference held in Brussels, gathering over 350 cross-sector delegates.

The 2016 conference will particularly focus on the implementation of the GDPR rules, on the implications of the Privacy Shield agreement and will discuss the e-Privacy directive review. It will provide an opportunity for both the policymakers and stakeholders involved in this area to engage in an interactive debate discussing issues related to the future of Data Protection and Privacy in Europe, and what the new framework will mean for the creation of a successful Digital Single Market.

Chris will be chairing a panel of global experts on: 


[ Galexia Dots ]

The New Data Protection and Privacy Framework - Facilitating international data flows

We live in increasingly networked societies, regardless of borders, where transfers of personal information between countries and markets plays a key role in the global economy. Therefore, the extent to which global data protection laws remain compatible with each other is crucial for data innovation, economical and societal benefits. This session will discuss the implications of the adoption of the EU-U.S. Privacy Shield agreement earlier this year for global businesses, and will debate the future of the ‘Adequacy Principle’ for third countries looking to demonstrate to the EU that they have appropriate safeguards for data protection. This discussion will be held in the context of ongoing global trade negotiations and following the vote of the UK to leave the EU earlier this year. ?

  • Adina Valean, Vice-President, European Parliament
  • Steve Wood, Deputy UK Information Commissioner, UK Information Commissioner Office
  • Bruno Gencarelli, Head of Unit - Data Protection, European Commission - DG Justice
  • Joan Antokol, Managing Partner, Park Legal LLC
  • Shannon Coe, Head of international data transfers sector, Office of Digital Services, International Trade Administration, U.S. Department of Commerce

Moderator: Chris Connolly, Director, Galexia


[ Galexia Dots ]

More information about the conference is available at: <http://www.eu-ems.com/summary.asp?event_id=3307&page_id=7895>

Galexia Micro-site on the 2016 Global Cloud Computing Scorecard with analytics and graphs on trends since 2012 - December 2016

Download the Scorecard and 24 Country Reports



Related Galexia services and solutions

Related BSA reports developed by Galexia (external links)

Related Galexia clients

Related Galexia news

Galexia Global Cloud Computing Readiness Scorecard (2016) Micro-site » - Access the 2016 Scorecard, Dashboard and 24 country report, as well as analytics and graphs showing transition and trends in overall scores across themes and 24 countries (from 2012 to 2016)

In April 2016 the a major update to our cloud readiness research series was released - The 2016 BSA Global Cloud Computing Readiness Scorecard (a joint research effort between BSA | The Software Alliance and Galexia) ranks the cloud computing readiness of 24 countries that account for 80 percent of the world’s IT markets. Each country is graded on its strengths and weaknesses in seven key policy areas. Previous reports were released in 2012 and 2013 and this is a major update.

Our micro-site of the 2016 Cloud Scorecard reflects the final and official version as published on the BSA | Software Alliance Scorecard micro-site - with additional embedded analytics and visualisations from Galexia. The release of the 3rd in this series of ground breaking reports is a great time to take stock and look at what we think are the fascinating and significant trends and patterns of global improvements (and backward steps) over the past 4 years (from 2012 to 2016). We have included graphs, analysis and data not previously published.

How does the scorecard and report series work?

There are number of components that go into building up the Cloud Readiness Scorecard & 24 Country Reports

  • Consistent themes, criteria and scoring methodology across all reports from 2012
  • 24 country reports
  • Country checklist on a page - it is worth obtaining the BSA hard copy version of the report which has an double A4 foldout presenting a useful checklists across 24 countries
  • Country summaries
  • Theme summaries
  • Consistent scoring across 46 criteria
  • Overall Score and Rankings
  • Detailed change tracking, identifying trends and rates of improvement

How much change has there been from 2012 to 2016?

Changes in the 2016 report - from 2013

Changes in the 2013 report - from 2012

Updates across 24 countries and 66 criteria, including:

  • 32 significant (positive) changes
  • 73 moderate (positive) changes
  • 10 significant (negative) changes
  • 24 moderate (negative) changes
  • 292 minor (no effect) changes
  • 504 infrastructure changes

Tracks change in score and rank from 2013

Full scorecard report translated into 3 languages (Korean, Spanish & Thai)

Country reports translated into 7 languages (Argentina, China, Germany, Korea, Japan, Mexico & Thailand)

Includes 2 new case studies

Updates across 24 countries and 66 criteria, including:

  • 27 significant (positive) changes
  • 34 moderate (positive) changes
  • 0 significant (negative) changes
  • 6 moderate (negative) changes
  • 108 minor (no effect) changes
  • 432 infrastructure changes

Tracks change in score and rank from 2012

Includes 3 new case studies

Summary of Scores and Ranks for 2016

The 2016 BSA Global Cloud Computing Scorecard ranks the cloud computing readiness of 24 countries that account for 80 percent of the world’s IT markets. Each country is graded on its strengths and weaknesses in seven key policy areas.

This year’s results reveal that almost all countries have made healthy improvements in their policy environments since the release of BSA’s previous Scorecard in 2013. But the stratification between high-, middle- and lower-achieving country groups has widened, with the middle-ranking countries stagnating even as the high achievers continue to refine their policy environments.

Scores and Rank and how this has changed from 2012 to 2016

The following visualisations show the transition and trends in the overall scores, theme scoring components and rank changes (from 2012 to 2016):


[ Galexia Dots ]

Galexia Global Cloud Computing Readiness Scorecard (2016) Micro-site » - Access the 2016 Scorecard, Dashboard and 24 country report, as well as analytics and graphs showing transition and trends in overall scores across themes and 24 countries (from 2012 to 2016)

Article in Data Protection Leader - Regulators fight back against privacy fraud - November 2016

Related Galexia services and solutions

Long history of journal contributions

Galexia has a long history of making significant contributions to law journals and law publications, with Galexia staff providing both content and editorial oversight. Galexia team members have contributed numerous articles and chapters to law publications, particularly in the area of privacy law and electronic commerce law. Some highlights include

  • Galexia Directors Chris Connolly and Peter van Dijk were the founding editors of the Internet Law Bulletin in 1998 and maintained close ties to the Bulletin until 2009. This was the first law journal of its type and still published by LexisNexis. 
  • Chris Connolly, with assistance from Galexia researchers, is the author of the Electronic Contracts Law chapter in the Thomson Reuters Laws of Australia.
  • Galexia directors Chris Connolly and Peter van Dijk are the authors of a chapter in the new book Enforcing Privacy - Regulatory, Legal and Technical Approaches (published by Springer, April 2016).
  • Chris Connolly wrote two chapters in The United Nations Convention on the Use of Electronic Communications in International Contracts (Kluwer 2008)
  • Chris Connolly joined the Editorial Board of the Data Protection Leader (October 2016)
    The Data Protection Leader (formerly known as the Data Protection Law and Policy Journal) is a global journal and one of the leading monthly publications on privacy, data protection and cyber-security. The monthly law publication covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data.

Related Galexia news and articles about the ‘Data Protection Leader’


[ Galexia Dots ]

Data Protection Leader, Volume 13, Issue 11 (November 2016) - Regulators fight back against privacy fraud

Chris Connolly, Director at Galexia, summarises the key lessons to be learnt from recent enforcement action involving ‘privacy fraud.’

Privacy fraud has traditionally been viewed as a niche issue, but in recent years it has emerged as a mainstream privacy compliance matter, and now attracts significant attention from data protection regulators. It typically occurs where a company claims it belongs to a specific privacy compliance?scheme or that it has been certified?in a privacy trustmark scheme. The?claim is designed to assure consumers that it meets a high level for privacy assurance, or that its practices have been assessed and certified by a?trusted third party. In a growing number of instances, these claims are false.?Data protection experts have been aware of this problem for many years. Consumer protection regulators, trust- mark operators and consumer advocates spend a significant amount of time and resources contacting companies and asking them to remove false claims. Consumer protection regulators (including some data protection regulators) can threaten to use their legal powers in relation to ‘misleading and deceptive’ conduct. Trustmark operators can threaten to use their trademark protection powers to seek the removal of false claims. Consumer advocates?can threaten to refer the company to?the relevant regulator or to the media.
The vast majority of this work takes place ‘behind the scenes’ and it is?only in recent years that formal, public enforcement action has been taken on privacy fraud. Since 2009, there have been 39 public enforcement actions related to privacy fraud, with the bulk of them occurring in the last three years.
...

Read the complete article » - including

  • The Ashley Madison case - Privacy fraud may be so significant that it invalidates consent?
  • False Safe Harbor claims - Privacy fraud may occur where a?false claim is the result of ‘lapsed’ membership of a privacy scheme (various Safe Harbor cases 2009-2015);
  • Trustmark scheme false claims - Privacy fraud may extend to the privacy trustmarks schemes themselves (TRUSTe 2015);
  • APEC CBPRs false claims - Privacy fraud may occur where?a company falsely claims it is a member of a scheme it has never applied to join (some Safe Harbor cases in 2009 and 2015, and the APEC CBPRs cases 2016);

Read Volume 13, Issue 11 (November 2016) »

Galexia completes Privacy Impact Assessment (PIA) for the Australian Government Attorney General’s Department (AGD) on Change of Name Data Sharing - October 2016

Related Galexia services and solutions

  • Strategic Privacy Consulting. Read more »
  • Privacy Management Lifecycle: Our Privacy Products and Services. Read more »
  • Issues Management: Public and Stakeholder Consultations. Read more »
  • Identity Management and Authentication - Strategic Consulting. Read more »

Related Galexia news and articles

Galexia was engaged by the National Security Policy Branch of the Australian Government Attorney General’s Department to conduct an independent Privacy Impact Assessment (PIA) on proposals to allow change of name data to be shared across multiple Commonwealth, State and Territory agencies.

This PIA includes consideration of legislative requirements, identity verification protocols, national security considerations and community privacy perceptions.

Stakeholders included the National Security Policy Branch (Attorney General’s Department), Department of Immigration and Border Protection and all of the state Births Deaths and Marriages Registries.

The broad purpose of this PIA was to assist in the development of ongoing data sharing arrangements regarding formal change of name information between State and Territory Registries of Births Deaths and Marriages (BDMs), and the Australian Government Department of Immigration and Border protection (DIBP).

The Martin Place Siege: Joint Commonwealth - New South Wales Review <https://www.dpmc.gov.au/resource-centre/national-security/martin-place-siege-joint-commonwealth-new-south-wales-review> (the Review) identified gaps in the sharing of information on changes of name between government agencies. In particular, the Review highlighted the need to improve the robustness of checks on identity by Commonwealth and state and territory government agencies, including the need for improved arrangements for sharing formal name change information between Commonwealth and state bodies. A national Change of Name Working Group has been established to manage the implementation of a solution.

Read more about Galexia’s work with the Australian Government AGD »

Galexia Director Chris Connolly joins the Editorial Board of Data Protection Leader - October 2016

Related Galexia services and solutions

Long history of journal contributions

Galexia has a long history of making significant contributions to law journals and law publications, with Galexia staff providing both content and editorial oversight. Galexia team members have contributed numerous articles and chapters to law publications, particularly in the area of privacy law and electronic commerce law. Some highlights include

Related Galexia news and articles about the ‘Data Protection Leader’


[ Galexia Dots ]

Galexia Director, Chris Connolly, has joined the Editorial Board of Data Protection Leader (formerly known as the Data Protection Law and Policy Journal). This global journal is one of the leading monthly publications on privacy, data protection and cyber-security.

The monthly law publication covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data.

Subscribers to the publication receive printed copies each month and also gain full online access, including to the fully searchable archives, which feature over 500 articles. 

The main themes covered in the Data Protection Leader are:

  • Global Privacy Norms & Reforms
  • Data Breach & Data Security
  • Data Transfers & Outsourcing
  • Cloud computing and digital data
  • Sectoral privacy issues (e.g. health and financial services)

More information: <http://www.e-comlaw.com/data-protection-leader/>

Galexia presenting at the International Conference of Data Protection and Privacy Commissioners, Marrakech - October 2016

Related Galexia services and solutions

Related Galexia news and articles

Galexia Director, Chris Connolly, will deliver a presentation on privacy law and trade at the 38th International Conference of Data Protection and Privacy Commissioners (Marrakech, 17-20 October 2016). The presentation is part of a high profile Panel on Data Protection and Privacy Law as a Driver in Sustainable Development.

The presentation will include highlights from Chris's research paper for the United Nations: Data protection regulations and international data flows: Implications for trade and development (UNCTAD 2016), and also lessons from the Global Cloud Computing Scorecard (Galexia / BSA 2016).

More information about the conference is available at:
https://www.privacyconference2016.org/

Galexia completes Privacy Impact Assessment (PIA) for Austroads on Co-operative Intelligent Transport Systems (C-ITS) data messaging - August 2016

Related Galexia services and solutions

  • Privacy Management Lifecycle: Our Privacy Products and Services. Read more »
  • Issues Management: Public and Stakeholder Consultations. Read more »
  • International, Comparative and Cross-Border Research. Read more »

Related Galexia news and articles about Privacy Reviews

Related Galexia news and articles about Austroads

Galexia conducted a high-level Privacy Impact Assessment (PIA) for Austroads considering the privacy issues raised by standard data messages that will be wirelessly broadcast and received by vehicles and roadside units in a Cooperative Intelligent Transport Systems (C-ITS) deployment.

In March 2017, Austroads has published this PIA. Read more »

Cooperative ITS (C-ITS) is a vital part of the infrastructure being developed under the broader banner of Intelligent Transport Systems.

A connected vehicle ecosystem is emerging in which vehicles will share data wirelessly with other vehicles, with infrastructure, with transport management systems, and with mobile devices.  Commonly referred to as Cooperative Intelligent Transport Systems (C-ITS), this ecosystem will enable a wide range of vehicle and transport applications to be deployed that cooperatively work together to deliver safety, mobility and environmental outcomes that are in addition to what many standalone systems can achieve.[1]  

Potential communications scenarios include:

  • Vehicle to vehicle (V2V);
  • Vehicle to infrastructure (V2I, and also I2V); and
  • Communications with other devices (V2X), such as personal devices.

The infrastructure is a vital part of the deployment of ‘smart roads’ and ‘smart cars’ (driverless or automated vehicles).


Source: European Commission


Source: Marben

Galexia has a long history of providing advice on privacy issues related to driver and vehicle licensing and transport platforms.

Austroads is the peak organisation of Australasian road transport and traffic agencies. Read more about Galexia’s work with Austroads »

Galexia undertakes Privacy Review on a micro payment system for public transport - July 2016

Related Galexia services and solutions

Related Galexia news and articles

Galexia has completed a high-level privacy review for a payments consortium consisting of LittlePay (Australia) and Perimeter Payments (UK) regarding their roll-out of a micro-payments system for public transport.

The review considered privacy compliance issues in situations where data flowed across a variety of jurisdictions. This included an examination of Australian, British and European requirements for protecting privacy during the cross-border transfer of personal data.

Galexia has a long history of providing advice on privacy issues related to both electronic payment systems and to transport related platforms.

littlepay is an Australian fintech start-up focused on developing micro payment processing services. Read more about Galexia’s work with LittlePay »

Galexia completes Privacy Impact Assessment (PIA) for the NSW Information and Privacy Commission on cloud based Government Access tool - July 2016

Related Galexia services and solutions

  • Privacy Management Lifecycle: Our Privacy Products and Services. Read more »
  • Cloud Computing and Strategy and Advice. Read more »

Related Galexia news and articles

Galexia, in conjunction with Doll Martin Associates, completed a high level Privacy Impact Assessment (PIA) for the Information and Privacy Commission NSW on the IPC GIPA Tool. (GIPA is the Government Information (Public Access) Act 2009).

The Government Information Privacy Act 2009 (GIPA) requires the Information and Privacy Commission (IPC) to provide a resource to assist agencies in processing GIPA applications and to report annually on the operation of GIPA. In order to facilitate these requirements the IPC has developed and implemented a case management and reporting system called the ‘GIPA Tool’.

The PIA considered compliance with the NSW Privacy and Personal Information Protection Act 1998 (PPIP Act) and privacy issues associated with storing data in the cloud.

Galexia chapter in 'Enforcing Privacy' book published (Springer) - April 2016

Related Galexia services and solutions

Related Galexia news and articles about the ‘Safe Harbor’

Galexia directors Chris Connolly and Peter van Dijk are the authors of a chapter in the new book Enforcing Privacy - Regulatory, Legal and Technical Approaches (published by Springer, April 2016). This is the first major book to focus on the enforcement of privacy, and contains chapters from many leading privacy experts, including key regulators, academics, consultants and politicians.

Chris Connolly and Peter van Dijk contributed the chapter on Enforcement and Reform of the EU-US Safe Harbor Agreement. The chapter includes a detailed analysis of every Safe Harbor enforcement action. It also includes a detailed history of attempts to reform the Safe Harbor agreement, culminating in the proposed EU-US Privacy Shield in 2016.

Galexia advises on options for the cross border transfer of personal data in compliance with global, regional and national data protection requirements. The enforcement of these arrangements is a key issue in data protection, and this book provides a unique insight into the diversity of legal and technical enforcement options that are in use today.

More Information:

Enforcing Privacy - Regulatory, Legal and Technical Approaches
Wright, David, De Hert, Paul (Editors.)
Springer (publisher), April 2016
<http://www.springer.com/gb/book/9783319250458>

Table of contents (21 chapters):

  • Introduction
    • 1. Introduction to Enforcing Privacy - Wright, David (et al.) - Pages 1-12 
    • 2. Enforcing Privacy - Wright, David - Pages 13-49
  • Part I - Countries
    • 3. Failures of Privacy Self-Regulation in the United States - Gellman, Robert (et al.) - Pages 53-77
    • 4. From a Model Pupil to a Problematic Grown-Up: Enforcing Privacy and Data Protection in Hungary - Szekely, Ivan - Pages 79-104
    • 5. A Tale of Two Privacies: Enforcing Privacy with Hard Power and Soft Power in Japan - Miyashita, Hiroshi - Pages 105-122
    • 6. The Spanish Experience of Enforcing Privacy Norms: Two Decades of Evolution from Sticks to Carrots - Lombarte, Artemio Rallo - Pages 123-144
    • 7. Data Protection and Enforcement in Latin America and in Uruguay - Brian Nougrères, Ana - Pages 145-180
  • Part II - International Mechanisms
    • 8. The International Working Group on Data Protection in Telecommunications: Contributions to Transnational Privacy Enforcement - Dix, Alexander - Pages 183-193
    • 9. Enforcing Privacy Across Different Jurisdictions - Svantesson, Dan - Pages 195-222
    • 10. Cross-Border Breach Notification - Stewart, Blair - Pages 223-231
    • 11. Responsive Regulation of Data Privacy: Theory and Asian Examples - Greenleaf, Graham - Pages 233-259
    • 12. Enforcement and Reform of the EU-US Safe Harbor Agreement - Connolly, Chris & van Dijk, Peter - Pages 261-283
  • Part III - Instruments
    • 13. How Effective Are Fines in Enforcing Privacy - Grant, Hazel (et al.) - Pages 287-305
    • 14. Enforcing Privacy Rights: Class Action Litigation and the Challenge of - Rotenberg, Marc (et al.) - Pages 307-333
    • 15. Data Protection Certification: Decorative or Effective Instrument - Audit and Seals as a Way to Enforce Privacy - Bock, Kirsten - Pages 335-356
    • 16. The Co-existence of Administrative and Criminal Law Approaches to Data Protection Wrongs - Hert, Paul (et al.) - Pages 357-394
    • 17. Whom to Trust - Using Technology to Enforce Privacy - Métayer, Daniel - Pages 395-437
  • Part IV - Challenges for the Future
    • 18. The Irish DPA and Its Approach to Data Protection - Hawkes, Billy - Pages 441-454
    • 19. Getting Our Act Together: European Data Protection Authorities Face Up to Silicon Valley - Kohnstamm, Jacob - Pages 455-472
    • 20. Regaining Control and Sovereignty in the Digital Age - Albrecht, Jan Philipp - Pages 473-488
    • 21. Privacy Enforcement in Search of Its Base - Rule, James B. - Pages 489-497

3rd Global Cloud Computing Readiness Scorecard released - 27 April 2016

Download the Scorecard and 24 Country Reports



Related Galexia services and solutions

Related BSA reports developed by Galexia (external links)

Related Galexia clients

Related Galexia news

Our latest research report has been released - The 2016 BSA Global Cloud Computing Scorecard (a joint research effort bettwee BSA | The Software Alliance and Galexia) ranks the cloud computing readiness of 24 countries that account for 80 percent of the world’s IT markets. Each country is graded on its strengths and weaknesses in seven key policy areas.. Previous reports were released in 2012 and 2013 and this is a major update. 

This year’s results reveal that almost all countries have made healthy improvements in their policy environments since the release of BSA’s previous Scorecard in 2013. But the stratification between high-, middle- and lower-achieving country groups has widened, with the middle-ranking countries stagnating even as the high achievers continue to refine their policy environments..

(BSA Global Media Release - 26 March 2013 - Washington) Despite Gains, Countries’ Cloud Computing Policies Leave Much Room for Improvement, BSA Study Shows

South Africa, Canada Make Major Strides; Russia, China Push Policies Hindering Technology

WASHINGTON — April 26, 2016 — National governments continue to make significant strides in improving the legal and regulatory environment for cloud computing around the globe, but important exceptions exist in several countries that threaten to impede economic growth in those markets, according to a far-reaching study by BSA | The Software Alliance.

The 2016 BSA Global Cloud Computing Scorecard ranks the cloud computing readiness of 24 countries that account for 80 percent of the world’s IT markets. Each country is graded on its strengths and weaknesses in seven key policy areas.

Cloud computing allows anyone — a start-up, an individual consumer, a government or a small business — to quickly and efficiently access technology in a cost-effective way. These services in return open the door to unprecedented connectivity, productivity and competitiveness.

This year’s results reveal that almost all countries have made healthy improvements in their policy environments since the release of BSA’s previous Scorecard in 2013. But the stratification between high-, middle- and lower-achieving country groups has widened, with the middle-ranking countries stagnating even as the high achievers continue to refine their policy environments.

“The Scorecard shows that countries are eager to welcome cloud computing and its myriad economic benefits, and many of them are creating a favorable regulatory and legal environment,” President and CEO of BSA | The Software Alliance Victoria Espinel said. “Unfortunately, the Scorecard also shows some countries are heading down a path of treating cloud computing as the next frontier of protectionism. The report is a wakeup call for all governments to work together to ensure the benefits of the cloud around the globe.”

In terms of overall ranking, the biggest improvers were South Africa (moving up six places) and Canada (moving up five places).

Notably, three of the countries that have trailed in the rankings — Thailand, Brazil and Vietnam — continue to make significant and consistent gains and are closing their gap with mid-tier countries. The world’s major IT markets remained stable with modest gains.

Negative trends emerged as well. For example, few countries are promoting policies of free trade or harmonization of cloud computing policies. Russia and China, in particular, have imposed new policies that will hinder cloud computing by limiting the ability of cloud computing service providers to adequately move data across borders.

The full, 24-country rankings and detailed findings are available at www.bsa.org/cloudscorecard.

The BSA Global Cloud Scorecard analyzes the legal and regulatory framework and broadband infrastructure of 24 countries that together make up 80 percent of the global ICT market. The analysis is grouped under seven policy categories that are central to the growth and operation of cloud computing.

The study includes a detailed country-by-country analysis of legislation, regulations, case law, government policy and standards. The assessments include an evaluation of enforcement and implementation of existing laws in each country, as well as an assessment of compliance with relevant treaties and global agreements where applicable. The Scorecard analysis is based upon a combination of published information and statistics and evaluation by independent experts at Galexia.

Each country's score is computed using a 66-item scoring grid and analyses. The scores are derived using a weighted system that allocates different weights to each section/question. A number of basic fact-finding questions are excluded from the scoring system. Each group of questions is weighted to reflect its importance to cloud computing and each individual question is also weighted to reflect its importance within the group. To help with the scoring and usability of the study, the assessments are based on a  series of questions that are framed so that a "yes" response reflects a favorable policy setting for global cloud computing. The weights are shown in the table below and the results are available in the downloadable report.

Download the scorecard and 24 country reports:

Galexia helps the United Nations publish major study on data protection and trade - 19 April 2016

Download the UNCTAD Report

Related Galexia services and solutions

Related Galexia projects

Related Galexia news

On April 19, 2016 the United Nations Conference on Trade and Development (UNCTAD) published a major new study: Data protection regulations and international data flows: Implications for trade and development.

Galexia Director Chris Connolly was the lead author / consultant for the study.

This major report (170 pages) examines the relationship between data protection and trade, with a strong focus on the issues faced by developing nations. The study also includes detailed contributions from national governments, regulators and businesses.

The study identified numerous challenges in the development and implementation of data protection laws, including: 

  • 1. Addressing gaps in coverage
  • 2. Addressing new technologies
  • 3. Managing cross-border data transfers
  • 4. Balancing surveillance and data protection
  • 5. Strengthening enforcement
  • 6. Determining jurisdiction
  • 7. Managing the compliance burden

The study includes numerous practical policy options and suggestions for global, regional and national stakeholders. 

The United Nations is emerging as an important voice in the data protection debate, with the ability to engage with developing nations and emerging markets. Galexia continues to provide assistance to the UN on data protection and e-commerce legal and regulatory issues. 

The full report is available at: http://unctad.org/en/pages/PublicationWebflyer.aspx?publicationid=1468

3rd Global Cloud Computing Readiness Scorecard due for public release - April 2016

Related Galexia services and solutions

Related Galexia projects

Related BSA reports developed by Galexia (external links)

Related Galexia news

The 3rd Global Cloud Computing Readiness Scorecard is due for public release in April 2016 and will be available from <http://bsa.org/cloudscorecard>.

The Galexia / BSA Global Cloud Scorecard analyses the legal and regulatory framework and broadband infrastructure of 24 countries that together make up 80 percent of the global ICT market. The analysis is grouped under seven policy categories that are central to the growth and operation of cloud computing.

The study includes detailed country-by-country analysis of legislation, regulations, case law, government policy and standards. The assessments include an evaluation of enforcement and implementation of existing laws in each country, as well as an assessment of compliance with relevant treaties and global agreements where applicable. The Scorecard analysis is based upon a combination of published information and statistics and evaluation by independent experts at Galexia.

United Nations hosting major E-Commerce event in Geneva - 18 April 2016

Related Galexia services and solutions

Related Galexia projects

Related Galexia news

Related links

Galexia director Chris Connolly will be assisting in the presentation of a two day expert meeting on Data Protection and Privacy: Implications for Trade and Development on 19-20 April in Geneva. The meeting is part of the United Nations E-Commerce Week (Geneva, April 18-22).

The E-Commerce Week is hosted by UNCTAD - the UN Conference on Trade and Development. The week includes sessions on cybercrime readiness, consumer protection online, ICT policy reviews and the proposed Action Plan for Aid for eTrade. The week concludes with the launch of the UNCTAD B2C E-Commerce Index 2016 (Measuring Cross-Border E-Commerce).

A highlight of the E-Commerce Week is the Ad Hoc Expert Meeting on Data Protection and Privacy: Implications for Trade and Development (19-20 April). Galexia Director Chris Connolly has been assisting UNCTAD as a consultant in preparing a new report on privacy and trade, and he will be moderating the meeting. 

The UNCTAD meeting invitation states:

"The increasing global relevance of activities and transactions online and the changing nature of the information economy, enhances the importance of coherence between data protection and privacy frameworks that can help foster innovation and trade while at the same time protect against unnecessary intrusions. Recent and expected regulatory changes in the field of data protection and privacy as well as diverging approaches in different parts of the world, call for renewed discussion on possible ways forward.
This ad hoc expert meeting will contribute to ensure global communication on the subject to understand emerging topics in data protection and privacy, new challenges and opportunities, as it relates to unlocking the potential for cross-border trade. Industry players and consumers, as well as governments and international organizations will present their perspectives and outline the latest developments, current practices and relevant frameworks.
The Ad Hoc expert meeting will commence with the presentation of the UNCTAD Study on Data Protection and International Data Flows. Representatives from public and private stakeholders will then take the floor to discuss thematic topics and present their experiences. Invited delegates include representatives from the African Union Commission, Asia-Pacific Economic Cooperation, the Commonwealth, the Council of Europe, the East African Secretariat, the ECOWAS Commission, European Union, the Organisation for Economic Co-operation and Development, the United States Federal Trade Commission, UNOHCHR, International Chamber of Commerce, the Computer and Communications Industry Association, Consumer International, Google, Microsoft, and eBay and other e-commerce platforms from developing countries."

More details are available at: <http://unctad.org/en/pages/newsdetails.aspx?OriginalVersionID=1194>

Galexia article about Implementation of the new EU-US Privacy Shield - 21 March 2016

Related Galexia services and solutions

Related Galexia news and articles about the ‘Safe Harbor’ or ‘Privacy Shield’ scheme

Galexia has published an article on the proposed EU-US Privacy Shield, which is set to replace the former Safe Harbor as the key mechanism for the transfer of personal data from the European Union to the United States.

The draft Privacy Shield adequacy decision by the European Commission is yet to be formalised - the commission must first seek the opinion of the influential Article 29 Working party. However, it is almost certain that the Privacy Shield will be implemented in some form in the near future.

The former Safe Harbor framework was the subject of extensive research and analysis by Galexia, including a major report in 2008 followed by ongoing monitoring and the submission of evidence and reports to the EU and US authorities.

How does the proposed Privacy Shield compare to the Safe Harbor?

Read the article »

Advice on market sizing for cross border transfers from Europe - February 2016

Related Galexia services and solutions

Related Galexia news

Galexia advised DIGITALEUROPE on market issues and policy options related to the cross-border transfer of personal data. The study included an analysis of the type and size of organisations making data transfers, the type of data transferred and the regulatory options adopted by hundreds of organisations. The analysis included a breakdown of market segments by sector and business size.

Galexia has particular expertise in the privacy issues associated with the transfer of data to and from Europe.

DIGITALEUROPE <www.digitaleurope.com> is a European trade organisation representing the digital technology industry. Their members include around 60 major technology companies and 35 national trade associations.

The European Union Network and Information Security (NIS) Directive moves a step closer to implementation - 16 January 2016

Download the EU CyberSecurity Maturity Dashboard and 28 Country Studies

Download the APAC CyberSecurity Maturity Dashboard and 10 Country Studies

Related Galexia services and solutions

Related Galexia projects

Related Galexia news

The European Union Network and Information Security Directive (the NIS Directive) has moved a step closer to implementation after the EU's Internal Market Committee voted to support the Directive on 16 January 2016. This was the final major hurdle in the passage of the Directive, and the Directive is expected to be endorsed by parliament in the near future.

The NIS Directive requires relevant businesses to put in place security measures to protect their networks and data against cyber security attacks and to report serious cyber incidents and threats to regulators. 

Galexia has been at the forefront of studying the potential impact of the NIS Directive, both in Europe and beyond. One of our key reports on CyberSecurity is the 2015 EU CyberSecurity Maturity Dashboard (including 28 Country reports and case studies). That report was prepared for BSA | The Software Alliance and released in April 2015. The report includes a comparative analysis of country readiness for the NIS Directive.

The subsequent Asia Pacific CyberSecurity Maturity Dashboard (including 10 country reports and case studies considers the maturity of APAC countries through the lens of the NIS directive.

Follow the progress of the NIS Directive at the Digital Agenda for Europe site: <https://ec.europa.eu/digital-agenda/en/cybersecurity>

Galexia Director speaking at Privacy Law and Business Conference in Cambridge (UK) - 7 July 2015

Related Galexia services and solutions

Related Galexia news and articles about the ‘Safe Harbor’ scheme

Galexia Director Chris Connolly will deliver a special presentation at the Privacy Laws and Business Conference at Cambridge University on July 7.

The presentation will mark the fifteenth anniversary of the launch of the EU-US Safe Harbor, and is titled: 'The Safe Harbor at Fifteen' - A brief history of enforcement and reform.

  • A brief history of the establishment of the Safe Harbor, its role, purpose and structure.
  • An overview of the five public reviews of the Safe Harbor that have been conducted
  • An issue by issue analysis of Safe Harbor enforcement, including:
    • The notice and consent cases ?
    • False claims of current Safe Harbor membership
    • Safe Harbor fraud
    • Expensive dispute resolution providers and threats against complainants
    • Fine print exclusions
    • Conflicts of interest
  • A brief discussion of structural and cultural differences (and similarities) between the EU and US approach to privacy
  • The role of the Safe Harbor in the national security surveillance debate
  • The future of the Safe Harbor, and lessons learned.

The presentation will be followed by a panel discussion including Commissioner Julie Brill (US Federal Trade Commission) and Bruno Gencarelli (Head of Data Protection at the European Commission Directorate General for Justice).

More details are available at: <http://www.privacylaws.com/annual_conference>

APAC CyberSecurity Dashboard and 10 Country Reports Launched - 1 July 2015

Download EU CyberSecurity Maturity Dashboard and 10 Country Studies

Related Galexia services and solutions

Related Galexia projects

Related Galexia news

On 30 June 2015 BSA | The Software Alliance released the APAC CyberSecurity Maturity Dashboard (including 10 Country reports and case studies).

The 2015 APAC Cybersecurity Dashboard evaluates cybersecurity laws, rules, policies and institutions in 10 key jurisdictions:

  • Australia
  • China
  • India
  • Indonesia
  • Japan
  • Malaysia
  • South Korea
  • Singapore
  • Taiwan
  • Vietnam

The report assesses each country against criteria deemed essential for effective cybersecurity protection.

The full country reports are available for download and give an overview of the cybersecurity landscape, highlighting key cybersecurity legislation and policy, as well as the main entities currently operating within each jurisdiction. Maturity is assessed against criteria grouped across the following key themes:

  • Legal foundations for cybersecurity;
  • Operational capabilities;
  • Public-private partnerships;
  • Sector-specific cybersecurity plans; and
  • Education.

This work complements Galexia’s other research reports for BSA,

  • European Cybersecurity Maturity Dashboard published in March 2015
  • Global Cloud Readiness Scorecard - published in 2012, 2013 and in August 2015.

Download the APAC CyberSecurity Report and 10 Country Studies

Vale Claro ‘Lalen’ Parlade - June 2015

It is with great sadness that we report the loss of Galexia Associate and close friend Claro Parlade, who has died in the Philippines after a period of illness.

Claro was a well known IT lawyer in the Philippines who played a key role in the development of cyberlaws in the Asia Pacific region. Claro collaborated with Galexia on several regional projects, and was based in the Galexia offices in Sydney for a short period while he worked on the development of the Philippines privacy legislation, (the Data Privacy Act 2012).

Claro also held senior roles at Google and BSA | The Software Alliance. He was a global expert, having lived, worked and studied in the Philippines, Australia, Canada, the US and Singapore.

The Galexia team express our deepest sympathy to Claro's wife, three daughters and family. Claro’s gentle combination of wit, insight, friendship, intellect and cyber-law expertise will be missed by all of us.

Privacy Review for Diabetes Australia - June 2015

Related Galexia services and solutions

  • Privacy Management Lifecycle: Our Privacy Products and Services. Read more »

Related Galexia clients

Related Galexia news and articles about privacy reviews and assessments

In June 2015 Galexia completed a Privacy Review of the National Diabetes Services Scheme (NDSS) for Diabetes Australia.

Read more about our projects with Diabetes Australia »

European CyberSecurity Dashboard and 28 Country Reports Launched - 3 March 2015

Download the Report and 28 Country Studies

Related Galexia services and solutions

Related Galexia clients

Related Galexia news

On 3 March 2015 BSA | The Software Alliance released the EU CyberSecurity Maturity Dashboard (including 28 Country reports and case studies).

The 2015 EU Cybersecurity Dashboard — the first-of-its-kind examination of the relevant policy approaches in the Member States — highlights some fundamental challenges as well as significant opportunities for improving cybersecurity across the EU.

The Report evaluates national laws, rules and policies in all 28 EU Member States against 25 criteria deemed essential for effective cybersecurity protections. It is intended to provide EU Member States with an opportunity to evaluate their countries’ policies against key metrics and maps a way forward by outlining the key building blocks for a strong cybersecurity legal framework.

The full Member State reports give an overview of the cybersecurity landscape, based on the set of criteria outlined below, highlighting key cybersecurity legislation and policy, as well as the main entities currently operating within each jurisdiction.

  • Legal foundations for cybersecurity;
  • Operational capabilities;
  • Public-private partnerships;
  • Sector-specific cybersecurity plans; and
  • Education.

This work complements Galexia’s other research reports for BSA, including the soon to be Global Cloud Readiness Scorecard published in 2012, 2013 and in April 2015.

Download the EU CyberSecurity Report and 28 Country Studies

Galexia to present at Expert Meeting on Cyberlaws and Regulations for Enhancing E-Commerce, Geneva - March 2015

Related Galexia services and solutions

Related Galexia projects

Related Galexia news

Galexia Director Chris Connolly will present a paper on Global Issues in Cybersecurity and Privacy in Geneva on 25 March 2015.

More information about the conference is available at:
<http://unctad.org/en/pages/MeetingDetails.aspx?meetingid=644>

The Expert Meeting on Cyberlaws and Regulations for Enhancing E-Commerce has been organised by the United Nations Conference on Trade and Development (UNCTAD). Chris will be speaking in the session on data protection and cybercrime.

The session will explore recent developments related to e-commerce in respect of data breaches and fraud. It will discuss ways to ensure confidence and trust in the use of the Internet through the enactment of legal and regulatory frameworks for protecting personal data, privacy and combatting cybercrime. It will explore the complexity of cross-border enforcement and ways in which governments and businesses can work together in these areas. It will also discuss measures by companies, in particular small and medium-sized enterprises, to keep consumer information secure.

Galexia has a long history of working with UNCTAD (and ASEAN and other regional groupings) on international cyberlaw issues.

3rd Global Cloud Computing Readiness Scorecard being developed for mid 2015 launch - August 2014

Related Galexia services and solutions

Related Galexia projects

Related Galexia news

In August 2014 Galexia began work on an important research project for BSA - The Software Alliance. Galexia has been commissioned to prepare the 3rd Global Cloud Computing Readiness Scorecard, following the success of the 2012 and 2013 scorecards.

The new scorecard will be released in mid-2015.

The Galexia / BSA Global Cloud Scorecard will analyse the legal and regulatory framework and broadband infrastructure of 24 countries that together make up 80 percent of the global ICT market. The analysis is grouped under seven policy categories that are central to the growth and operation of cloud computing.

The study will include a detailed country-by-country analysis of legislation, regulations, case law, government policy and standards. The assessments include an evaluation of enforcement and implementation of existing laws in each country, as well as an assessment of compliance with relevant treaties and global agreements where applicable. The Scorecard analysis is based upon a combination of published information and statistics and evaluation by independent experts at Galexia.

Galexia completes Privacy Impact Assessment (PIA) for Victorian Resource Rights Allocation and Management (RRAM) migration to cloud - August 2014

Related Galexia services and solutions

  • Privacy Management Lifecycle: Our Privacy Products and Services. Read more »
  • Cloud Computing and Digital Economy Strategy and Advice. Read more »

Galexia conducted a Privacy Impact Assessment (PIA) for the Victorian Department of State Development, Business & Innovation (DSDBI) on the proposed migration of the Resource Rights Allocation and Management (RRAM) Project to a commercial cloud provider.

Galexia has particular experience in advising Government agencies in their successful migration to cloud and externally hosted services. We have assisted in the development of a staged privacy and security assessments and compliance framework for prior migrations.

Galexia developing Asia-Pacific Cybersecurity Comparative Study - July 2014

Related Galexia services and solutions

Related Galexia clients

Related Galexia news

In July 2014 Galexia began work on an important research project for BSA - The Software Alliance. Galexia has been commissioned to prepare a report on Cybersecurity in 10 Asia Pacific nations.

The countries included in the study are Australia, China, India, Indonesia, Japan, Korea, Malaysia, Singapore, Thailand and Vietnam.

The report will be published in early 2015.

This work complements our earlier research reports for BSA, including the Global Cloud Readiness Scorecard published in 2012 and 2013.

The new report will include a detailed country-by-country analysis of legislation, regulations, government policy, standards and infrastructure related to Cybersecurity.

Australian Department of Communications Technology Advice Panel - June 2014

Related Galexia services and solutions

Related Galexia news

Galexia has been appointed to the Department of Communications Technology Advice Panel to provide specialised services to the Department.

The specialised services include:

1. Information & Communications Technology (ICT) Industry Research and Analysis
a) Research and analysis of the ICT industry, including
  • Horizon scanning and forecasting
  • Technology developments (incl. hardware, software and processes) and their performance and impacts
  • Telecom and communications deployments, including migrations
  • Demand and supply side trends and drivers
  • Industry structure, alliances, partnerships, mergers and acquisitions key players and market segments
  • Regulatory and public policy issues
  • Modelling, costing's and deployment plans
  • Sectoral and trans-sectoral ICT developments and deployments
  • Technical standardisation and assorted trends, nationally, regionally and internationally. Provisions for telecommunications and communications in the built environment (e.g. pathway systems)
  • International comparisons and case studies in relation to any or all of the above
b) Customised primary and secondary research and analysis as required.

Galexia developing European Cybersecurity Comparative Study - June 2014

Related Galexia services and solutions

Related Galexia clients

Related Galexia news

In June 2014 Galexia began work on an important research project for BSA - The Software Alliance. Galexia has been commissioned to prepare a report on Cybersecurity in 28 European Union nations.

The report will be published in 2015.

This work complements our earlier research reports for BSA, including the Global Cloud Readiness Scorecard published in 2012 and 2013.

The new report will include a detailed country-by-country analysis of legislation, regulations, government policy, standards and infrastructure related to Cybersecurity.

Galexia presents on The Future of the EU-US Safe Harbor at Brussels conference - 1 June 2014

Related Galexia services and solutions

Related Galexia news and articles about the ‘Safe Harbor’ scheme

Galexia Director Chris Connolly presented a paper on The Future of the EU-US Safe Harbor at a major privacy research conference in Brussels on 1 June 2014.

The event was the final conference of the SAPIENT project: (Supporting fundamentAl rights, PrIvacy and Ethics in surveillaNce Technologies) <http://www.sapientproject.eu/>

The presentation focused on enforcement issues, and follows previous Galexia research on compliance issues in the EU-US Safe Harbor. The Safe Harbor Framework is a mechanism for allowing some EU data to be transferred to US businesses while protecting the privacy of individuals. The Framework is the subject of a significant review and overhaul by the US and EU.

Galexia completes Privacy Impact Assessment (PIA) for Business Victoria Online - May 2014

Related Galexia services and solutions

  • Privacy Management Lifecycle: Our Privacy Products and Services. Read more »
  • Cloud Computing and Digital Economy Strategy and Advice. Read more »

Related Galexia news and articles

Galexia completed a Privacy Impact Assessment (PIA) for the Victorian Department of State Development, Business & Innovation (DSDBI) on the migration of Business Victoria Online (BVO) services to a commercial cloud services provider.

Galexia provided a range of cloud and privacy advice and developed a re-usable template and checklist driven approach for future PIAs.

AUSTRAC publishes Galexia’s PIA on AML/CTF reforms - May 2014

Related Galexia services and solutions

  • Privacy Management Lifecycle: Our Privacy Products and Services. Read more »

Related Galexia clients

  • AUSTRAC - Australian Transaction Reports and Analysis Centre. Read more »

Related Galexia news and articles about privacy

In early 2014 Galexia completed a Privacy Impact Assessment (PIA) for proposed changes to the customer due diligence requirements of Australia’s Anti-Money Laundering and Counter-Terrorism Financing Framework (the CDD project).

The PIA was published by AUSTRAC in May 2014 and is available at: <http://www.austrac.gov.au/files/cdd_pia_may2014.pdf>

The PIA was one of the first PIAs conducted in accordance with the new Australian Privacy Principles (APPs) that came into force in March 2014.

Galexia was able to advise AUSTRAC on how to incorporate important changes to customer due diligence requirements that form part of international commitments to tackle money laundering, while complying with Australia's revised privacy legislation.

Galexia gives evidence about EU/US Safe Harbor privacy framework to the UK House of Lords - 12 March 2014

Related Galexia services and solutions

Related Galexia news and articles about the ‘Safe Harbor’ scheme

Galexia Director Chris Connolly appeared at the House of Lords EU Sub-Committee on Home Affairs, Health and Education in London on 12 March 2014. 

The Committee was investigating the potential reform of the EU US Safe Harbor Framework which allows some EU personal data to be transferred to the United States. Mr Connolly was asked to provide evidence on the level of privacy protection provided under the Framework.

On 7 May 2014 the Committee issued a final report, calling for improvements to the Safe Harbor. The final report is available at:

<http://www.parliament.uk/documents/lords-committees/eu-sub-com-f/safeharbour/boswell.pdf>

Galexia presentation at the Commonwealth Cybersecurity Forum in London - 5 March 2014

Related Galexia services and solutions

Related Galexia news and articles

Galexia Director Chris Connolly appeared at the Commonwealth Cybersecurity Forum in London on 5 March 2014. He discussed the balance between privacy and security in the emerging cloud computing environment. Mr Connolly provided an overview of national approaches to cloud computing policy and regulation, with a special emphasis on the issues facing developing countries.

Galexia has played a key role in assessing national, regional and global approaches to cloud computing privacy and security policies. In 2012 and 2013 Galexia developed the BSA Global Cloud Computing Scorecard. We have also contributed to the work of the United Nations Conference on Trade and Development (UNCTAD) in this area. 

More information: (External links)

Galexia completes privacy and security advice on cloud applications for 3wks.com.au and Victorian Government - November 2013

Related Galexia services and solutions

Galexia worked with 3wks.com.au and a Victorian government agency to consider the legal and regulatory issues regarding the development of cloud based application for government.

This work required a review and analysis of:

  • Google Apps terms and privacy policy
  • Google Cloud Services Partner Agreement
  • Comparison of cloud provider privacy policies (including Google Compute, Google Apps, Salesforce, AWS, etc)
  • Agency privacy policies
  • General research and literature review on offshore privacy issues
  • Review of relevant guidance from the Office of the Victorian Privacy Commissioner;
  • Review of relevant Victorian Government guidance on security and cloud computing and DSD Cloud Computing Security Considerations (2011); and
  • Review of Victorian Government Security Policy Documents - <http://digital.vic.gov.au/policies-standards-guidelines/information-security/>

Galexia and Doll Martin Associates announce closer strategic relationship - October 2013

In October 2013 Galexia and Doll Martin Associates strengthened their existing partnership and announced a closer strategic alliance. Galexia and Doll Martin Associates have worked on projects together since 2005 and both organisations have decided to leverage their particular strengths and synergies by working together.

All Galexia services in Australia and New Zealand will be provided through the alliance. Galexia brings to the alliance its Australian and international cloud, privacy and identity advisory practice and Doll Martin Associates provides Galexia with greater local capacity and access to an expanded range of business strategy, architecture and information management consulting services. 

Galexia invited to provide evidence to the European Parliament LIBE Inquiry on Electronic Mass Surveillance of EU Citizens - 7 October 2013

Related Galexia services and solutions

Related Galexia news and articles about the ‘Safe Harbor’ scheme

Galexia Director, Chris Connolly, has been asked to appear before a European Parliament inquiry to discuss the impact of the NSA / PRISM revelations on the privacy of European citizens when their data is transferred to the United States.

The Committee on Civil Liberties, Justice and Home Affairs (the LIBE Committee) is holding an inquiry on electronic mass surveillance of EU citizens, and Chris will appear before the Committee in Strasbourg on Monday October 7. Chris's task will be to comment on the effectiveness of the US Safe Harbor Privacy Framework, a topic that Galexia has covered in several previous research papers, articles and speeches.

Other speakers at the Hearing include:

  • Viviane Reding, the Vice President of the European Commission,
  • Peter Hustinx, the European Data Protection Supervisor, and
  • Isabelle Falque-Pierrotin, the President of the French Data Protection Agency (CNIL).

Related (external) links

UNCTAD Review of E-commerce Legislation Harmonization in ASEAN - 25 September 2013

UNCTAD Links

Cite as

  • UNCTAD, Review of E-commerce Legislation Harmonization in the Association of Southeast Asian Nations (2013), UNCTAD/DTL/STICT/2013/1.


Related Galexia services and solutions

Related Galexia projects

Related Galexia news

Galexia and the United Nations Conference on Trade and Development (UNCTAD) have released a major report, entitled Review of E-commerce Legislation Harmonization in the Association of Southeast Asian Nations (2013).

Galexia Director Chris Connolly was a major contributor to the report. The report is a follow-up to Galexia's previous AusAID funded project to harmonise e-commerce legal infrastructure in ASEAN (2004-2009) and Galexia’s earlier study for the UNCTAD Information Economy Report on ASEAN cyberlaw harmonisation in 2008.

This 2013 review documents the significant advances made by ASEAN countries in the area of e-commerce laws. It also makes proposals for accelerating the process of regional integration and harmonization as outlined in the ASEAN ICT Masterplan 2015.

Galexia’s extensive and detailed work with ASEAN has assisted ASEAN be the first region in the developing world to adopt a harmonized legal framework for e-commerce and it is the most advanced developing region in terms of implementing harmonized e-commerce laws.

The review includes detailed regional and national analysis of e-commerce laws, privacy, cybercrime and cloud computing.

Galexia Microsite


UNITED NATIONS PUBLICATION
UNCTAD/DTL/STICT/2013/1N
© Copyright United Nations, 2013


UNCTAD Information Economy Report 2013 - Expert Peer Review Meeting (Geneva) - July 2013

Related Galexia services and solutions

Related Galexia projects

Related Galexia news

Related links

Galexia Director, Chris Connolly, presented at the Expert Peer Review Meeting on the Information Economy Report 2013 on 9-10 July in Geneva. The Information Economy Report is an annual publication issued by the United Nations Conference on Trade and Development (a regular Galexia client), and this year's theme is Cloud Computing. The meeting was a gathering of experts on cloud computing technology, law and policy from more than a dozen countries.

Chris was the lead discussant for the report chapter on The governance, law and regulation of cloud computing in developing countries

The final report will be published in late 2013.

Galexia provides Australian Energy Market Operator (AEMO) advice on cloud based identity - April 2013

Related Galexia services and solutions

  • Identity Management and Authentication - Technical Consulting. Read more »
  • Identity Management and Authentication - Cloud and Software-as-a-Service. Read more »

Galexia provided the Australian Energy Market Operator (AEMO) with options for implementing Single Sign-On (SSO) to external Software-as-a-Service (SaaS) applications. Our consultants performed an analysis of AEMO's authentication requirements, internal and external applications, and existing processes. We used our expert knowledge of cloud-based SSO technology vendors and solutions to select and cost the best approach, based on proven cloud identity design principles and best practices.

Read more about Galexia’s work with AEMO »

Review of Queensland Personal Identification Information in Property Data (PIIPD) Code of Conduct - March 2013

Related Galexia services and solutions

Related Galexia project

Galexia was engaged to undertake an independent review on the operations and effectiveness of the Queensland Personal Identification Information in Property Data (PIIPD) Code. The review considered the operation of the Code and encompass accountability, effectiveness, efficiency, accessibility, independence and fairness.

Galexia has played an ongoing role in the development, implementation and review of a code-of-conduct for QVAS (Queensland Valuation and Sales System).

More information is available at the Personal Identification Information in Property Data Code of Conduct website (external link)

This code-of-conduct is an excellent example of successful privacy self-regulation in the information broking sector.

2nd Global Cloud Computing Readiness Scorecard launched - 7 March 2013

Download the Scorecard

Related Galexia services and solutions

Related Galexia clients

Related Galexia news

The 2013 Global Cloud Computing Scorecard — the first-ever report to track year-over-year change in the international policy landscape for cloud computing — shows that cloud readiness is improving, if unevenly.

These findings come against the backdrop of the massive and well-documented movement to cloud services by consumers, businesses, and governments. What hasn’t been documented until now is the less steady improvement in the policy environment to support global cloud computing, with some countries making big strides to improve their cloud readiness while others, including some of the world’s largest technology markets, have stalled or even backtracked.

(BSA Global Media Release - 7 March 2013 - Washington) Progress on Cloud Computing Policy Is Hit and Miss Around the World - Singapore leaps forward in global policy rankings; Japan, Australia, and US lead global market; Europe stalls

Countries around the world are improving the legal environment for cloud computing — though at an uneven pace that risks undermining the full economic potential of cloud technologies.

The 2013 BSA Global Cloud Computing Scorecard — the first report ever to track changes in the global policy landscape for cloud computing — finds that while many of the world’s biggest IT markets have stalled or slid backwards, others are embracing laws and regulations conducive to cloud innovation. The Scorecard also finds that policy fragmentation persists, as some countries, aiming to promote local cloud markets, adopt laws and regulations that inhibit cross-border data flows or skew international competition.

The new 2013 BSA Cloud Scorecard builds on an inaugural edition of the report released last year. The biggest mover in the rankings is Singapore, which vaulted to fifth from 10th place a year ago by adopting a new privacy law that builds user trust while also promoting business innovation. The 2013 study finds that Japan continues to lead the global rankings with a comprehensive suite of laws supporting digital commerce. Australia remains in second place, and the US has edged into third, pushing Germany down to fourth.

The study finds that policy improvements in many of the world’s biggest IT markets have stalled. Notably, all six European Union countries covered in the study have lost ground in the rankings. Others are effectively unplugging themselves from the global market — with especially counterproductive policies in Korea, Indonesia and Vietnam.

The study evaluates countries in seven policy areas critical to the market for cloud computing services — data privacy, cybersecurity, cybercrime, intellectual property, technology interoperability and legal harmonization, free trade, and ICT infrastructure.

Among the study’s findings:

  • Singapore has moved up the rankings with a new privacy law that recognizes people’s right to protect their personal information and companies’ need to use data for reasonable purposes.
  • Malaysia crossed the divide between mature and developing economies by bolstering cybercrime and IP laws and opening itself for increased digital trade.
  • Canada, Russia, and India all moved up the rankings by implementing international IP agreements.
  • Europe and the US have stalled against the backdrop of ongoing debates over privacy laws.
  • Indonesia and Vietnam are among the countries tying up foreign cloud providers in red tape, imposing data-location requirements, or restricting the flow of data across borders.

The BSA Global Cloud Scorecard analyzes the legal and regulatory framework and broadband infrastructure of 24 countries that together make up 80 percent of the global ICT market. The analysis is grouped under seven policy categories that are central to the growth and operation of cloud computing.

The study includes a detailed country-by-country analysis of legislation, regulations, case law, government policy and standards. The assessments include an evaluation of enforcement and implementation of existing laws in each country, as well as an assessment of compliance with relevant treaties and global agreements where applicable. The Scorecard analysis is based upon a combination of published information and statistics and evaluation by independent experts at Galexia.

Each country's score is computed using a 66-item scoring grid and analyses. The scores are derived using a weighted system that allocates different weights to each section/question. A number of basic fact-finding questions are excluded from the scoring system. Each group of questions is weighted to reflect its importance to cloud computing and each individual question is also weighted to reflect its importance within the group. To help with the scoring and usability of the study, the assessments are based on a  series of questions that are framed so that a "yes" response reflects a favorable policy setting for global cloud computing. The weights are shown in the table below and the results are available in the downloadable report.

The 2013 Scorecard follows on from the groundbreaking 2012 Scorecard and contains:

  • Updates across 24 countries and 66 criteria, including:
    • 27 significant (positive) changes
    • 34 moderate (positive) changes
    • 6 moderate (negative) changes
    • 108 minor (no effect) changes
    • 432 infrastructure changes
  • Tracks changes in score and rank from 2012
  • 3 new case studies

Galexia Microsite:

Download the scorecard and 24 country reports:

Asia Cloud Computing Association incorporates Galexia research into its 2nd Cloud Readiness Index - 13 November 2012

Related Galexia services and solutions

  • Cloud Computing and Digital Economy Strategy and Advice. Read more »
  • International, Comparative and Cross-Border Research. Read more »

Related Galexia news

The 2nd Cloud Readiness Index (CRI) developed by the Asia Cloud Computing Association evaluates key attributes in order to identify the state of readiness for cloud computing in 14 markets across the Asia region. It also provides insight into how regulation and policy work address cloud computing issues.

The Index is designed to look at the state of readiness for cloud computing in markets across the Asia Pacific region - especially how we see regulation and policy work by governments - to help advance cloud computing in Asia. It measures key attributes and conditions that will help companies and individuals determine which markets are currently best placed for wide adoption of cloud computing services.

The Index incorporates information from several sources, including the Global Cloud Computing Scorecard (2012) completed by Galexia for the Business Software Alliance (BSA) in February 2012.

 [Asia Cloud Computing Association Logo]

External links:

Galexia develops Identity and Access Management Strategy and Roadmap for Australian Energy Market Operator (AEMO) - March 2012

Related Galexia services and solutions

  • Identity Management and Authentication - Strategic Consulting. Read more »
  • Identity Management and Authentication - Technical Consulting. Read more »

Galexia delivered an Identity and Access Management (IAM) Strategy for the Australian Energy Market Operator (AEMO).

Our consultants performed an analysis of AEMO's current state IAM business processes and technology, and determined the future state based on requirements and best practice. Galexia performed an IAM market review and technology evaluation that identified and costed the products most appropriate to AEMO. Leveraging the analysis and review, Galexia consultants provided an IAM Strategy and Roadmap for a 2-3 year period.

Read more about Galexia’s work with AEMO »

Global Cloud Computing Readiness Scorecard launched - 22 February 2012

Download the Scorecard

Related Galexia services and solutions

Related Galexia news

On 22 February 2012, the Business Software Alliance (BSA) launched the BSA Global Cloud Computing Readiness Scorecard (2012) developed by Galexia.

The first-of-its-kind Scorecard analyses and ranks the legal and regulatory framework and broadband infrastructure of 24 countries based on seven policy categories that measure the countries’ preparedness to support the growth of cloud computing. Together, these countries account for 80% of the global ICT market.

The Scorecard also includes a detailed country-by-country analysis of legislation, regulations, case law, government policy and standards. The assessments include an evaluation of enforcement and implementation of existing laws in each country, as well as an assessment of compliance with relevant treaties and global agreements where applicable.

Each country's score is computed using a 66-item scoring grid and analyses. The scores are derived using a weighted system that allocates different weights to each section/question. A number of basic fact-finding questions are excluded from the scoring system. Each group of questions is weighted to reflect its importance to cloud computing and each individual question is also weighted to reflect its importance within the group. To help with the scoring and usability of the study, the assessments are based on a series of questions that are framed so that a "yes" response reflects a favourable policy setting for global cloud computing.

External links:

Galexia to present the new Global Cloud Readiness Scorecard at the Cloud Connect conference, Santa Clara USA - 14 February 2012

Related Galexia services and solutions

  • Cloud Computing and Digital Economy Strategy and Advice. Read more »
  • International, Comparative and Cross-Border Research. Read more »

Related Galexia news

On 14 February 2012 Galexia presented the new Global Cloud Readiness Scorecard at the Cloud Connect conference in Santa Clara USA. The new scorecard examines the legal, regulatory and infrastructure environments in 24 countries, including a detailed assessment of their readiness for cloud computing.

Galexia Directors Chris Connolly and Peter van Dijk presented on a panel on a panel called: Breaking Down Barriers: Creating a Global Policy Environment to Promote Cloud Adoption.

External link:

New ePayments Code launched in Australia - September 2011

Related Galexia services and solutions

In September 2011 the Australian Securities and Investments Commission (ASIC) issued a completely revised and updated Code of Conduct for Electronic Transactions. The new ePayments Code replaces the long standing EFT Code of Conduct, and applies to a broader range of online payment systems.

Galexia Director Chris Connolly was a member of the expert working group revising the Code - a process that took two years to complete and involved three rounds of public consultation.

Related links:

  • Galexia assisted CHOICE, the Consumers’ Federation of Australia, and the Consumer Action Law Centre in preparing a joint consumer response to the Australian Securities and Investments Commission’s proposals for changes to the Electronic Funds Transfer (EFT) Code of Conduct. Key issues addressed in the response include liability of consumers and small businesses, and monitoring Code compliance.
    View the 2008 joint consumer response »
  • Galexia assisted CHOICE with its submission regarding the 2007 review of the Electronic Funds Transfer (EFT) Code of Conduct, as conducted by the Australian Securities and Investment Commission (ASIC).
    View the 2007 joint consumer submission »

External link:

Singapore to introduce privacy legislation and a Do Not Call Register - September 2011

Related Galexia services and solutions

Related Galexia news

Singapore has flagged that it plans to introduce privacy legislation in early 2012. A public consultation paper issued by the Ministry of Information, Communications and the Arts was released on 13 September 2011, titled: Proposed Consumer Data Protection Regime For Singapore.

The paper recommends the introduction of private sector privacy legislation based on a mix of EU and APEC best practice. Interestingly, the paper also proposes the establishment of a national Do Not Call Register to fight against the intrusion of telemarketing.

Singapore joins a growing list of countries with proposed and draft privacy legislation in the region.

External link:

Asia Cloud Computing Association incorporates Galexia research into its Cloud Readiness Index - September 2011

Related Galexia services and solutions

  • Cloud Computing and Digital Economy Strategy and Advice. Read more »
  • International, Comparative and Cross-Border Research. Read more »

Related Galexia news

The Cloud Readiness Index developed by the Asia Cloud Computing Association evaluates key attributes in order to identify the state of readiness for cloud computing in 14 markets across the Asia region. It also provides insight into how regulation and policy work address cloud computing issues.

The index incorporates information from several sources, including the Asia Pacific Digital Economy and Cloud Computing Scorecard completed by Galexia for the Business Software Alliance (BSA) in March 2011.

External link:

Galexia research on privacy and health data published in two prestigious medical journals - July 2011

Related Galexia services and solutions

Galexia director Chris Connolly is the joint author (with Christine O’Keefe from CSIRO/Data61) of two articles on privacy and health data.

  • Regulation and Perception Concerning the Use of Health Data for Research in Australia, Christine M O'Keefe and Chris Connolly was published in the Electronic Journal of Health Informatics, Vol 6, No 2 (2011): Special Issue on Smart Healthcare Systems.

A shorter version of the Article was also published in the Medical Journal of Australia:

  • C.M. O'Keefe and C. Connolly, Privacy and the use of health data for research, Med J Australia 193 (2010), 537-541.

Abstract:

The primary objective of this review is to provide an overview of the issues involved in balancing privacy and access in the context of health research. Appropriate collection, management, linkage and interrogation of health data can play a vital role in improving individuals’ health and wellbeing. However, the assembly and use of linked population, clinical and genetic health databases in the research and policy analysis environments raises privacy, confidentiality and ethical concerns.
The topic of our review is of current interest in the context of the Australian Government National Collaborative Research Infrastructure Strategy (NCRIS) investment in the Population Health Research Network (PHRN), which aims to provide improved accessibility to health-related data for the research sector. This initiative is likely to attract new researchers to the field of population health, and the current review may assist them in taking account of privacy regulation and perceptions when designing study and consent processes.
Although there is little evidence of privacy complaints or breaches in health research, it seems clear that privacy regulation and privacy perception are both key factors in the health research context, acting as potential restraints on some types of research that could deliver considerable public benefit. In particular, significant concerns regarding consent and de-identification remain in the community.
Recent Australian Law Reform Commission recommendations leave room for technical solutions to play an increased role in allowing personal information to be de-identified for research purposes. Recent advances in the techniques for de-identifying personal information provide some hope that de-identification can occur without a negative impact on data quality.

External link:

ACMA publishes Galexia’s research on international Cybersecurity awareness raising and educational initiatives - May 2011

Related Galexia services and solutions

Related Galexia news

An Overview of International CyberSecurity Awareness Raising and Educational Initiatives - a report for the Australian Communications and Media Authority (ACMA) by Galexia in partnership with the Cyberspace Law and Policy Centre, was launched in CyberSecurity Awareness week - 30 May 2011.

The study included research and advice on 68 Cybersecurity initiatives (both government and private sector) in 11 jurisdictions.

Browse the Research Report

Download the Research Report from the ACMA

Galexia team presents Asia Pacific Digital Economy and Cloud Computing Scorecard at Hong Kong workshop - April 2011

Related Galexia services and solutions

  • Cloud Computing and Digital Economy Strategy and Advice. Read more »
  • International, Comparative and Cross-Border Research. Read more »
  • Issues Management: Public and Stakeholder Consultations. Read more »

Related Galexia news

Galexia Director Peter van Dijk and Galexia’s Singapore based Associate Yee Fen Lim presented the Asia Pacific Digital Economy and Cloud Computing Scorecard at an industry workshop in Hong Kong in April 2011.

The Scorecard is a comparative analysis of major cyberlaw issues and digital infrastructure in 14 Asia-pacific countries. The presentation focussed on areas where the region is making good progress on developing consistent and harmonised laws and regulations that facilitate cloud computing. Some regional gaps and challenges were also identified in areas such as data protection law, cybercrime legislation and ICT infrastructure.

The workshop was attended by industry associations and business leaders from countries in the region, with strong representation from both developed and emerging economies.

Galexia completes Asia Pacific Digital Economy and Cloud Computing Scorecard - March 2011

Related Galexia services and solutions

  • Cloud Computing and Digital Economy Strategy and Advice. Read more »
  • International, Comparative and Cross-Border Research. Read more »

Related Galexia news

Galexia has completed a comprehensive review of digital economy laws and infrastructure in 14 Asia Pacific countries - the Asia Pacific Digital Economy and Cloud Computing Scorecard. This important comparative analysis was commissioned by the Business Software Alliance (BSA).

The 14 countries in the study are: Australia, China, Hong Kong, India, Indonesia, Japan, Korea, Malaysia, New Zealand, Philippines, Singapore, Taiwan, Thailand and Vietnam.

The report is presented as a checklist of over 100 issues in 8 categories:

  • Security;
  • Cybercrime;
  • Interoperability;
  • Data protection;
  • Intellectual property;
  • International harmonisation of rules;
  • Promoting free trade; and
  • Infrastructure.

The full report is available to BSA members.

Treaties Committee recommends Australia sign two important cyberlaw Conventions - March 2011

Related Galexia services and solutions

The Joint Standing Committee on Treaties has recommended that Australia accede to two important cyberlaw Conventions. The United Nations Convention on the Use of Electronic Communications in International Contracts (Electronic Contracts Convention) and the Council of Europe Convention on Cybercrime (Cybercrime Convention).

Electronic Contracts Convention

The United Nations Convention on the Use of Electronic Communications in International Contracts (the Convention) is the first United Nations Convention to address legal issues arising from the digital economy. Eighteen countries have signed the Convention, including major trading partners such as Korea; China; and Singapore.

The Convention contains a comprehensive framework for establishing contracts using electronic communications.

The Committee noted that in practice, businesses with disputes relating to electronic contracts have not sought to use legal means to resolve their disputes. However, the Committee concluded that signing the Convention would ensure that when an “inevitable” legal dispute arises, the Australian legal system will comply with the internationally recognised process for resolving disputes.

The Committee recommended that Australia take binding treaty action to join the United Nations Convention on the Use of Electronic Communications in International Contracts.

Cybercrime Convention

The Council of Europe Convention on Cybercrime entered into force in 2004. The Convention covers a range of criminal activity involving use of computers or computer networks, such as in unlawfully accessing computer data or interfering with computer systems, or where computer use is integral to the offence, such as for the distribution of child pornography via the Internet.

Over 30 European member states and one non-member, the United States, are party to the Convention. Seventeen other nations have signed the Convention, including non-members Canada, Japan and South Africa.

The Treaties Committee drew considerable attention the role of the Convention in boosting international co-operation to deal with increasingly sophisticated and diverse forms of computer-related criminal activity.

Articles 29 to 34 of the Convention set out the expectations for mutual assistance between Parties including:

  • The preservation of some computer data, and associated traffic data, by service providers for both domestic and foreign investigations;
  • Mutual assistance in the disclosure of traffic data in real time, but only to the extent permitted under applicable treaties and domestic law (Australian legislation does not allow for real-time interception by foreign countries); and
  • Establishment of a 24 hour, 7 days per week point of contact to receive requests and provide assistance for searching and accessing computer data.

Naturally, these aspects of the Convention have raised some community concerns about privacy and security.

The Attorney-General’s Department submitted to the Treaties Committee that the capacity to access and preserve data is fundamental to the new mutual assistance arrangements. However, they also advised that Australia would lodge a Reservation to requirements for foreign investigation of real-time data to ensure they matched Australian thresholds - in particular, Australian law limits disclosure of real-time traffic data to investigations relating to a criminal offence punishable by at least three years’ imprisonment.

The Committee recommended that Australia should accede to the Council of Europe Convention on Cybercrime and update local laws as appropriate.

External link:

Cloud computing advice to the Victorian Department of Innovation, Industry and Regional Development (DIIRD) - November 2010

Related Galexia services and solutions

Galexia provided detailed advice to the Victorian Department of Innovation, Industry and Regional Development (DIIRD) on cloud computing.

In 2009 Galexia prepared an assessment for the Victorian Department of Innovation, Industry and Regional Development (DIIRD) on issues associated with cloud computing and issues concerning potential outsourcing and off-shoring of data.

In 2010 Galexia provided an update to reflect further expansion of the project.

Galexia contributes to new research on privacy complaints in the communications sector - September 2010

Related Galexia services and solutions

On 14 September 201 a new research report: Connolly, C and Vaile, D. Communications privacy complaints: in search of the right path was launched by the Australian Communications Consumer Action Network (ACCAN).

The research for the report was a joint effort between Galexia and the Cyberspace Law and Policy Centre.

External link:

Galexia presented at the Privacy Laws & Business 23rd Annual International Conference - 14 April 2010

Related Galexia services and solutions

Galexia Director, Chris Connolly, presented at the Privacy Laws & Business 23rd Annual International Conference in Cambridge, UK, from 5-7 July 2010. Chris’s presentations covered:

  • Benchmarks for Privacy Trustmarks: An analysis of the challenges facing trust schemes in Australia, Japan, Mexico, Singapore, Thailand; and
  • The United States and The Future of the EU/US Safe Harbor Privacy Framework: Can it be improved or does it require a complete overhaul?

Galexia has previously conducted research into trustmark schemes and the Safe Harbor privacy framework.

Related links:

External links:

Malaysia Parliament passes Personal Data Protection Act - 5 April 2010

Related Galexia services and solutions

Malaysia’s lower house (Dewan Rakyat) has passed the Personal Data Protection Act 2009. The Act introduces protections for personal information, including requirements of and restrictions on private sector data users and rights of data subjects. The Act will also create a Personal Data Protection Commissioner, an advisory committee, and an appeals tribunal.

Related links:

External links:

Galexia prepares submission on consumer fairness tests for ACCAN - 5 March 2010

Related Galexia services and solutions

On behalf of ACCAN, Galexia prepared a submission to the Expert Panel On Franchising And Unconscionable Conduct, established by the Government following a parliamentary inquiry into provisions of the Trade Practices Act 1974 that prohibit unconscionable conduct.

The submission proposes to reform Australia’s consumer laws by inserting a new fairness test into Section 52 of the Trade Practices Act (and all legislation that mirrors that test). This would result in Section 52 prohibiting ‘conduct that is unfair or misleading, or conduct that is likely to mislead or be unfair’.

Related links:

External links:

Galexia director Chris Connolly speaking at Asia-Pacific privacy seminar - 2 March 2010

Related Galexia services and solutions

Galexia Director, Chris Connolly spoke at Privacy in the Asia-Pacific: 2010 Update A comprehensive survey of privacy and data protection in the region on 2 March 2010. The seminar was part of the Continuing Legal Education seminar series run by the Faculty of Law at the University of New South Wales.

Chris discussed the overlap between regional privacy developments and global privacy standards.

Related Galexia Reports:

External links:

Asia-Pacific privacy advocates and academics: Professor Lee Bygrave, Professor Paul Roth, Dr Sinta Dewi Rosadi, Associate Professor Fumio Shimpo, Professor Whon-il Park, Professor Dennis T.C. Tang, Professor Colin Bennett, Professor Abu Bakar Munir, Ms Katrine Evans, Mr Iwan Setiawan, Mr Nigel Waters, Assistant Professor Pirongrong Ramasoota, Mr Chris Connolly, Mr Claro Parlade, Mr Edward Santow, Professor Roger Clarke, Mr David Vaile, Ms Robin Bayley, Professor Graham Greenleaf.


Galexia prepares draft interoperability principles for ACCAN - 2 March 2010

Related Galexia services and solutions

Galexia is preparing a report on interoperability for the Australian Communications Consumer Action Network (ACCAN), including a set of draft interoperability principles. Interoperability, in many systems, can provide a number of benefits for consumers, including reduced cost, increased functionality, and increased competition.

ACCAN will present the report to COPOLCO, the Consumer Policy Committee of the International Standards Organisation (ISO).

Related links:

External links:

Galexia interviewed by Privacy Laws and Business International Journal on the US Safe Harbor and recent actions by the FTC - 26 February 2010

Related Galexia services and solutions

Chris Connolly has been interviewed for the Privacy Laws and Business International newsletter, discussing the recent action taken by the US Federal Trade Commission against six organisations who falsely claimed membership of the US Safe Harbor.

Prior to the FTC action, Galexia published a report highlighting the problem of false membership claims and data accuracy of the Safe Harbor list. The report was published in Privacy Laws and Business International, and is available from Galexia’s website.

Related links:

External links:


Galexia report on public information on credit reporting - 16 February 2010

Related Galexia services and solutions

Galexia has prepared a report for Veda Advantage on consumer information about credit reporting. The report recommends key consumer education requirements in the lead-up to the reform of Australia’s credit reporting and privacy laws (expected in 2011).

Related links:

External links:


Galexia and Qubit Consulting conduct IDM upgrade for the University of Western Sydney - 25 January 2010

Related Galexia services and solutions

  • Identity Management and Authentication - Strategic Consulting. Read more »
  • Identity Management and Authentication - Technical Consulting. Read more »

Galexia and Qubit Consulting have implemented a major new identity management solution for the University of Western Sydney. Galexia assisted with the design, development and implementation of automated provisioning, password synchronisation and data cleansing for University staff and students.

Related links:


Galexia and CHOICE prepare submission to superannuation review - 18 December 2009

Related Galexia services and solutions

On behalf of CHOICE, Galexia prepared a submission to Phase 2 of the Super System Review (the Cooper Review). Phase 2 of the review deals with the operation and efficiency of Australia’s superannuation system.

The submission focuses on a small number of key areas where reform is most needed:

  • Increasing the amount and quality of comparative data available to consumers;
  • Removing the bias that results from sales commissions to advisers when recommending a superannuation fund to consumers;
  • Introducing measures to decrease excessive fees and charges, including a new ‘fee target’ of 1%; and
  • Introducing measures to reduce the number and impact of inactive and lost accounts.

Related links:

External links:


Galexia contributes to the Oxford Australian Law Dictionary - 17 December 2009

Related Galexia services and solutions

Galexia has contributed to the Australian Law Dictionary 2010, published by the Oxford University Press. The Australian Law Dictionary is a current and conceptually new dictionary of Australian legal terms designed as a practical and helpful resource for law students and practitioners. Galexia provided the definition of ‘privacy’ along with several related terms.

External links:


Legal Information Access Centre publishes Galexia’s Hot Topic on Cyberlaws - 1 December 2009

Related Galexia services and solutions

Galexia has prepared a ‘Hot Topic’ for the Legal Information Access Centre (LIAC). The Hot Topic is concerned with cyberlaws, covering key Australian and international laws, conventions, and guidelines as well as emerging trends and recent developments on:

  • Accessibility;
  • Domain Names;
  • Copyright;
  • Contracts;
  • Defamation;
  • Content Regulation;
  • Privacy and Spam;
  • Social Network Sites;
  • Consumer Protection; and
  • Cybercrime.

LIAC’s Hot Topics is a series of plain-language publications about key areas of law. Four issues are published each year, and are available by subscription or through public libraries in New South Wales. Older issues are available directly from the LIAC website.

External links:


Galexia prepares privacy analysis of Salesforce CRM - 17 November 2009

Related Galexia services and solutions

Galexia has prepared a Privacy Impact Assessment (PIA) of Salesforce Customer Relationship Management system (CRM). Salesforce CRM offers to simplify interactions between companies and their clients through its ´cloud services’, but such a system inevitably raises privacy concerns as client data is controlled by a third party.


Galexia and Qubit Consulting conduct IDM upgrade for the University of Sydney - 5 November 2009

Related Galexia services and solutions

  • Identity Management and Authentication - Strategic Consulting. Read more »
  • Identity Management and Authentication - Technical Consulting. Read more »

Galexia and Qubit Consulting have conducted a major upgrade of identity systems for the University of Sydney. Galexia assisted with the development and implementation of a security and provisioning solution for University staff and students.

Related links:


Galexia prepares working draft of Benchmarks for Global Privacy Standards - 3 November 2009

Related Galexia services and solutions

Galexia has prepared a working draft of proposed benchmarks for Global Privacy Standards. The proposed benchmarks are designed to provide a basis for assessing the numerous proposed global privacy standards which have recently emerged.

The release of the working draft comes as Civil Society representatives meet at The Public Voice: Global Privacy Standards for a Global World in Madrid to discuss international privacy developments, including global privacy standards, and the release of the Civil Society declaration Global Privacy Standards for a Global World.

Comments on the working draft are welcome, and can be sent to consult@galexia.com.

Related links:

External links:


Galexia publishes submission to the DBCDE Do Not Call Register Statutory Review - 20 October 2009

Related Galexia services and solutions

Related Galexia news

Galexia has published its submission to the Department of Broadband, Communications and the Digital Economy (DBCDE) review of the Do Not Call register and its associated legislation, the Do Not Call Register Act 2006 (Cth).

The submission raises particular concerns about the ways in which consumers might be taken to have expressed their consent to receive marketing calls, the current three-year registration period, the scope of exemptions in the Act, compliance, and the possibility of industry codes focusing on low-priority issues at the expense of the simplicity and effectiveness of the Register.

Galexia has previously conducted an analysis of the Australian Do Not Call Register and similar international systems, highlighting emerging best practices and the issues affecting the operation of these systems.

Related links:

External links:


Galexia completes PIA for Victorian Department of Innovation, Industry and Regional Development - 1 October 2009

Related Galexia services and solutions

Galexia recently completed a Privacy Impact Assessment (PIA) for the Victorian Department of Innovation, Industry and Regional Development concerning a proposed client data management system. The PIA raised issues of data security and transborder data flows, public perceptions and governance.

The project made use of Galexia’s Victorian PIA template, tailored to Victoria’s privacy law and the Privacy Impact Assessment Guidelines of the Victorian Privacy Commissioner.

Related links:


Galexia develops Victorian Privacy Impact Assessment template - 21 September 2009

Related Galexia services and solutions

Galexia has developed a Privacy Impact Assessment (PIA) template tailored to the privacy requirements under Victoria’s Information Privacy Act 2000 and the Victorian Privacy Commissioner’s Privacy Impact Assessment Guidelines. Our Victorian PIA template complements our Commonwealth and New South Wales PIA templates.

Galexia’s PIA templates are the result of our extensive experience in delivering PIAs and have been used in some of the largest and most complex PIAs in Australia. They ensure that our clients receive a PIA based on a well-tested and well-regarded methodology.

First US Prosecution for false web claim of Safe Harbor status - 11 September 2009

Related Galexia services and solutions

Related Galexia news

The California-based company Balls of Kryptonite has become the subject of the first complaint against a company for falsely claiming membership of the US Safe Harbor Principles.

The Safe Harbor Privacy Principles were developed to allow the export of personal information from the EU to the US, in the absence of any US laws meeting the EU ‘adequacy’ requirement of the EU Data Protection Directive 95/46/EC. The Safe Harbor is a voluntary arrangement; organisations wishing to receive personal information from the EU must self-certify to the Department of Commerce that they comply with the Principles. At present, no law expressly prohibits falsely claiming membership of the Safe Harbor; any prosecution must rely on more general prohibitions against, for instance, deceptive or misleading conduct.

A 2008 study by Galexia found over 200 organisations which claimed to have self-certified were in fact not members of the Safe Harbor.

Related links:

Related links:


Galexia publishes international analysis of Do Not Call Registers - 8 September 2009

Related Galexia services and solutions

Related Galexia news

Downloads

Do Not Call Registers have grown in popularity and are starting to deliver real privacy benefits for consumers. After some initial teething problems, they appear to be working well, with large numbers of registered consumers and numerous examples of enforcement action.

Chris Connolly and Amy Vierboom have published a comparison of the Do Not Call Registers of Australia, Canada, India, Spain, the United Kingdom and the United States. The article compares the functions and sizes of these Registers, and highlights emerging best practices and issues affecting their operation.

Browse online


ACCAN releases Galexia research on Customer Service Charters in the Australian Telecommunications Sector - 25 August 2009

Related Galexia services and solutions

The Australian Communications Consumer Action Network (ACCAN) has released the final report for a research project, conducted by Galexia, on Customer Service Charters in the Australian Telecommunications Sector.

Galexia prepared an analysis of customer service charters in the telecommunications industry, compared with consumer codes. The analysis covered best practice consumer protection in Australia and internationally.

A key finding from the ACCAN Customer Service Research Report is that consumer charters are not effective and the industry proposals used to solve their problems through customer charter is a dead-end.

Related links:

External links:


ACCAN releases Galexia research on Informed Consent in the Australian Telecommunications Sector - 21 August 2009

Related Galexia services and solutions

The Australian Communications Consumer Action Network (ACCAN) has released the final report for a research project, conducted by Galexia, on informed consent in the Australian telecommunications sector.

Laws and codes of conduct set out only limited and inconsistent requirements to obtain informed consent, and industry practice varies greatly in the amount of information provided to consumers about telecommunications products.

The report also finds that industry practice often fails to address the additional complexities in obtaining informed consent from specific consumer categories, including people with disabilities, indigenous consumers, young people, and culturally and linguistically diverse consumers.

Related links:

External links:


eCrime symposium - 4 August 2009

Related Galexia services and solutions

Galexia Director Chris Connolly took part in a panel discussion at the 2009 eCrime Symposium. Chris discussing the legal roles and ethical boundaries for organisations in combating electronic crime, and in particular the EU Cybercrime Convention.

External links:

Galexia complete facial recognition PIA for NSW Roads and Traffic Authority - 1 August 2009

Related Galexia services and solutions

Galexia has completed a privacy impact assessment for the proposed NSW Roads and Traffic Authority (RTA) facial recognition system.

Related links:

External links:

CHOICE submission on consumer code development processes - 2 June 2009

Related Galexia services and solutions

CHOICE has published its submission to the Australian Government’s review of the consumer-related industry codes development process. The submission calls for

  • An articulation of high-level code content principles in legislation;
  • Power for regulators to be able to initiate code development (rather than only the industry);
  • Requirements for the constitution of code development bodies (including a requirement for consumer representatives, and a mechanism for breaking deadlocks);
  • Code monitoring and enforcement requirements;
  • Code review requirements; and
  • External dispute resolution requirements.

In preparation for the submission, Galexia provided CHOICE with a survey of key consumer code approval processes in use in Australia - those of the Australian Competition and Consumer Commission (ACCC), the Australian Securities and Investments Commission (ASIC), the Office of the Privacy Commissioner, and the Australian Communications and Media Authority (ACMA).

Related links:

External links:

Galexia has published an article on Privacy White Lists - 2 June 2009

Related Galexia services and solutions

Published

  • Privacy Laws and Business International, issue 98, 2009, pages 9-12

Downloads

Privacy white lists are published by trustmark schemes to help identify which organisations have been certified as compliant members of their scheme. If an organisation is on the list a consumer may have an increased level of confidence that they will be covered by the rules of the trustmark scheme, including privacy protection and dispute resolution. Consumers can also use the white lists to check that the use of the trustmark is valid, as a significant proportion of trustmarks that appear on websites are often fake or expired.

There is a trend towards the global expansion of white-lists and there is a proposal to develop an APEC white-list of organisations that comply with the APEC Privacy Framework Cross Border Privacy Rules.

This article summarises a Galexia study of white lists published by trustmark schemes. (Surprisingly, not all trustmark schemes publish white lists). The study only examined white lists where the trustmark operators claim that organisations on the lists have passed strict verification of privacy protection standards. Also, the study only examined white lists that have some form of Government backing, oversight or approval. Only six white lists are published that meet all of these criteria, and the Galexia study excluded one white list (ESRB) because it was limited to one very specific type of product (computer games).

The study found that privacy white lists contained an alarming proportion of inaccurate and out of date information. Depending on the trustmark scheme administering the white-list, between 22% and 73% of information is inaccurate or out of date.

This article was published in Privacy Laws and Business International, issue 98, April 2009.

Browse online:


Government to expand the Do Not Call Register - 29 May 2009

Related Galexia services and solutions

In its 2009-2010 budget, the Federal Government allocated AU$4.7 million over four years to the expansion of the Do Not Call Register. The expansion will allow small businesses and emergency services to register, thus prohibiting telemarketing and fax marketing companies form contacting them.

The Department of Broadband, Communications and the Digital Economy (DBCDE) released a discussion paper and called for submissions on the possible expansion in 2008. Galexia’s submission is available via the link below.

Related links:

External links:

ACCAN and customer service charters in the telecommunications sector - 27 May 2009

Related Galexia services and solutions

Galexia is preparing a report on Customer Service Charters and Consumer Codes in the Telecommunications Sector for the Australian Communications Consumer Action Network (ACCAN), a government-sponsored peak consumer representative organisation.

The report has been completed and will be launched by the Minister for Broadband, Communications and the Digital Economy in the near future.

Related links:

ACCAN and informed consent in the telecommunications sector - 26 May 2009

Related Galexia services and solutions

Galexia is preparing a report on Informed Consent in the Telecommunications Sector for the Australian Communications Consumer Action Network (ACCAN), a government-sponsored peak consumer representative organisation.

The report examines ‘informed consent’ in Australian law, particular measures used to inform consumers, and special issues of informed consent for consumers from culturally and linguistically diverse groups.

The report has been completed and will be launched by the Minister for Broadband, Communications and the Digital Economy in the near future.

Related links:

Galexia has relocated on Jones Bay Wharf - 25 May 2009

Galexia’s main office has relocated - we are still at Jones Bay Wharf in Pyrmont, Sydney, but have moved from the eastern to the western side of the wharf. Our new contact details are:

Suite 98, Jones Bay Wharf,
26-32 Pirrama Road,
Pyrmont (Sydney) NSW 2009,
Australia

Telephone: +61 (02) 9660 1111
Facsimile: +61 (02) 9660 7611
Email: consult@galexia.com

Information on coming to our office is available at http://www.galexia.com/public/contact/.

Government releases draft National Consumer Credit Reform Package - 28 April 2009

Related Galexia services and solutions

The Australian Commonwealth government has released a package of draft legislation for National Consumer Credit Reform, aimed at strengthening and consolidating Australia’s consumer credit laws.

Specific reforms include:

  • Registration and licensing of credit organisations (including the introduction of an Australian Credit License);
  • Responsible lending practices;
  • Sanctions and remedies (to be administered by the Australian Securities and Investments Commission); and
  • Reforms of dispute resolution and court mechanisms.

Galexia has worked closely with both industry and consumer groups on credit and consumer issues:

External links:

Galexia news available via RSS - 24 April 2009

Galexia news is now available as an RSS feed. To subscribe, click on the RSS logo subscribe to news feed or copy the address http://www.galexia.com/public/news.xml into your RSS reader.

Galexia news covers key developments in privacy, electronic commerce, and identity and authentication management in Australia and the Asia-Pacific region, along with news about Galexia’s work.

RSS feeds allow you to track news and updates on websites without having to visit the website in your browser. There are several ways to follow RSS feeds:

  • Web browsers: current browsers like Internet Explorer (7+), Firefox (2+), Opera (9+) and Safari (2+) include built-in feed readers. Follow the link to the feed to view the news stories or subscribe.
  • Websites: there are online tools for aggregating feeds into a single page, useful if you use multiple computers. Popular sites include Bloglines, NewsGator, Google Reader, Netvibes and MyYahoo.
  • Feed reader software: You can install stand-alone programs to run from your desktop to read feeds. A typical Windows program is Feed Demon. There are many others listed at Wikipedia's RSS Reader entry.
  • Email software: Email clients like Microsoft Outlook 2007 and Mozilla Thunderbird include feed reader features.

Look for the subscribe to news feed RSS feed logo.

Australia to adopt the UN Convention on the use of Electronic Communications in International Contracts - 23 April 2009

Related Galexia services and solutions

Ministers at the Standing Committee of Attorneys-General meeting in April 2009 have agreed that the electronic commerce laws of Australia’s states and territories should be amended to allow Australia to adopt the United Nations Convention on the use of Electronic Communications in International Contracts.

The Convention sets out principles for the legal recognition of electronic communications, the nature of offer and acceptance in electronic contracts, the time and place of dispatch and receipt of electronic communications, the use of automated systems in contract formation, and errors in electronic communications.

As at April 2009, 18 countries have signed the Convention.

Galexia has written and worked extensively on electronic contracting issues in Australia and internationally, most notably assisting the ASEAN Member Countries in harmonising their electronic commerce laws and preparing an analysis of regional harmonisation of electronic commerce laws for the UN Conference on Trade and Development (UNCTAD).

Related links - Galexia’s publications on the Conventions and Australia’s electronic contracting laws:

Related links - Galexia’s work on electronic contracting and e-commerce:

External links:

Department of Broadband, Communications and the Digital Economy (DBCDE) releases issues paper on consumer codes in telecommunications - 31 March 2009

Related Galexia services and solutions

The Department of Broadband, Communications and the Digital Economy (DBCDE) has released an issues paper on the processes involved in developing self-regulatory consumer codes in the telecommunications sector. The issues paper makes a number of references to Galexia and CHOICE’s joint paper Consumer Protection in the Communications Industry: Moving to best practice.

The release follows a number of government initiatives aimed at reforming the industry:

On 31 March 2009, Senator Stephen Conroy, Minister for Broadband, Communications and the Digital Economy, announced that the Australian Government would undertake a review of the processes associated with developing consumer-related industry codes, as specified under Part 6 of the Telecommunications Act 1997.

DBCDE has invited the public to make submissions on the issues paper by 15 May 2009.

Related links:

External links:

Australasian Retail Credit Association Credit Reporting Code - March 2009

Related Galexia services and solutions

Galexia has been commissioned by the Australasian Retail Credit Association to conduct a review of the Credit Reporting Code of Conduct. Galexia’s role is to develop aspects of the code and advise on important issues that the code creates in the field of credit reporting.

The Australasian Retail Credit Association brings together many senior credit executives from different credit agencies, to explore relevant issues and bring reform to the existing complex credit reporting laws in Australia.

Related links:

External links:

ASEAN, Australia, New Zealand sign free trade agreement - February 2009

Related Galexia services and solutions

On 27 February 2009 the Association of Southeast Asian Nations, Australia, and New Zealand signed the Agreement Establishing the Association of Southeast Asian Nations (ASEAN)-Australia-New Zealand Free Trade Area (AANZFTA).

Chapter 10 of the AANZFTA is designed to promote electronic commerce activities between the parties to the Agreement, and includes provisions calling for the enablement of electronic authentication and digital signatures, online consumer protection, online data protection, and paperless trade, as well as increased cooperation on e-commerce research and training between the parties.

Galexia has previously assisted the ASEAN Member Countries in harmonising their e-commerce legislation. At the completion of the Harmonisation of E-Commerce Legal Infrastructure in ASEAN Project, eight of the ten ASEAN Member Countries had enacted e-commerce legislation, while draft laws had been introduced in the remaining two.

Related links:

External links:

First Technical Assistance Seminar on the Implementation of the APEC Data Privacy Pathfinder - February 2009

Related Galexia services and solutions

Galexia Director Chris Connolly was invited to speak at the First Technical Assistance Seminar on the Implementation of the APEC Data Privacy Pathfinder, held in Singapore on the 22nd and 23rd of February 2009. The meeting brought together a host of international delegates to further develop an understanding of how to effectively implement the APEC Data Privacy Pathfinder.

The seminar, entitled ‘Making it work - cross-border privacy in practice’ looked at a range of issues surrounding the Cross-Border Privacy Rules System. The different sessions focused on the EU’s perspective of Cross-Border Privacy, the ability of trustmarks to offer consumer protection, governance issues and practical questions of implementing cross-border privacy.

Chris presented a paper on trustmarks, and participated in a panel addressing matters that relate to trustmarks.

Survey on consumer protection laws in Asia-Pacific - February 2009

Related Galexia services and solutions

Galexia has partnered with a project steering committee of consumer organisation representatives from around the Asia-Pacific region to undertake a survey of consumer protection and competition laws. The survey will provide consumer organisations with a basic understanding of existing laws in the region and enable them to promote better outcomes for consumers.

The countries surveyed are Australia, Fiji, India, Korea, the Philippines, Thailand and Vietnam. Consumers International, the body overseeing the project, will complete a report based on Galexia's analysis of the surveys and make this available to the participating countries.

Related links:

External links:

AUSTROADS privacy review - February 2009

Related Galexia services and solutions

Galexia has been commissioned by AUSTROADS (Australian and New Zealand road and Transport Authorities) to assist with a full strategic review of the National Exchange of Vehicle and Driver Information System (NEVDIS). Galexia will be responsible for identifying key privacy issues relating to the NEVDIS database. Galexia is providing privacy expertise, offering effective advice on managing evident risks and presenting strategic solutions to the apparent challenges.

The project is an extension of previous work Galexia has undertaken for AUSTROADS, and will be conducted in partnership with Doll Martin Associates.

Related links:

External links:

Privacy in interstate student transfers - January 2009

Related Galexia services and solutions

  • Strategic Privacy Consulting. Read more »
  • Privacy Management Lifecycle: Our Privacy Products and Services. Read more »
  • Identity Management and Authentication - Strategic Consulting. Read more »

Galexia has completed a report, identifying privacy issues arising as part of the Learning Identity Management Framework (LIMF) Project. The research analyses the current landscape of Student Data transfers and makes recommendations on converting the current manual system of transferring data (when a student changes schools, intra or inter jurisdiction) to an electronic one.

Galexia worked in partnership with Link Affiliates to complete the research, identifying key risks in establishing the Framework as well as effective strategies to manage these. The report was completed in January 2009 for The University of Southern Queensland on behalf of the Department of Education, Employment and Workplace Relations.

External links:

Privacy code for access to Queensland property data - January 2009

Related Galexia services and solutions

Related Galexia project

In late 2008 Galexia developed a Code of Conduct for bulk data access to identified information in the Queensland Valuation and Sales System (QVAS) database - the short title is the QVAS Code of Conduct.

The Code covers privacy protections and complaints mechanisms for access to information about real property transactions in Queensland. The Code was submitted to the QLD Cabinet in late 2008 and is the subject of public consultations in 2009.

Galexia assisted the Queensland Department of Natural Resources and Water and a working group of information broker industry representatives to develop this Code from scratch. The project included research on privacy issues, stakeholder workshops and the development of an explanatory memorandum.

The Code adopts best practice approaches to privacy protection and governance issues.

2008 review of the EFT Code of Conduct - January 2009

Related Galexia services and solutions

Galexia has assisted CHOICE, the Consumers’ Federation of Australia, and the Consumer Action Law Centre in preparing a joint consumer response to the Australian Securities and Investments Commission’s proposals for changes to the Electronic Funds Transfer (EFT) Code of Conduct. Key issues addressed in the response include liability of consumers and small businesses, and monitoring Code compliance.

Related links:

External links:


  

National e-Authentication Framework Website Authentication Guidelines - January 2009

Related Galexia services and solutions

  • Identity Management and Authentication - Technical Consulting. Read more »
  • Identity Management and Authentication - Strategic Consulting. Read more »

In December 2008 the Australian Government Information Management Office (AGIMO) within the Department of Finance and Deregulation released a set of documents outlining the National eAuthentication Framework (NeAF).

The NeAF sets out a whole-of-government approach to managing identity-related risks in online transactions between individuals and government, and between businesses and government. It combines the earlier Australian Government e-Authentication Framework for Business and Australian Government e-Authentication Framework for Individuals into a single framework.

NeAF Best Practice Guideline 2 sets out methods for authenticating government websites - an essential part of developing trust in online transactions. BPG2 includes three technical appendices prepared by Galexia:

  • Website authentication mechanisms;
  • Website authentication - technology assessment schedule; and
  • Current Attacks on Websites.

Related links:

External links:


New Galexia Study: The US Safe Harbor - Fact or Fiction? - December 2008

Related Galexia services and solutions

Published

  • Privacy Laws and Business International, issue 96, 2008, pages 1, 3, 26-27

Downloads

The US Safe Harbor is an agreement between the European Commission and the United States Department of Commerce that enables organisations to join a Safe Harbor List to demonstrate their compliance with the European Union Data Protection Directive, allowing the transfer of personal data to the US in circumstances where the transfer would otherwise not meet the European adequacy test for privacy protection.

First released in November 1998, and officially accepted by the EU in 2000, the Safe Harbor is best described as an uneasy compromise between the comprehensive legislative approach adopted by European nations and the self-regulatory approach preferred by the US. The Safe Harbor Framework has been the subject of ongoing criticism, including two previous reviews (2002 and 2004). Those reviews expressed serious concerns about the effectiveness of the Safe Harbor as a privacy protection mechanism.

After ten years of public debate it is time to examine the Safe Harbor again. Chris Connolly’s article The US Safe Harbor - Fact or Fiction? summarises the findings of a Galexia study regarding the current status of the Safe Harbor Framework. The Galexia study assessed each of the organisations listed on the Safe Harbor List (1,597 entries) against a small subset of key criteria contained in the Safe Harbor Framework Principles.

This article was published in Privacy Laws and Business International, issue 96, December 2008.

Browse online:


Privacy in consumer credit reporting - November 2008

Related Galexia services and solutions

Downloads

Chris Connolly presented a discussion, entitled Who’s to blame for credit stress, and how can we help consumers?, at the National Access to Justice and Pro Bono Conference, held by the Law Council of Australia and the National Pro Bono Resource Centre in Sydney from 14-15 November 2008.

Chris’s presentation examined potential reform of both consumer credit law and privacy law in Australia following the Australian Law Reform Commission’s privacy report For Your Information: Australian Privacy Law and Practice (Report 108). Galexia has previously prepared a submission to the ALRC’s inquiry, discussing options for stronger, more effective and more efficient consumer protection in credit reporting in Australia.

Related links:

External links


The ALRC recommendations for Cross Border Transfers - November 2008

Related Galexia services and solutions

The Australian Law Reform Commission’s Report 108: For Your Information: Australian Privacy Law and Practice sets out proposed ‘Unified Privacy Principles’ for reforming Australia’s privacy law.

Unified Privacy Principle 11 (UPP 11) attempts to combine the ‘accountability’ approach to cross-border privacy protection (similar in part to the approach taken in Japan, New Zealand and Canada) with elements of the existing, more traditional ‘adequacy’ approach (similar in part to the approach taken in the EU).

In Weak protection for offshore data - the ALRC recommendations for Cross Border Transfers, Chris Connolly examines the ALRC proposal in detail, and raises significant concerns about both the drafting and the likely impact of the proposal. There are fears that UPP 11 is so weak that all of the privacy protections contained in the other ten UPPs will be thrown away the minute data moves offshore. The proposed UPP 11 requires significant re-drafting so that the accountability principle is properly implemented, and steps must be taken to limit the broad exemptions contained in the proposal.

Related links:

External links:


CHOICE publishes Galexia report on consumer protection in the telecommunications industry - October 2008

Related Galexia services and solutions

Related news

  • Department of Broadband, Communications and the Digital Economy (DBCDE) releases an Issues Paper consumer codes in telecommunications - 31 March 2009. Read more »

CHOICE has released the report Consumer Protection in the Communications Industry: Moving to best practice, based on an issues paper prepared by Galexia. The report provides an overview of consumer concerns with the current co-regulatory consumer protection framework in the telecommunications sector in Australia.

Related links:

External links:


Trustmark Schemes Struggle to Protect Privacy - September 2008

Related Galexia services and solutions

Downloads

Galexia has published an article examining the effectiveness of privacy trustmarks in protecting consumers’ rights.

July 2008 was a landmark month in the history of privacy trustmarks - the seals that appear on some websites to provide a level of assurance about privacy protection. The largest and most successful trustmark - TRUSTe with over 2000 members - changed its status from ‘non-profit’ to ‘for profit’. And the second largest trustmark - BBB Online Privacy with over 700 members - closed its doors for good, abandoning a scheme that it had run for over eight years.

The basic premise of privacy trustmarks is that end users are supposed to have confidence in web sites displaying the trustmark seal, as it presumably indicates that the site adheres to good privacy standards. In practice, although trustmark seals all appear similar, the level of privacy protection varies a great deal. Some seals are backed by detailed standards and independent audits. Other seals are provided with no requirements or checks (other than payment). Some seals include a free dispute resolution service for complaints, other seals have no complaints mechanism or charge consumers for lodging complaints.

This article examines both legitimate and non-legitimate privacy trustmarks, and finds that there are serious consumer issues for both categories. Trustmarks have struggled to provide even basic privacy protection to date, and with the demise of BBB Online Privacy and the change in status of TRUSTe, it is difficult to be optimistic about the future.

Browse online:


Galexia advises on Identity and Access Management strategy in the financial sector - 15 October 2008

Related Galexia services and solutions

  • Identity Management and Authentication - Strategic Consulting. Read more »
  • Identity Management and Authentication - Technical Consulting. Read more »

Galexia was approached by a large financial institution to advise on the development of an identity management strategy, and provide assistance in evaluating available solutions.

The project involved a detailed analysis of business drivers including an assessment of governance, risk, and compliance issues (GRC). Business requirements were established through extensive stakeholder interviews, and these were elaborated into a comprehensive set of functional and non-functional identity and access management requirements.

Galexia also conducted a rigorous technology evaluation, identifying relevant products and inviting a shortlist of vendors to present their solutions. This was used to create a detailed product assessment based on the client’s specific needs, examining the candidate products across over 80 custom metric points.

Galexia provided the client with a governance structure, a path forward towards implementation, and independent assessment of market features and trends. Galexia’s analysis enabled the project to proceed with confidence, understanding and ownership in their identity management solution.

Galexia has specialised in the architecture of distributed identity solutions, including authentication, authorisation, accounting, auditing, single sign-on, federation, provisioning, synchronisation, public key infrastructure and emerging user-centric (Identity 2.0) approaches. The combined user population of the identity management systems Galexia has designed is in the tens of millions.

Related links:


Privacy issues in e-commerce - October 2008

Related Galexia services and solutions

Downloads

Chris Connolly presented a paper on e-commerce privacy issues and the Australian Law Reform Commission’s privacy report For Your Information: Australian Privacy Law and Practice (Report 108) at a symposium on 2 October 2008. The symposium, entitled Meeting privacy challenges - the ALRC & NSWLRC Privacy Reviews, was held by the Cyberspace Law & Policy Centre at the Faculty of Law, University of New South Wales, as part of the Centre’s ‘Interpreting Privacy Principles’ ARC Discovery project and will address:

  • Providing a set of Privacy Principles that set a new global standard;
  • Building consumer trust in electronic commerce;
  • Achieving effective enforcement of privacy rules and remedies for breaches;
  • Limiting the growth of a surveillance society; and
  • Meeting international standards to facilitate appropriate cross border data transfers.

Chris was also a commentator for the session on cross border data transfers.

Related links

External links:


Asia-Pacific regional privacy options - August 2008

Related Galexia services and solutions

Published

  • World Data Protection Report, volume 8, number 9, 2008, pages 8-16
  • Privacy Law Bulletin, volume 5, numbers 1 and 2, 2008, pages 26-38

Downloads

The Asia-Pacific region has reached a significant crossroads regarding the protection of privacy.

The region could choose to follow a path that is based on the traditional approach to privacy found in the EU Data Protection Directive of 1995 and the domestic laws of many countries, with strong comprehensive privacy legislation establishing independent regulators and imposing conditions on the transfer of personal information to parties in third countries.

The alternative path is to follow a new model of privacy protection that involves greater reliance on self-regulation, self-certification, trust-marks and the registration of corporate rules. This approach is strongly advocated by US businesses and some features of this approach appear (in a limited way) in the APEC Privacy Framework of 2005 and related APEC Privacy Pathfinder Projects.

In Asia-Pacific Region at the Privacy Crossroads Galexia Director Chris Connolly examines current privacy developments in the Asia-Pacific region and analyses the benefits and risks of pursuing either the EU or the APEC approach to privacy regulation.

This article includes up to date information on privacy developments in the following Asia-Pacific jurisdictions:

  • Australia
  • Brunei
  • Cambodia
  • China
  • Hong Kong
  • Indonesia
  • Japan
  • Korea
  • Laos
  • Macau
  • Malaysia
  • Myanmar
  • New Zealand
  • Pacific Islands
  • Philippines
  • Singapore
  • Taiwan
  • Thailand
  • Vietnam

Browse online:


Australian Law Reform Commission releases final report on Australian privacy laws - August 2008

Related Galexia services and solutions

The Australian Law Reform Commission released its final report for its inquiry into Australia’s privacy laws on 11 August 2008. The report, For Your Information: Australian Privacy Law and Practice (Report 108) is around 2700 pages long, and contains 295 recommendations for improving Australia’s federal data protection laws.

Galexia was commissioned by Veda Advantage to prepare an independent submission to the inquiry discussing the privacy issues surrounding credit reporting, in response to the ALRC’s Discussion Paper 72.

The Australian Government has proposed a phased response to the ALRC recommendations. The first phase will address the proposed Unified Privacy Principles, health privacy, credit privacy, and privacy education. The second phase will address the recommendations on removal of exemptions, data breach notifications and the tort of privacy.

Related links:

External links:


Galexia conducts Pacific spam enforcement workshop - July 2008

Related Galexia services and solutions

Galexia conducted a workshop on anti-spam law enforcement in the Pacific in Brisbane on 14 July 2008.

The workshop’s key objectives included:

  • Identifying appropriate mechanisms and procedures to enforce anti-spam legislation
  • Developing materials and activities for public awareness and education
  • Facilitating the development of domestic, regional and international cooperative arrangements.

The workshop was part of the Strengthening Spam Legislation, Enforcement and Cooperation Regimes in the Pacific project, conducted by Galexia with the support of AusAID and the Australian Department of Broadband, Communications and the Digital Economy (DBCDE). The project has assisted the Pacific nations Niue, Samoa and Vanuatu in strengthening their anti-spam legislation and enforcement systems.

Related links:


Galexia publishes case study on Harmonisation of E-Commerce Legal Infrastructure in ASEAN project - May 2008

Related Galexia services and solutions

Galexia has completed a case study of the Harmonisation of E-Commerce Legal Infrastructure in ASEAN project. The case study illustrates the progress made during the four years of the program (2004-2008), with eight of the ten ASEAN Member Countries having enacted e-commerce laws, and the remaining two having draft laws.

Related links:


Galexia assists CHOICE with submission on consumer protection in telecommunications - May 2008

Related Galexia services and solutions

Download

Related news

  • Department of Broadband, Communications and the Digital Economy (DBCDE) releases an Issues Paper consumer codes in telecommunications - 31 March 2009. Read more »

Galexia was commissioned by CHOICE to prepare a submission to the 2008 Telecommunications Consumer Representation Stakeholder Forum, held in late April 2008. The paper, entitled Consumer Protection in the Communications Industry: Moving to best practice, provides an overview of consumer concerns with the current co-regulatory consumer protection framework in the telecommunications sector in Australia.

Browse online:

Related links:

External links:


Recruitment - Legal/IT Research Consultant - April 2008

We are looking for an enthusiastic and dynamic person to join us as a junior Legal/IT Research Consultant on a casual basis. The role requires a background in both law and technology - we are particularly interested in hearing from university students in combined IT/Law or similar degrees.

The successful applicant’s core duties will include legal and technical research (with a strong international focus) in our areas of specialisation - e-commerce, identification, identity management, authentication, security and privacy - and assisting with system administration - maintaining our internal systems as well as our client extranets and public website.

Related links:


Automated business in life insurance and electronic commerce - April 2008

Related Galexia services and solutions

Chris Connolly will sit on a panel of experts at a seminar discussing the benefits, challenges and implications of automated business in life insurance and electronic commerce. The key issues to be addressed include:

  • What are the benefits of automated underwriting?
  • Do we need signatures?
  • How much do advisers have to change the way they work?
  • How far can the system go?
  • How should we deal with cases that do not go straight through the automated system?
  • What are the implications for underwriter training?
  • Privacy issues
  • Electronic record keeping issues

The discussion is being hosted by the Investment and Financial Services Association Limited.

External links:


Tenth ASEAN E-Commerce workshop held in Jakarta, Indonesia - March 2008

Related Galexia services and solutions

The tenth ASEAN E-Commerce workshop was held in Jakarta, Indonesia in April 2008. The workshop focused on regional and international e-commerce issues, and the Indonesian Law on Information and Electronic Transactions.

Related links:




Chris Connolly (Galexia), Iwan Gunawan (Program Coordinator, AADCP Program Stream) and Roger Vitasa (ASEAN)


Workshop Participants

  • Muhammad Yasin Kara (Faction Secretary PAN, Parliament of Republic of Indonesia),
  • Teddy Sukardi (Chairman, Indonesian Information Technology Federation (IITF),
  • Dr Giri Suseno (National ICT Council),
  • Eka Ginting (CEO, Indo.com),
  • Edmon Makarim S Kom (Legal Advisor to Ministry of Communication and Information Technology), and
  • Chris Connolly (Galexia)

  • Dr Giri Suseno (National ICT Council),
  • Eka Ginting (CEO, Indo.com),
  • Edmon Makarim S Kom (Legal Advisor to Ministry of Communication and Information Technology), and
  • Chris Connolly (Galexia)


Presentation: International and ASEAN Best Practice in E-Commerce Legislation; Chris Connolly (Galexia)

  • Eka Ginting (CEO, Indo.com),
  • Chris Connolly (Galexia),
  • Muhammad Yasin Kara (Faction Secretary PAN, Parliament of Republic of Indonesia),
  • Edmon Makarim S Kom (Legal Advisor to Ministry of Communication and Information Technology),
  • Teddy Sukardi (Chairman, Indonesian Information Technology Federation (IITF),
  • Djoko Harijade (Director fo E-Government and Acting Director of E-Business, Indonesian Ministry of Communication and Information Technology) and
  • Dr Giri Suseno (National ICT Council)

Indonesian Parliament passes e-commerce law - March 2008

Related Galexia services and solutions

On 25 March the Indonesian House of Representatives passed the Law on Information and Electronic Transactions. This omnibus law includes provisions for enabling e-commerce transactions and digital signatures, privacy, domain name registration and dispute resolution, digital copyright, content regulation and cybercrimes. The Law is an important step in meeting Indonesia’s e-commerce targets under the Roadmap for Integration of e-ASEAN Sector.

Galexia is assisting Indonesia by providing an analysis of the Law and a high-level awareness-raising workshop (the tenth ASEAN E-Commerce workshop) to facilitate the promotion of the Law. The workshop will be held on 8 April in Jakarta, Indonesia.

Related links:

External links:

Consumer protection in electronic contracts - March 2008

Related Galexia services and solutions

CHOICE and the Cyberspace Law and Policy Centre at the University of New South Wales hosted a roundtable discussion on consumer rights in the information age in early March. Galexia Director Chris Connolly addressed participants on Australian and regional regulatory responses to the key challenges of consumer protection in electronic contracts.

The roundtable discussion was preceded by a public lecture by Professor Jane Winn of the University of Washington.

Related links:

Galexia completes study of cyberlaw harmonization for UNCTAD Information Economy Report - February 2008

Related Galexia services and solutions

Related Links

Galexia was commissioned to prepare a case study on harmonisation of cyberlaws for the United Nations Conference on Trade and Development’s (UNCTAD’s) Information Economy Report 2007-2008. The case study analysed the development of consistent e-commerce laws across the ASEAN Member Countries, based on Galexia’s work in the region. The ASEAN Member Countries stand out as being the first regional group to adopt harmonised e-commerce laws.

Download Report


Galexia assists Eric Bana in a domain name dispute - February 2008

Related Galexia services and solutions

Galexia assisted actor Eric Bana in a domain name dispute against a cybersquatter before a panel of the World Intellectual Property Organisation (WIPO) in late 2007. Under the Uniform Domain Name Dispute Resolution Policy (UDRP - the dispute resolution policy for top-level domain names), the panel ordered that the domain name be transferred to Eric Bana.

Related links:

Galexia hosts Japanese privacy delegation - February 2008

Related Galexia services and solutions

Galexia recently hosted a delegation of Japanese privacy experts, including academics and professionals from the legal and technology fields. The delegation met with Australian privacy experts from within government, industry and academia, discussing a broad range of privacy issues, with a particular focus on privacy impact assessments (PIAs) and biometrics. The meetings were conducted in Sydney and Canberra.

Galexia has provided privacy compliance advice to a number of international companies with operations in Japan following the introduction of the Japanese Act on the Protection of Personal Information 2003.

 

The privacy implications of China's outsourcing industry - January 2008

Related Galexia services and solutions

Data protection law in China is currently going through a significant reform. There is potential for China’s existing patchwork of data protection requirements to be transformed into a strong, comprehensive data protection regime. This paper canvases the recent developments, particularly from the perspective of offshore outsourcing - a growing industry sector in China.

The article was published in Volume 10, No 9 of the Internet Law Bulletin (January 2008).

Related links:

Developments in digital rights management - January 2008

Related Galexia services and solutions

Digital rights management (DRM) restricts usage and copying of digital copyright materials (such as music) using technical access control measures. Online music retailers, such as the Apple iTunes store, have typically been forced to use these protected formats by the recording industry, in an attempt to combat online piracy.

Recently, key record labels have moved away from the use of DRM, allowing the online retailer Amazon to sell unprotected versions of their music. This byte discusses some of these developments, and related developments on the legal front.

The byte was published in Volume 10, No 9 of the Internet Law Bulletin (January 2008).

Related links:

Galexia provides technical assistance for Indonesian cyberlaw bill - January 2008

Related Galexia services and solutions

Galexia has been assisting ASEAN meet targets set in the Roadmap for Integration of e-ASEAN Sector (the e-ASEAN Roadmap). Measures contained in the e-ASEAN Roadmap for e-commerce include:

Galexia’s project on e-commerce legal infrastructure for ASEAN has been expanded to include special assistance for Indonesia. This phase will run from January to April 2008.

Indonesia has developed draft legislation to meet this target - the Electronic Information and Transaction Bill. It is an ambitious piece of legislation covering e-government, electronic contracting, privacy, Cybercrime, spam, digital copyright and other cyberlaw issues in a single omnibus Bill.

This new project will assist Indonesia through:

The Harmonisation of E-Commerce Legal Infrastructure in ASEAN Project is funded by the ASEAN Australia Development Cooperation Program (AADCP). AADCP is funded by the Australian Government through AusAID, implemented in close collaboration with the ASEAN Secretariat, and managed by Cardno Acil.

Related links:

Developments in Asia-Pacific privacy laws in 2007 - January 2008

Related Galexia services and solutions

This article provides a summary of the key privacy law developments in the Asia-Pacific region in 2007. As sharing of personal details online becomes more frequent, and the accessibility of such information is enhanced by rapidly improving technologies, the privacy risks that threaten a world citizen are greater than ever before. In the Asia-Pacific region there has been significant growth in Business Process Outsourcing (BPO), which demands countries develop coherent information protection laws. A number of countries in the region are making progress towards new privacy legislation. At the same time other countries in the region with existing privacy laws are looking to amend and reform laws so that they align with current technologies, community views and international standards. One new issue that is emerging is the consideration of data breach notification rules by Asia-Pacific countries - and this is likely to be a major talking point in the region over the next few years.

The article was published in Volume 4, Nos 6 and 7 of the Privacy Law Bulletin (December 2007).

Related links:

Credit reporting submission to the Australian Law Reform Commission's Privacy Review - December 2007

Related Galexia services and solutions

Galexia was recently commissioned by Veda Advantage to independently research and develop options for a framework for stronger, more effective and more efficient consumer protection in credit reporting in Australia. This task was been initiated in response to the Australian Law Reform Commission (ALRC) review of privacy legislation.

Consumer protection in the regulation of credit reporting is a very complex territory and Veda Advantage wanted to assist the ALRC and stakeholders with a cogent expert’s report to guide understanding of the major issues.

Related links:

External links:

Galexia Associate Claro Parlade wins Endeavour Fellowship to study privacy law - November 2007

Related Galexia services and solutions

Claro Parlade, Galexia’s associate from the Philippines, has won an Endeavour Fellowship and will be funded to visit Australia in 2008 for 3 months to study privacy law.

Claro is currently the Executive Director of the Cyberspace Policy Centre for Asia-Pacific (CPCAP), a leading source of expertise on electronic commerce, privacy and online dispute resolution issues in the Asian region.

Galexia and the Office of the Privacy Commissioner (OPC) are Claro’s joint sponsors for the programme, and Galexia will be co-hosting Claro along with the OPC. He will also spend time travelling around the country interviewing key business, government and consumer stakeholders about privacy issues.

Claro has considerable experience in policy work in the Philippines, having been Chairman of the Legal and Regulatory Committee of the IT and E-Commerce Council (‘ITECC’) of the Philippines from 2000 to 2004. He has been involved in the drafting of the Philippines E-Commerce law, and has worked on numerous draft bills and regulations on matters such as the creation of a department of ICT, telecommunications reform, cybercrime and Internet governance.

The Endeavour Programme brings leading researchers, executives and students to Australia to undertake short or long term study, research and professional development in a broad range of disciplines and enables Australians to do the same abroad.

External links:


Claro Parlade

Jurisdictional and enforcement issues of internet gambling - October 2007

Related Galexia services and solutions

The online gambling market is facing the same challenges of jurisdiction and law enforcement as internet activities in general. In this article, Christina Fränngård discusses recent issues in these areas, and examines the situation in three jurisdictions in detail - the US, the EU and Australia.

The article was published in Volume 10, No 7 of the Internet Law Bulletin (October 2007).

Related links:

Galexia assists the NSW RTA with their Document Verification System - October 2007

Related Galexia services and solutions

Galexia has been selected to conduct a Privacy Impact Assessment (PIA) for the NSW Roads and Traffic Authority (RTA). The PIA will cover the RTA’s potential participation in the national Document Verification Service (DVS).

The DVS has been developed as part of the National Identity Security Strategy. The DVS will be a secure, electronic, on-line system accessible by certain Australian Government, state and territory agencies to check the validity of an identity document. The verification of driver licences will be completed via the National Exchange of Vehicle and Driver Information System (NEVDIS) database, operated by AUSTROADS.

Galexia to help develop spam laws in the Pacific - October 2007

Related Galexia services and solutions

After a competitive tender process, Galexia has been chosen to assist the Department of Communications, Information Technology and the Arts (DCITA) in the development of a harmonised spam legislation, enforcement and co-operation regime for three Pacific nations.

This project, funded in part by AusAID's Pacific Governance Support Program (PGSP), will be applied across the island states of Niue, Samoa and Vanuatu.

As part of the project, Galexia will have a central role in developing a package of anti-spam policy and legislation, specifically tailored for these Pacific nations, which will be modelled on Australia's Spam Act of 2003.

DCITA's role will continue through to developing a local enforcement capability, as well as assisting the Pacific nations participate in an international network of enforcement agencies.

Related links:

Five new signatories to the UN Convention on the Use of Electronic Communications in International Contracts - October 2007

Related Galexia services and solutions

The treaty event, entitled "Focus 2007: Towards Universal Participation and Implementation - A Comprehensive Legal Framework for Peace, Development and Human Rights" was held at United Nations Headquarters in New York, on the 25-27 of September and the 1-2 of October 2007. During the event, the United Nations Convention on the Use of Electronic Communications in International Contracts received five new signatories:

The Convention was adopted by the UN General Assembly in November 2005 and has since received 15 signatories. The Convention aims to improve the legal certainty and commercial predictability of electronic contracts. Other signatories to the Convention are the Central African Republic, China, Lebanon, Madagascar, Paraguay, Senegal, Sierra Leone, Singapore, Sri Lanka and The Russian Federation.

Related links - Galexia’s publications on the Convention:

Consumer Action Law Centre publish Galexia's Trade Practices Act Public Benefit Report - September 2007

Related Galexia services and solutions

The Consumer Action Law Centre (CALC) has now published the Galexia-written report focussing on defining the ‘public benefit’ in Part VII of the Trade Practices Act 1974 (Cth). It was completed as part of a project to identify weaknesses in the way in which the public benefit test is currently applied under the Act and to propose solutions that will ensure that consumers receive the protections they require when reductions in competition through mergers, acquisitions and collusions are considered. The report has a particular focus on the potential inclusion of social and environmental considerations in the public benefit test.

Part VII of the Trade Practices Act 1974 acknowledges that there are circumstances in which anti-competitive conduct will be permissible - where the detriment caused by the conduct is outweighed by other benefits to the public. The report examines the application of the public benefit test in both theory and practice, and makes recommendations aimed at improving consideration of the public benefit in authorisations.

Related links:

Galexia meets with Secretary of State to the Ministry of Commerce in Cambodia - September 2007

Related Galexia services and solutions

Galexia was asked to advise Cambodia on their draft E-Commerce Law during their visit to the country for Workshop W9. This was at the invitation of HE Pan Sorasak - Secretary of State to the Ministry of Commerce. The Secretary was an attendee at AADCP E-Commerce Project workshops (W3 and W5) in his former capacity as an Under-Secretary in the Cambodian Ministry of Posts and Telecommunications.

On Thursday 23 August 2007 Galexia travelled to Phnom Penh to meet with the Secretary and the team working on drafting Cambodia’s e-commerce legislation. Galexia held an initial meeting with the Secretary to discuss aid and development in Cambodia and the region more broadly - gaining insights into other work in the region being carried out by the International Telecommunications Union (ITU) and UN Conference on Trade and Development (UNCTAD).

Galexia briefed the E-Commerce law meeting on the overall AADCP E-Commerce Legal Infrastructure Harmonisation Project and on the workshop (W9) outcomes in Siem Reap. Galexia also provided specific feedback and advice on the draft Cambodian E-Commerce Law.

Cambodia Ministry of Commerce - August 23 From left to right: Sven Callebaut (UNCTAD), Yin Yanno, Tous Sapha, Kang Koy (Ministry of Commerce), Ban Lim (Nat. Bank of Cambodia), Chris Connolly (Galexia), H. E. Sorasak Pan (Ministry of Commerce), Srey Siyout (Nat. Bank of Cambodia), H. E. Mao Thora (Ministry of Commerce), Francis Vierboom (Galexia), Peter van Dijk (Galexia)
Cambodia Ministry of Commerce - August 23 From left to right: Kang Koy (Ministry of Commerce), Srey Siyout (Nat. Bank of Cambodia), H. E. Mao Thora (Ministry of Commerce), H. E. Sorasak Pan (Ministry of Commerce), Chris Connolly (Galexia), Peter van Dijk (Galexia), Sven Callebaut (UNCTAD), Tous Sapha (Ministry of Commerce)

Related links:

Galexia's commentary on the UN Convention on Electronic Contracting documents - September 2007

Related Galexia services and solutions

From the 29th to the 31st of August, an international conference on the United Nations Convention on the Use of Electronic Communications in International Contracts (UNECIC) was held in Hanover, Germany.

The UNECIC conference was aimed at analysing and interpreting the text of the new UN ECIC-Convention and promoting its application.

Chris Connolly addressed the conference on two broad issues:

1) The Scope and Exclusions of the Convention (Articles 2, 3, 19 and 20) as they stand; and

2) Using the Convention to Harmonise the domestic regulation of Electronic Contracting (including a practical case study on the Association of South East Asian Nations (ASEAN) E-Commerce Project).

A paper is now available, which outlines the scope and exlcusions of the convention. This is an early working draft of the final conference paper, intended for future revision and publication in a book on the Convention (Kluwer, mid 2008). Commentary on the document is welcome, and can be emailed to consult@galexia.com.

Related links:

External links:

Data retention by search engines and Australian privacy law - August 2007

Related Galexia services and solutions

Galexia Consultant, Sarah Andrews has recently written an article looking at the data retention regimes of search engines, and their effects under Australian privacy law.

Recent months have seen Google, the world’s most popular search engine, at the centre of controversy concerning the length of time it retains records of its users’ search queries. This is not the first time the practices of search engines have hit the headlines or attracted privacy watchdogs’ attention. Nor is Google alone among search engines in retaining users’ search queries for extended periods. The Google case does, however, provide a very useful illustration of the significance of data protection concerns raised by the retention of data on past searches and the importance for search engines of implementing robust privacy policies and practices.

The article, published in Volume 4 of the Privacy Law Bulletin, examines these issues from the perspective of Australian privacy law and suggests steps that search engines can take to ensure compliance with the law and promote trust among users.

Related links:

Land rights in virtual worlds - August 2007

Related Galexia services and solutions

In August 2007, the State of Play V: Building the Global Metaverse conference was held in Singapore. Jointly organized by Harvard Law School, Yale Law School, New York Law School, Trinity University, and Nanyang Technological University in Singapore, this global conference on ‘virtual worlds’ invited experts across disciplines to discuss the future of cyberspace and the impact of these new immersive, social online environments on education, law, politics and society. The hallmark of the conference was its multi-disciplinary perspective.

Professor Yee Fen Lim spoke at the State of Play V conference on the topic of Space, Place and Culture focusing on the concept of land in Second Life, a highly topical issue due to the Bragg v Linden litigation currently on foot in the US.

Yee Fen also ran a Workshop on Law and Regulation at the State of Play V conference with colleagues from CAPTEL, Nanyang Business School.

Both Yee Fen’s paper and Workshop were reported in the press.

External links:

UN Electronic Communications in International Contracts Convention in Hanover, Germany - August 2007

Related Galexia services and solutions

From the 29th to the 31st of August, an international conference on the United Nations Convention on the Use of Electronic Communications in International Contracts (UNECIC) was held in Hanover, Germany.

The UNECIC conference was aimed at analysing and interpreting the text of the new UN ECIC-Convention and promoting its application.

Chris addressed the conference on two broad issues:

1) The Scope and Exclusions of the Convention (Articles 2, 3, 19 and 20) as they stand; and

2) Using the Convention to Harmonise the domestic regulation of Electronic Contracting (including a practical case study on the Association of South East Asian Nations (ASEAN) E-Commerce Project).

Related links:

External links:

Ninth ASEAN E-Commerce workshop held in Siem Reap, Cambodia - August 2007

Related Galexia services and solutions

On the 20th of August 2007, the ninth ASEAN Workshop on E-Commerce was held in Siem Reap, Cambodia.

This Workshop (W9) had a focus on Phase 3 of the Project, Mutual Recognition of Digital Signatures, and on building an ASEAN Digital Signature Strategy. The Workshop discussed strategy and implementation issues.

The development of an ASEAN Digital Signature Strategy will assist ASEAN countries in addressing the legal, policy, technical and infrastructure issues needed to develop common methods for mutual recognition of digital signatures. It will assist those countries with legal infrastructures to make necessary adjustments and provide direction for those countries yet to implement an infrastructure.

The Workshop was also run in parallel to of the 8th ASEAN Telecommunications and IT Senior Officials Meeting (8th TELSOM) and the 7th ASEAN Telecommunications and IT Ministers Meeting (7th TELMIN).

Cambodia Strategy Meeting (W9) - August 20 Back Row: Peter van Dijk (Galexia), Amir Suhaimi Hassan (Malaysia), Harme Mohamed (Malaysia), Riki Arif Gunawan (Indonesia), Than Htun Aung (Myanmar), Chris Connolly (Galexia), Vu Chi Kien (Vietnam), Lee Hooi Teck (Malaysia), Troeng Douma (Cambodia) Front Row: Dr Ajin Jirachiefpattana (Thailand), Maw Maw Aye (Myanmar), Lin Ah Tin (Malaysia), Patricia M. Abejo (Philippines), (Vietnam), Bui Thi Ngoc Khanh (Vietnam), Somlouay Kittignavong (Laos)
Cambodia Strategy Meeting (W9) From left to right: Than Htun Aung (Myanmar), Patricia M. Abejo (Philippines), Amir Suhaimi Hassan (Malaysia), Peter van Dijk (Galexia), Bui Thi Ngoc Khanh (Vietnam), Vu Chi Kien (Vietnam), Mima Sefrina (ASEC), Riki Arif Gunawan (Indonesia), Somlouay Kittignavong (Laos), Harme Mohamed (Malaysia)
Cambodia Strategy Meeting (W9) - August 20 The workshop lunch: Mima Sefrina (ASEC), Maw Maw Aye (Myanmar), Patricia M. Abejo (Philippines)
Cambodia Ministry of Commerce - August 23 From left to right: Sven Callebaut (UNCTAD), Yin Yanno, Tous Sapha, Kang Koy (Min. Comm), Ban Lim (Nat. Bank of Cambodia), Chris Connolly (Galexia), H. E. Sorasak Pan (Min. Comm), Srey Siyout (Nat. Bank of Cambodia), H. E. Mao Thora (Min. Comm), Francis Vierboom (Galexia), Peter van Dijk (Galexia)

Related links:

Internet and E-commerce Law - August 2007

Internet and E-commerce Law: Technology, Law and Policy: Contents

1. Internet Law & Cyberspace Regulation
2. Jurisdiction
3. Content Regulation
4. Copyright
5. Patents
6. Domain Names
7. E-Contracts
8. Authentication - Authored by Yee Fen Lim
9. E-Taxation
10. Privacy - Co-authored by Yee Fen Lim
11. Cyber crime - Authored by Yee Fen Lim
12. Intermediary Liability
13. Digital Rights, Digital Surveillance, E-Security & E-Government
14. Future Directions

Professor Yee Fen Lim, a senior consultant at Galexia, is the co-author of Internet and E-commerce Law: Technology, Law and Policy published in August 2007.

The focus of the book is the regulatory framework of the Internet and e-commerce. Yee Fen’s contributions offer a detailed analysis of authentication, privacy and Cybercrime that are extensive, and up to the minute.

External links:

OECD issues new Recommendation on Consumer Dispute Resolution and Redress - August 2007

Related Galexia services and solutions

The Organisation for Economic Cooperation and Development (OECD) has issued a new Recommendation on Consumer Dispute Resolution and Redress. Adopted by the OECD Council on 12 July 2007, the Recommendation aims to ensure that consumers have access to swift and effective mechanisms to resolve complaints and obtain compensation when transactions with businesses go wrong.

Although the Recommendation applies to all forms of commerce, a major impetus behind its development was to address consumer complaints arising from e-commerce. OECD governments recognised that if they are to take full advantage of the global digital marketplace, consumers need to be confident that they will be able to resolve complaints with businesses online and in other countries.

The Recommendation calls on member countries to update their dispute resolution and redress systems so that they better respond to the varying nature of consumer complaints. Specifically, it identifies three different categories of mechanisms to be included in domestic frameworks - mechanisms for consumers to act individually; mechanisms for consumers to act collectively; and mechanisms for the government to obtain redress for consumers. It then sets out goals to ensure that these mechanisms are more accessible and effective in cross-border cases. The Recommendation also includes provisions on complementary measures that can be taken by the private sector to help consumers resolve disputes efficiently and at the earliest possible stages.

In Australia, the adequacy of existing dispute resolution mechanisms and redress provisions will be reviewed by the Productivity Commission as part of its inquiry into the national consumer policy framework. The final results of the inquiry are due to be released in December 2007.

External links:

Galexia presents final digital signature strategy to Law Society of NSW - July 2007

Related Galexia services and solutions

  • Identity Management and Authentication - Strategic Consulting. Read more »
  • Identity Management and Authentication - Technical Consulting. Read more »
  • Specialised Legal and Regulatory Consulting. Read more »
  • Issues Management: Public and Stakeholder Consultations. Read more »

Galexia has presented a digital signature strategy to the Law Society of NSW’s Legal Technology Committee.

The project was an extension of work completed by Galexia in 2005, and involves the development of a strategy of the Law Society’s potential use of digital credentials. Galexia’s role is to ensure that policies are compatible with current best practices in PKI and the recent Gatekeeper reforms.

Related links:


Galexia writes chapter in Information Economy Report 2007 for UNCTAD - July 2007

Related Galexia services and solutions

Galexia has been commissioned by the United Nations Conference on Trade and Development (UNCTAD) to write a chapter in the Information Economy Report 2007. Galexia’s chapter presents a case study on the ASEAN E-Commerce Project - a major 4-year project to assist the ten Member Countries of the Association of South East Asian Nations develop and implement a harmonised e-commerce legal infrastructure. The E-Commerce Project is funded by the ASEAN Australia Development Cooperation Program (AADCP).

The experience of the ASEAN Member Countries in the E-Commerce Project may be helpful for developing countries formulating their own e-commerce legislation and beyond this, developing a comprehensive legal infrastructure, including regulations, standards, training and education.

The Information Economy Report is to be published in October 2007.

Related links:


Galexia completes initial PIA for the Department of Defence - June 2007

Related Galexia services and solutions

  • Specialised Legal and Regulatory Consulting. Read more »
  • Privacy Management Lifecycle: Our Privacy Products and Services. Read more »

Galexia has completed an initial Privacy Impact Assessment (PIA) for the Australian Department of Defence. This PIA - on the JP2099 Program - is in accordance with the Privacy Impact Assessment Guide issued by the Office of the Privacy Commissioner.

The broad purpose of this PIA was to provide a description and assessment of the personal information flows that are expected to occur for the JP2099 Identity Management Capability, assess the potential privacy legal issues and privacy perception issues that arise from the identified flows, and the Capability as a whole, and assess the impact these issues may have on the privacy of individual’s personal information. This is an initial PIA based on an assessment of an initial set of business processes that have been developed to support the proposed Capability.

External links:


OECD issues Recommendation and Guidance on Electronic Authentication - June 2007

Related Galexia services and solutions

  • Identity Management and Authentication - Strategic Consulting. Read more »
  • Identity Management and Authentication - Technical Consulting. Read more »
  • Specialised Legal and Regulatory Consulting. Read more »

On the 12th of June 2007, the OECD Council adopted a new Recommendation on Electronic Authentication. The Recommendation recognises the role that electronic authentication can play in developing trust in online transactions by providing certainty and strengthening protection of information security and individuals’ personal data. It calls on member countries to: work towards “technology-neutral” approaches for authentication in both domestic and cross-border contexts; foster the development, deployment and use of sound electronic authentication mechanisms that meet privacy and security needs; encourage compatibility and interoperability of authentication schemes as a means to facilitate cross-sectoral and cross-jurisdictional use; and raise awareness, including among non-members, of the benefits of the use of electronic authentication. The Recommendation is specifically aimed at “electronic authentication of persons and entities” as opposed to authentication of the validity of documents or electronic signatures.

The Recommendation is accompanied by a Guidance document, defining a set of ‘Foundation’ and ‘Operational’ Principles for the use and implementation of authentication mechanisms. The Foundation Principles identify security, privacy, and risk management goals and establish that the roles and responsibilities of different participants in the authentication process should be proportionate to their degree of knowledge and control. The Operational Principles address issues of usability, fitness for purpose, education, disclosure, complaints handling, audits and assessments, cross-jurisdictional recognition and interoperability, and standards.

External links:


Galexia attends the second APEC Privacy Seminar in Cairns - June 2007

Related Galexia services and solutions

In June 2007, Sarah Andrews, Chris Connolly and Peter van Dijk attended the 2nd APEC Privacy Seminar in Cairns. The APEC Data Privacy Seminar brought together governments, regulators, supervisory authorities, business and consumers of APEC economies to explore the practical mechanisms to facilitate the responsible and accountable transfer of personal information across international borders.

Following on from the first seminar in Canberra in January 2007, the seminar looked at:

Related links:

Review of the EU Directive on Electronic Commerce - June 2007

Related Galexia services and solutions

The E-Commerce Directive was intended to provide a general framework for electronic commerce laws, and thereby to increase confidence in e-commerce. It imposed mandatory requirements on member states, and led to greater harmonisation of relevant laws. This byte discusses several of the perspectives on the Directive as its next mandatory review approaches.

The byte was published in Volume 10, No 3 of the Internet Law Bulletin (June 2007).

Related links:


Sarah Andrews joins Galexia - June 2007

Galexia would like to welcome Sarah as a Senior Consultant.

Previously, she worked at the Organisation for Economic Co-operation and Development (OECD) in Paris, where she co-ordinated the work of the Committee on Consumer Policy. A primary focus of her work was on promoting consumer trust in the global marketplace through better access to dispute resolution and redress mechanisms and increased enforcement co-operation against cross-border fraud.

Sarah also spent 3 years as Research Director for the Electronic Privacy Information Center (EPIC) in Washington, DC where she specialised in international developments in privacy law and policy.

Sarah holds a Bachelor of Laws degree (Hons) from University College Cork, Ireland and a Masters of Laws in International Legal Studies (Distinction) from Georgetown University Law Center, Washington DC, US. She is licensed to practice law in New York State, US.


Galexia publishes article on recent developments in internet jurisdiction - May 2007

Prashanti Ravindra has recently published an article detailing recent developments in the realm of Internet jurisdiction.

Traditionally, questions of jurisdiction are answered based on the territoriality, but this approach has proved problematic in online contexts, where transactions occur freely across national boundaries.

This article examines three recent cases in which courts have considered the problems of Internet jurisdiction: the order of the French Tribunal de Grande Instance de Paris against Yahoo! Inc for its online auctioning of Nazi artifacts and memorabilia in Association Union des Etudiants Juifs de France v Yahoo! and the ensuing chain of actions in the US over whether US courts could exercise jurisdiction over the French parties; an order by a US district court against a UK anti-spam organisation in e360 Insight v The Spamhaus Project; and the assertion of jurisdiction of a Michigan court over a New York defendant who contracted with a Michigan resident.

The article was published in Volume 10, No 1 of the Internet Law Bulletin (May 2007).

Related links:


The Telecommunications (Interception) Amendment Act 2006 - May 2007

Related Galexia services and solutions

Galexia Consultant Saira Ahmed has published an article detailing the recent amendments to the Telecommunications Act 1979 (Cth).

The amendments insert a warrant regime for access to stored communications held by a telecommunications carrier and enable interception of telecommunications of an innocent person known to communicate with a person of interest - known as ‘B-Party’ intercepts. This article discusses the main provisions of the Telecommunications (Interception) Amendment Act 2006 (Cth) and the controversy surrounding these amendments.

Implications of the amendments enable the Australian Security Intelligence Organisation (ASIO) and other law enforcement agencies to intercept telecommunications of third parties including emails, SMS and voicemail messages. These provisions are naturally significant for lawyers advising clients on cooperation with law enforcement authorities in relation to telecommunications, including emails.

The article was published in Volume 10, No 1 of the Internet Law Bulletin (May 2007).

Related links:


Galexia assists CHOICE with a joint submission to the 2007 Review of the Electronic Funds Transfer (EFT) Code of Conduct to ASIC - May 2007

Related Galexia services and solutions

Galexia assisted CHOICE with its submission regarding the 2007 review of the Electronic Funds Transfer (EFT) Code of Conduct, as conducted by the Australian Securities and Investment Commission (ASIC).

Among the major issues considered by Galexia were the liability of parties in electronic funds transactions, particularly with regard to Internet banking. The project involved detailed technical advice on authentication techniques for electronic transactions.

The Submission was prepared by Galexia. Guidance, input and comments were received from a small reference group consisting of representatives of CHOICE, the Consumer Action Law Centre, the Centre for Credit and Consumer Law, the Australian Privacy Foundation, the Consumer Credit Legal Centre (NSW), Care Inc. Financial Counseling Service and Consumer Law Centre of the ACT. Funding assistance was received from the Australian Securities and Investments Commission Consumer Advisory Panel (ASIC CAP).

Related links:


Galexia joins AGIMO Identity Management and Authentication Consultancy Services Panel - May 2007

Related Galexia services and solutions

The Australian Government Information Management Office (AGIMO) Identity Management and Authentication Consultancy Services Panel was formed in 2007 obtain specialist consultancy services relating to identity management and authentication. Galexia has been accepted onto the panel in four key areas of expertise.

AGIMO is a part of the Department of Finance and Administration, and works across government to maintain Australia’s position as a leader in the productive application of information and communications technologies (ICT) to government administration, information and services. AGIMO fosters the efficient and effective use of ICT by Australian Government departments and agencies.

The Identity Management and Authentication Consultancy Services Panel will be used by AGIMO to obtain:

Galexia’s services categories on this panel include:

Related links:

External links:

Eighth ASEAN E-Commerce workshop held in Vientiane, Laos - March 2007

Related Galexia services and solutions

On the 28 February - 2 March 2007, the eighth ASEAN Workshop on E-Commerce was held in Vientiane, Laos. This Workshop (W8) was a gathering of around 45 delegates and technical experts, including more than 40 from ASEAN member countries.

This Workshop (W8) had a training and capacity building focus. The Workshop discussed the project Implementation Guide and provide information and resources on implementation issues.

The objective of this Workshop was to facilitate implementation of a harmonised legal infrastructure for e-commerce, including Online Contract Formation, Jurisdiction and Online Dispute Resolution, through the provision of training and guidance on the use of the Implementation Guide developed during the project, and the exchange of information between member country participants.

Workshop content included the following presentations and materials:

— Review and discussion of developmnts in member countries and international initiatives in electronic contracting,

— Training materials and worksheets.

Related links:


Galexia undertakes third extension to ASEAN E-Commerce Harmonisation work - April 2007

One of the key steps to be fulfilled in the e-ASEAN Framework Agreement[2] is that Member Countries will need to allow the mutual recognition of digital signatures across borders in ASEAN.

The new ASEAN E-Commerce Project (Phase 3) on the Mutual Recognition of Digital Signatures is designed to help ASEAN Member Countries develop a common strategy to meet this objective.

The development of an ASEAN Digital Signature Strategy will assist ASEAN countries in addressing the legal, policy, technical and infrastructure issues needed to develop common methods for mutual recognition of digital signatures. It will assist those countries with legal infrastructures to make necessary adjustments and provide direction for those countries yet to implement an infrastructure.

Five steps have been identified as necessary in the establishment of a harmonised legal framework covering mutual recognition of digital signatures in ASEAN:

This phase runs from April through to December 2007.

Related links:

Galexia at the Canberra APEC Data Privacy Seminar - January 2007

Related Galexia services and solutions

Downloads

On the 22-23rd January 2007, the First Technical Assistance Seminar on the APEC Privacy Framework was held at the National Convention Centre in Canberra. The meeting was a gathering of delegates from around the world to discuss the international implementation of the Framework, with a core focus on making compliance possible and enforcement credible when personal information moves between economies.

The Seminar allowed participants to discuss issues raised by the transfer of personal information in the APEC region. Cross-Border Privacy Rules were discussed as a potential mechanisms for business and APEC economies to put into place the privacy principles contained in the APEC Privacy Framework. A seminal point raised by the delegates on the use of Cross-Border Privacy Rules by business, was how they might provide certainty to their customers on how their personal information will be protected.

Galexia Director Chris Connolly spoke at the meeting, discussing the practical issues of achieving global compliance, particularly from a business perspective. Chris outlined and explored mechanisms that enable industry to meet business and consumer needs through accountable transfers of personal information across economies, whilst remaining consistent with the APEC Privacy Framework.

External links:

Second edition of 'Cyberspace Law: Commentaries and Materials' - January 2007

Cyberspace Law: Commentaries and Materials: Contents

1. Introduction

2. Jurisdiction

3. Electronic Contracting

4. Privacy and the Internet

5. Encryption

6. Electronic Signatures

7. Internet Crime

8. Internet Content Regulation

9. Copyright on the Internet

10. Trade Mark Law and the Internet

11. Patents

12. Massively Multiplayer Online Role-Playing Games

13. Uninvited Material

14. Internet Taxation

15. The Way Ahead

Yee Fen Lim, senior consultant at Galexia, has published a comprehensive revision of her Oxford University Press book, Cyberspace Law: Commentaries and Materials.

Cyberspace Law brings the complex legal issues of the Internet to both law students and practitioners. With a foreword by the Honourable Justice Gummow AC QC of the High Court of Australia, the book reflects recent changes in legislation, providing a detailed study of this fast moving field of law. It covers new technological developments as well as recent changes in legislation.

Cyberspace Law has been adopted by numerous universities around the world as the definitive textbook on cyberspace laws, providing expert commentary on cases and legislation in all areas of e-commerce, internet and technology law.

External links:

Gatekeeper reforms published - October 2006

In late September 2006, the Australian Government Information Management Office (AGIMO) released amended documentation for the Gatekeeper PKI Framework. This documentation was developed in conjunction with Galexia in order to govern the use of PKI in government for the authentication of external clients. The strategy provides a whole-of-government framework that delivers integrity, interoperability, authenticity and trust for agencies and their clients. The strategy is underpinned by a standards-based, technology neutral accreditation program for issuers of digital certificates.

This project included a mixture of strategic, technical, security and legal advice. Gatekeeper is considered to have provided only limited success in Australia, and the reform of Gatekeeper is designed to enable the production of new, flexible digital certificate categories and the removal of compliance burden and paperwork for PKI service providers. Legal and privacy issues were also reviewed to ensure greater certainty and simplicity.

External links:

Galexia hosts 7th ASEAN Workshop on E-Commerce in Brunei - September 2006

On the 9-11th of September 2006, the seventh ASEAN Workshop on E-Commerce was held in Brunei. The Brunei Workshop (W7) was a gathering of around 30 delegates and technical experts, including more than 20 from ASEAN member countries. Galexia hosted the workshop and provided expert presentations and materials.

Workshop content included the following presentations and materials:

— Report on proceedings at the Working Group meeting in Manila on 29 May 2006;

— Review and discussion of developments in member countries and international initiatives in electronic contracting, jurisdiction and online dispute resolution legal infrastructure;

— The contents of the Draft Framework Document (FD). The FD will contain options for a common framework for harmonised legal infrastructure for electronic contracting, jurisdiction and online dispute resolution; and

— Discussion and confirmation of steps required to achieve consensus on a preferred Option for harmonisation in ASEAN.

The objective of this Workshop (W7) was to help ASEAN and the Galexia E-Commerce Project team to finalise the content of the Framework Document (FD) and develop a recommendation to the ASEAN Working Group on E-Commerce and ICT Trade Facilitation.

Related links:

Online Dispute Resolution - August 2006

Related Galexia services and solutions

Galexia has recently published an article as part of the ASEAN E-Commerce Project. The article canvasses the various legal issues in the field of Online Dispute Resolution (ODR). ODR involves using online technologies to facilitate the resolution of various types of disputes that arise from electronic transactions - in much the same way that generic dispute resolution does in the offline realm. The article explores different ODR methodologies currently used in cyberspace. It also highlights the importance of ODR as a means of engendering consumer confidence in the online medium, thereby facilitating a growth in the number of people that engage in e-commerce.

Related links:

Galexia to help develop the Singapore National Authentication Framework - August 2006

Related Galexia services and solutions

  • Identity Management and Authentication - Technical Consulting. Read more »
  • Identity Management and Authentication - Strategic Consulting. Read more »
  • Issues Management: Public and Stakeholder Consultations. Read more »

The Infocomm Development Authority of Singapore (iDA) is spearheading a National Authentication Framework (NAF) programme under their 10 year Intelligent Nation Masterplan. NAF aims to implement a nationwide infrastructure for strong authentication through the development of appropriate business, technical and operational frameworks. A NAF steering committee and four NAF sub-committees (Finance, Telecommunications, Government and Technical) comprising of industry captains and government agencies will provide sponsorship and inputs to the developmental works under NAF.

Galexia has been chosen as a member of a consortium (also including KPMG, Baker & McKenzie, Wong & Leow and Biometix) to drive and guide the establishment of the NAF. As such Galexia’s work entails the proposal of a model to deploy the NAF, and to develop 4 supporting components that are needed to realise the deployments:

Related links:

Galexia provides privacy compliance advice to Fidelity International - August 2006

Related Galexia services and solutions

Galexia has been providing privacy compliance advice to the Risk, Security and Business Continuity division of Fidelity International, including advice to their Hong Kong, Japan, Korea, Singapore, Sydney and Taiwan offices. This project will assist Fidelity manage their domestic and international privacy compliance requirements.

Related links:

Galexia examines best practice privacy management for public registers in Australia - July 2006

Related Galexia services and solutions

Galexia has recently been commissioned by RP Data to complete a report to examine the best practice privacy management for public registers in Australia.

Specifically, the paper includes the following:

Related links:

Galexia reviews identity management paper for South Australian Chief Information Officer - July 2006

Related Galexia services and solutions

  • Identity Management and Authentication - Strategic Consulting. Read more »
  • Issues Management: Public and Stakeholder Consultations. Read more »

Galexia has won a successful bid to review a position paper developed by the South Australian Office of the Chief Information Officer. The paper, on Identity and Access Management (IAM) for the South Australian Government, is a pre-cursor for the planned development of an IAM Framework for all of South Australia.

Related links:

Galexia to conduct analysis of e-commerce legal infrastructure in Malaysia - July 2006

Related Galexia services and solutions

  • Issues Management: Public and Stakeholder Consultations. Read more »
  • Privacy Management Lifecycle: Our Privacy Products and Services. Read more »

Galexia is assisting the Commonwealth Department of Communications, Information Technology and the Arts (DCITA) in preparing a Malaysia - Australia E-Commerce Legal Infrastructure Analysis. The report will be of assistance in the development of the relationship between Malaysia and Australia in a number of areas - at a time when Malaysia and Australia are negotiating a Free Trade Agreement (FTA) that contains a chapter on E-Commerce. Malaysia and Australia also have an ongoing interest in the harmonisation of electronic commerce legal infrastructure. Specifically, the document is a coverage analysis of selected areas of E-Commerce Legal Infrastructure in Australia and Malaysia.

Related links:

UN Convention on the Use of Electronic Communications in International Contracts comes into force - July 2006

Related Galexia services and solutions

Related Galexia news articles

  • Galexia’s article about the UN Convention on Electronic Contracting published in the Computer Law & Security Report Read more »

Galexia has written an article outlining how and when the United Nations Convention on the Use of Electronic Communications in International Contracts 2005 (the UN Convention on Electronic Contracting) will come into force. The Convention aims to improve the legal certainty and commercial predictability of electronic contracts. This is achieved through a number of provisions in the Convention, including those which establish the functional equivalence of electronic communications and signatures with their paper-based counterparts and those which set rules to assist in determining when and where an electronic communication has been sent and received.

The Convention was adopted by the UN General Assembly in November 2005 and has since received six signatories. A number of important economies have been quick to sign and endorse the Electronic Contracting Convention and it appears that it will play a significant role in shaping global e-contracting law.

Related links:

Sixth ASEAN E-Commerce workshop in Manila - May 2006

Related Galexia services and solutions

The sixth ASEAN Workshop on E-Commerce was held in Manila from 27-28th May 2006. It was a gathering of around 32 delegates (including more than 27 from ASEAN, 3 from ASEC, 1 from AADCP and 1 expert speaker) and technical experts to discuss many important aspects of the ASEAN E-Commerce Project. Most prominently discussed were the topics of:

The objective of this Workshop was to introduce project participants to the objectives and activities of the one-year project extension to consider Online Contract Formation and Online Dispute Resolution. The Workshop confirmed the scope of the project extension and facilitated liaison between the project and the ASEAN Working Group on E-commerce and ICT Trade Facilitation (Working Group). The Working Group also met in Manila on Monday 29 May 2006 at the same venue.

Workshop content included:

The Workshop was facilitated by the Manila based Cyberspace Policy Centre for Asia-Pacific (CPCAP) and Galexia. The Executive Director of CPCAP, Claro V Parlade arranged for the workshop to be opened by Mr Angelo Timoteo M. Diaz de Rivera (Commissioner of e-Government Development).


W6 - Day 1: Iwan Gunawan (ACIL), Claro Parlade (Philippines), Timoteo Diaz de Rivera (Philippines), Chris Connolly (Galexia), Peter van Dijk (Galexia) and Honorio R. Vitasa (ASEC) EC-ITF Working Group Meeting: Peter van Dijk (Galexia), Ambalagan K (Chairman), Chris Connolly (Galexia) and Honorio R. Vitasa (ASEC)
W6 - Day 2: Honorio R. Vitasa (ASEC), Chris Connolly (Galexia), Ky Anh Nguyen (ASEC) and Mega Irena (ASEC) W6 - Day 2: Mega Irena (ASEC), Claro Parlade (Philippines), Maw Maw Aye (Myanmar), Khin Htwe Myint (Myanmar), Chris Connolly (Galexia) and Do Xuan Minh (Vietnam)

Related links:

Galexia to help develop the Australian Government e-Authentication Framework for Individuals (AGAFI) - April 2006

Related Galexia services and solutions

Galexia has recently won a competitive tender to work with the Department of Finance and Administration to conduct consultancy services for the Australian Government e-Authentication Framework for Individuals (AGAFI). The project will involve the provision of strategic advice, and the provision of a Privacy Impact Assessment (PIA) and Privacy Management Strategy (PMS) documentation for publication.

Galexia will also undertake investigation and report on technical approaches to protecting privacy in online transactions, known as Privacy Enhancing Technologies (PETs). This will incorporate assessments of the potential for PETs to enhance the uptake of online services, including their effectiveness, their maturity as protocols, implementation issues such as barriers to implementation, interoperability between these protocols and usability.

The documents will also look to investigate and report on the legal liability implications of government agencies relying on the evidence of identity and other identity management processes of other agencies and non-government organisations such as banks and financial institutions. Galexia’s work will incorporate the examination of best practice governance arrangements for the framework including an examination of current implementations in other national and international jurisdictions.

This project is an extension of previous Galexia work for AGIMO, and is a joint undertaking with Doll Martin Associates.

Galexia to help complete the Gatekeeper Public Key Infrastructure Framework for AGIMO - April 2006

Related Galexia services and solutions

Following a competitive tender, the Department of Finance and Administration has selected Galexia to undertake consultancy services relating to the Gatekeeper PKI Framework.

The Gatekeeper Strategy governs the use of PKI in government for the authentication of external clients. The strategy provides a whole-of-government framework that delivers integrity, interoperability, authenticity and trust for agencies and their clients. The strategy is underpinned by a standards-based, technology-neutral accreditation program for issuers of digital certificates.

The Framework is aimed at making the application of PKI less complex and more affordable for businesses and government agencies. It better aligns the Gatekeeper Strategy with the way governments and businesses conduct their day-to-day activities. The Framework introduces new categories of digital certificates for Organisations and Individuals.

More information about the Gatekeeper PKI Framework can be found at http://www.agimo.gov.au/infrastructure/gatekeeper.

Galexia will be working with the Australian Government Information Management Office (AGIMO), who works across government to maintain Australia's position as a leader in the productive application of information and communications technologies (ICT) to government administration, information and services.

Galexia will also work with both the Department of Finance and members of other specific working groups established by the Gatekeeper Policy Committee to deliver an operational Gatekeeper PKI Framework by 30 June 2006.

External links:

The UN Convention on Electronic Contracting - March 2006

Related Galexia services and solutions

Related Galexia news articles

  • UN Convention on the Use of Electronic Communications in International Contracts to come into force Read more »

Published

  • Computer Law & Security Report, volume 22, issue 1, 2006, pages 31-38

Read the full text of the article from the Galexia website »

An update on the UN Convention on Electronic Contracting is available from the Galexia website:

Galexia’s article on the UN Convention on electronic contracting by Chris Connolly and Prashanti Ravindra has now been published in the Computer Law and Security Report. The Computer Law and Security Report is a journal dedicated to covering key developments in IT law and security.

The UN Convention seeks to enhance the legal certainty and commercial predictability of international electronic transactions by setting out a number of interpretive rules for the use of electronic communications in negotiating and forming contracts. The paper discusses the main provisions of the Convention and the impact of the Convention on the legal rules surrounding electronic contracting.

The final draft of the UN Convention is available as an annex to the UNCITRAL Report of its 38th Session at: <http://www.uncitral.org/uncitral/en/commission/sessions/38th.html>.

This article was first published in Computer Law & Security Report, 22 (2006) 31-38 <http://www.sciencedirect.com/science/journal/02673649>.

Related links:

Galexia conducting Preliminary Privacy Impact Assessments (PIAs) on Healthcare Provider Identifier (HPI) and Individual Healthcare Identifier (IHI) for National E-Health Transition Authority (NEHTA) - February 2006

Related Galexia services and solutions

Following a competitive tender, the National E-Health Transition Authority (NEHTA) has asked Galexia to contribute the development of a secure, interoperable e-health environment in Australia. The project involves the development of two different types of healthcare identifiers. As such, Galexia’s primary role is the development of two preliminary Privacy Impact Assessments (PIAs) to examine and document potential privacy concerns.

External links:

Galexia to assist in further harmonisation of ASEAN electronic commerce - February 2006

Related Galexia services and solutions

Galexia has won a competitive tender for a groundbreaking one-year project that will further streamline electronic commerce in South East Asian nations.

The project is an extension of a previous Galexia project to develop and implement a harmonised legal infrastructure for electronic commerce in ASEAN (Association of South East Asian Nations: Brunei Darussalam, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam). This project extension will focus on harmonising electronic contracting and Online Dispute Resolution legal infrastructures in the region.

The goal of the project is to assist ASEAN to integrate into one market for goods, services and investment by the establishment of a harmonised legal, regulatory and institutional environment for electronic contracting and dispute resolution. The development and implementation of harmonised legal infrastructures for electronic contracting and dispute resolution will facilitate the development of e-commerce by providing users with common methods for completing electronic contracting steps, and a common framework for resolving electronic commerce disputes.

The project will produce the following outputs:

This project is funded by the ASEAN Australia Development Cooperation Program (AADCP) - Program Stream. AADCP is funded by the Australian Government, through AusAID and implemented in close collaboration with the ASEAN Secretariat and is managed by Cardno Acil Pty Ltd.

Related links:

Galexia publishes case note on WL v La Trobe University case - February 2006

Related Galexia services and solutions

Galexia has written a case note on the recently decided Victorian Civil and Administrative Tribunal decision, WL v La Trobe University.[3] The case examines what personal information can be collected and stored in order to come within the definition of personal information under the Information Privacy Act 2000 (Vic). The case note examines the facts and the decision of the case, as well as the implications for information handling after the decision.

This is a key decision as it is the most detailed consideration of the definition of ‘personal information’ in Australian privacy laws to date. For more information on the impact of this decision on your organisation, contact Galexia.

In completing this case note, Galexia has used the opportunity to examine various areas of privacy law, including freedom of information, the de-identification of personal data and the specific area of personal health information.

Related links:

Galexia publishes plain language guide to cyberlaws - January 2006

Related Galexia services and solutions

As part of an analysis of cyberlaws coverage in ASEAN (the Association of South East Asian Nations), Galexia has written a paper which looks closely at the following aspects of online-laws:

Related links:

Galexia expands work with Law Society of NSW and Commonwealth Department of Industy, Tourism and Resources (DITR) - January 2006

Related Galexia services and solutions

  • Specialised Legal and Regulatory Consulting. Read more »
  • Identity Management and Authentication - Technical Consulting. Read more »
  • Identity Management and Authentication - Strategic Consulting. Read more »

As part of work completed in 2005; and continuing in 2006, Galexia is working closely with the Law Society of NSW and the Commonwealth Department of Industy, Tourism and Resources (DITR) to develop policies, procedures and documents for a pilot of the Law Society’s digital credentials. Galexia’s role in the project is to ensure that policies are compatible with current best practices in public key infrastructure (PKI) and proposed Gatekeeper reforms.

The project is a timely consideration of digital identity for lawyers and considers:

Related links:

Galexia to develop Privacy Impact Assessment (PIA) for Government employees in Australia - January 2006

Related Galexia services and solutions

Galexia has won a competitive tender to work with AGIMO, the Australian Government Information Management Office to conduct a Privacy Impact Assessment (PIA) on their Identity Management for Government Employees (IMAGE) Framework. AGIMO, the governmental arm that deals with the delivery of public services by utilising ICT, aims to provide infrastructure, protocols, policy and work practices that will allow government agencies to efficiently manage the identities of their employees and contractors.

As well as a PIA, Galexia will be working closely with AGIMO to develop a Privacy Management Strategy (PMS) for IMAGE to provide a consistent, transparent identity management system across the Australian Government public services sector.

The goal of this project and resulting framework is to build trust across agencies and facilitate confidence in the associated identification credentials.

Related links:

AUSTROADS engages Galexia for a risk management framework on national vehicle database - January 2006

Related Galexia services and solutions

Galexia has been commissioned to assist the association of Australian and New Zealand road and transport authorities (AUSTROADS), with a proposed expansion of third-party access to information held in the National Exchange Of Vehicle And Driver Information System (NEVDIS) database. Galexia’s role is to provide strategic privacy advice and a risk management framework. This project is an extension of previous Galexia work for AUSTROADS, and is a joint undertaking with Doll Martin Associates.

Related links:

Galexia complete Cyberlaws Survey in ASEAN - January 2006

Related Galexia services and solutions

Galexia has completed a review of cyberlaws in ASEAN which presented data and examined the coverage of cyberlaws in ASEAN. The Cyberlaws Analysis supports material published as part of the ASEAN E-Commerce Project and provides information on existing and planned cyberlaw developments in ASEAN member countries. This paper has been created to assist ASEAN understand how e-commerce law ‘fits in’ to the broader context of cyberspace laws.

This analysis is also designed to assist the ASEAN E-Commerce and ICT Trade Facilitation Working Group in its consideration of the cyberlaw needs of ASEAN. It examines cyberlaws that have been enacted in all ASEAN member countries, both from an ASEAN-wide perspective and on a county-by-country basis and contains a number of conclusions and findings on the status of cyberlaw regulation in ASEAN.

The analysis examines the following cyberlaws, in each of the ASEAN jurisdictions:

Related links:

Fifth ASEAN E-Commerce harmonisation workshop in Singapore - December 2005

Related Galexia services and solutions

Continuing Galexia’s series of international workshops on the ‘Harmonisation of Legal Infrastructure for E-Commerce in ASEAN’ project, Galexia co-ordinated a fifth workshop (W5) in Singapore in December 2005. The workshop brought together high-level representatives from ASEAN member countries to facilitate the practical implementation of a harmonised e-commerce legal infrastructure in the region.

The workshop was attended by over 35 delegates from member countries throughout ASEAN, and a number of high-profile guest speakers. In facilitating the practical implementation of the harmonised e-commerce legal infrastructure, training and capacity building sessions were conducted on:

The UNCITRAL Convention on Electronic Contracting

A keynote presentation was made at the workshop by Mr. Jeffrey Chan Wah Teck, Principal Senior State Counsel, Civil Division Attorney-General's Chambers (AGC) Singapore. Jeffrey Chan is the current Vice-Chair and former Chair of the UNCITRAL General Assembly. He also chaired the UNCITRAL Electronic Commerce Working Group during the development of the UNCITRAL Convention on Electronic Contracting.

The presentation emphasised the salient features of the Convention, how the Convention alters existing international law, and the likely impact of the Convention. Skills emphasising practical considerations involved with implementing the Convention into domestic law were also developed in an interactive break-out session.

Guest Presenters at the Singapore Workshop (W5)

Guest presenters, Mr Ken Chia and Mr Kenneth Lim, were organised by Galexia to provide participants with first-hand knowledge of recent developments in APEC and the ASIA PKI Forum.

Mr Chia presented on the regional context of e-commerce laws including the need to keep e-commerce laws up-to-date through regular reviews of electronic transactions legislation.

Mr Lim’s presentation focused on the commercial deployment of PKI, including using PKI as a tool for trade facilitation.

The workshop was a highly successful conclusion to the project and delegates were provided with material that provided on going assistance in their efforts to integrate into a single online market.

This workshop marks the conclusion of a two year project conducted by Galexia to to assist ASEAN to integrate into one market for goods, services and investment by the establishment of a harmonised legal, regulatory and institutional environment for e-commerce. It will be followed by a one-year project extension that will assist ASEAN develop and implement harmonised legal infrastructures for electronic contracting and online dispute resolution


Guest Presenters and Galexians
(left to right) Peter van Dijk (Galexia), Ken Chia (Baker & McKenzie, Wong & Leow Lawyers, Singapore), Chris Connolly (Galexia) and Jeffrey Chan (Attorney-General's Chambers, Singapore)
Galexia presentation
Chris Connolly (Galexia) and Peter van Dijk (Galexia)
Galexia presents gift to guest presenter, Kenneth Lim
Chris Connolly (Galexia), Peter van Dijk (Galexia) and Kenneth Lim (CrimsonLogic, Singapore)
Guest presentation by Ken Chia
Ken Chia (Baker & McKenzie, Wong & Leow Lawyers, Singapore)

Related links:

AGIMO develops out e-Authentication Framework to individuals - December 2005

Related Galexia services and solutions

On the 5th of December 2005, the Special Minister of State, Eric Abetz announced the proposed extension of the Australian Government e-Authentication Framework to individuals. The original Framework was used to facilitate and manage the risks involved with the electronic transactions between business and government via the use of electronic authentication. It constituted a whole-of-government approach to managing these risks, as first acknowledged by the Australian Government Information Management Office (AGIMO). By extending AGAF to individuals, (hence AGAF(I)), simple transactions such as change of address or name could be spread throughout all government organisations from a central point without having to individually notify them all. It is hoped that the use of electronic channels would provide greater convenience to individuals and value for money for the community. As noted by AGIMO, the convenience of replacing multiple transactions with different agencies with one transaction is appealing, as long as individuals’ privacy is protected.

Whilst in the past, the Framework was limited to bilateral transactions between business and government, the roll-out to individuals is seen as a far more important and arguably from a privacy point of view, problematic extension. Issues such as function creep, the access or modification of personal information in transit, or the solicitation of personal information constitute a far greater risk when dealing with individuals. The sheer number of possible transactions and the ability to gain access to higher levels of personal information once simple information is found, either by way of brute force, or social engineering attacks increases security risks. This is also compounded when one takes into account the fact that individuals might be less vigilant when choosing or withholding passwords than a business may be. To counter these problems, in the lead up to the discussion paper AGIMO convened a Privacy Impact Assessment Consultative Group (consisting of privacy and public policy advocates) to explore privacy issues around e-authentication.

AGIMO has released a discussion paper in order to outline the proposal generally, as well as to inform the public of the their ability to share their views on the appropriateness of the framework. Issues such as user control, risk apportionment, infrastructure and potential services are also discussed. The paper also offers an interesting analysis of other e-authentication frameworks throughout out the world and compares and contrasts the salient privacy features of each. Among these are the Canadian Authentication principles, the New Zealand Policy and Implementation Principles for online authentication and the Microsoft Laws of Identity.

Related links:

Galexia presents at CSIRO Science Policy Workshop - November 2005

Related Galexia services and solutions

Galexia directors Peter van Dijk and Chris Connolly presented at the CSIRO Science Policy Workshop in Canberra in late November 2005. The Workshop is an annual event discussing potential links between CSIRO scientific research and Australian Government policy initiatives.

Galexia presented on privacy and ethical issues in human data research, accompanied by presentations from Dr Richard Head from CSIRO and Professor Donald Chalmers, Dean of the Faculty of Law at the University of Tasmania. Galexia’s topic ‘Privacy and Research’ looked at the common public perceptions of privacy in Australia and the impact these community perceptions may have on health research in the future.

Related links:

Galexia publishes article on the Montreux Declaration - November 2005

Related Galexia services and solutions

Privacy commissioners around the world have called for the United Nations to prepare a convention on data protection. The proposed convention will recognise the universal nature of data protection and privacy rights and will seek to overcome the inconsistencies and barriers to cross-border information exchanges created by inconsistent data protection regimes.

The proposals for a universal privacy convention were made following the 27th International Conference of Data Protection and Privacy Commissioners (Montreux, Switzerland, 14-16 September 2005).

The Montreux Declaration recognises the increasing cross-border context surrounding data exchange; the disparity in national and regional data protection regimes; and the protection of privacy as a fundamental human right and recommended the creation of a convention to strengthen the universal character of data protection principles.

This article includes detailed information about the Declaration and the proposal for an international convention. This article also considers other international and regional efforts aimed at promoting harmonisation of privacy laws and the potential impact of a UN data protection privacy convention.

Related links:

Galexia to publish article on the UNCITRAL Convention on Electronic Contracting - November 2005

Related Galexia services and solutions

Related Galexia news articles

  • UN Convention on the Use of Electronic Communications in International Contracts to come into force - July 2006 Read more »
  • Galexia’s article about the UN Convention on Electronic Contracting published in the Computer Law & Security Report - March 2006 Read more »

An article on the UNCITRAL Convention on electronic contracting by Chris Connolly and Prashanti Ravindra will soon be published in the Computer Law and Security Report. The article is due to be published in late 2005 or early 2006.

Related links:

Recruitment: We are looking for an Office Manager to join our team - August 2005

We are looking for a trusted team member to help with the administration of our business.

Applications closed on 2 September 2005.





CSIRO P-Health Flagship engages Galexia in analysis of privacy and trust issues in the use of health data in research - August 2005

Related Galexia services and solutions

Following a competitive tender, CSIRO engaged Galexia to analyse privacy and trust issues in the use of health data in research and in applications in clinical settings.

This analysis considers new technology products in the identity management and authentication space, including strategic advice on the commercialisation of products developed by CSIRO -- for example, Privacy Preserving Analytics (PPA).

This work is being undertaken for the CSIRO Preventative Health National Research Flagship. This Flagship Programme has recognised that the appropriate collection, linking, interrogation and management of data will play a vital role in facilitating healthier, more productive lives for Australians. However, the analysis of linked population, clinical and genetic health databases raises privacy, confidentiality, and potentially ethical concerns.

Related links:

Galexia commissioned to conduct a survey of ASEAN Cyberlaws - August 2005

Related Galexia services and solutions

Galexia has been commissioned to conduct a Survey of Cyberlaws in ASEAN and to produce a “gap analysis” which would be published as a report for member countries.

Potential Cyberlaws to be discussed include:

This project is funded by the ASEAN Australia Development Cooperation Program (AADCP) - Program Stream. AADCP is funded by the Australian Government, through AusAID and implemented in close collaboration with the ASEAN Secretariat and is managed by ACIL Australia Pty Ltd.

Related links:

Malaysian Minister announce new E-Commerce Laws at Galexia Workshop - July 2005

Related Galexia services and solutions

Continuing Galexia’s series of international workshops on the ‘Harmonisation of Legal Infrastructure for E-Commerce in ASEAN’ project, Galexia co-ordinated a fourth workshop in Malaysia in July 2005. The workshop brought together high-level representatives from ASEAN member countries to discuss the implementation of e-commerce legal harmonisation for the region.

The Malaysian Ministry for Domestic Trade and Consumer Affairs were the hosts for the workshop. The Minister (Hon. Datuk Shafie Apdal) opened the workshop and announced the progress of e-commerce and e-government legal infrastructure in Malaysia.

This event was well attended by the press and television. Following the opening address the Minister conducted a press conference and subsequently there was coverage in the newspapers and on television news.

Related links:

Fourth ASEAN E-Commerce harmonisation workshop in Malaysia - July 2005

Related Galexia services and solutions

Continuing Galexia’s series of international workshops on the ‘Harmonisation of Legal Infrastructure for E-Commerce in ASEAN’ project, Galexia co-ordinated a fourth workshop in Malaysia in July 2005. The workshop brought together high-level representatives from ASEAN member countries to discuss the implementation of e-commerce legal harmonisation for the region.

This Workshop was a gathering of around 35 delegates (including more than 31 from ASEAN, 2 from ASEC and 1 expert speaker) and technical experts to discuss many important aspects of the Project:

The objective of this Workshop (W4) was to help ASEAN and the Galexia E-Commerce Project team to further develop the content of the Generic Implementation Guide (GG1) and seek member country input and advise on the content and structure of the Country Specific Implementation Guides (CG1-10).

Workshop content included the presentation of material and updates on national, regional and international initiatives including an extended presentation on the final text of the UNCITRAL draft convention, and a detailed examination of the Generic Implementation Guide (GG1) and the Survey on Implementation Issues and Constraints for a Harmonised E-Commerce Legal Infrastructure in ASEAN (S2) results.

Related links:

Digital credentials for the legal profession - July 2005

Related Galexia services and solutions

Galexia won a competitive tender to provide business analysis, research and advice in the development of digital credentials for the legal profession in NSW and Australia.

This has been commissioned by the Law Society of NSW and the Commonwealth Department of Industry, Tourism and Resources (DITR).

Related links:

Presentation at Asia PKI Forum in Singapore - July 2005

Galexia Director, Chris Connolly, made a presentation to the quarterly meeting of the ASIA PKI Forum in Singapore. The meeting was well attended and Chris discussed various e-commerce legal issues, PKI interoperability and the ASEAN E-Commerce Project.

Workshop on 'Privacy Management Strategies for Local Government' - July 2005

Related Galexia services and solutions

Galexia delivered a presentation at the advanced workshop 'Privacy Management Strategies for Local Government'.

The presentation Managing Privacy Responsibilities: Privacy Impact Assessments outlined a number of issues and challenges in handling new technology from a privacy management standpoint. The presentation also delved into the management of privacy by looking closely at Privacy Impact Assessments (PIAs) and Privacy Management Strategy (PMS).

Related links:

Galexia publishes article on the US Real ID Act - June 2005

Related Galexia services and solutions

Identity fraud and identity theft are major issues in Internet regulation. They have become the major focus of cyber crime initiatives and debate. Legislation has recently been passed in the US that critics say will create a de facto national ID card. Backed by the REAL ID Act of 2005, the US will soon bring into place massive reforms to standardise driver’s licenses and personal identification cards, effectively paving the way for a system of national identification.

This article describes the key aspects of the US REAL ID Act and some of the controversy that has surrounded this proposal. The article concludes with an examination of the potential impact of this development in Australia.

Related links:

Patient privacy and security - June 2005

Related Galexia services and solutions

Chris Connolly, Elizabeth Denny-Wilson and Stephen Wilson will have an article published in the Journal of the Australian Epidemiology Association on ‘Patient Privacy and Security - Not a zero sum game!’. The article is due to be published in June 2005.

Related links:


Galexia participates in 2005 Australian Mission to the Asian Development Bank - March 2005

Galexia attended 2005 Australian Trade Mission to the Asian Development Bank in Manilla, Philippines in March 2005.

Related links:


Biometrics and Privacy - March 2005

Related Galexia services and solutions

Galexia has provided strategic privacy advice to a major government agency on the design and implementation of biometric identity solutions.

Related links:


Remaining legal barriers to the use of digital signatures in Australia - March 2005

Related Galexia services and solutions

  • Identity Management and Authentication - Technical Consulting. Read more »

Chris Connolly, Director of Galexia, presented to the Gatekeeper Policy Advisory Committee (GPAC) on “Remaining legal barriers to the use of digital signatures in Australia”. GPAC is made up of government agency directors and industry association representatives and advises the Australian Government Information Management Office on PKI.

Related links:


Galexia publishes article on PKI Interoperability - February 2005

Related Galexia services and solutions

As a vital aspect of e-commerce regulation and security, PKI policy analysis and development is one of Galexia’s core skills. But rather than touting PKI as a panacea for electronic systems all over the globe, Galexia appreciates that at this early stage only very specific markets have the need and desire to implement a PKI.

This article considers how PKI systems can advance from that ‘localised’ stage to become interoperable - where necessary - and enable the wide authentication that has been promised for so long. It looks at both the theoretical and more practical models that have been suggested as approaches to the problem.

Related links:


Third ASEAN E-Commerce harmonisation workshop in Cambodia - February 2005

Following on from the success of the previous workshops for the ‘Harmonisation of Legal Infrastructure for E-Commerce in ASEAN’ project in 2004, Galexia hosted a third workshop in Siem Reap, Cambodia in February 2005. The workshop brought together high-level representatives from ASEAN member countries to discuss options for harmonisation and many other important aspects of the Project, including:

In addition to the substantive content of the workshop a number of social activities were organised by Galexia. This included:

Related links:


The UN Convention on Electronic Contracting - January 2005

Related Galexia services and solutions

Galexia conducts a wide range of strategic projects on e-commerce law in Australia and the region, and the new Convention on electronic contracting is of particular importance in this area.

The United Nations Commission on International Trade Law (UNCITRAL) Draft Convention on the use of electronic communications in international contracts is one of the most significant recent developments in international electronic commerce law. UNCITRAL has now finalised the text of the convention and expects to discuss approval of the Draft Convention at a full Commission meeting in mid 2005. The Draft Convention could then be presented to the UN General Assembly and may be open for ratification by the end of 2005 or early 2006.

Related links:


ASEAN Prioritises E-Commerce Integration - November 2004

29th November 2004 - At the 10th ASEAN Summit in Vientiane, Laos, the ASEAN leaders have agreed to accelerate the integration of 11 priority sectors, including the e-commerce 'e-ASEAN' initiative, reaffirming ASEAN’s commitment to fast track the integration towards the ASEAN Economic Community (AEC) that ASEAN Leaders agreed to establish by 2020. The AEC is envisaged as a single market and production base with free flow of goods, services, investment, skilled labour and freer flow of capital.

The 11 priority sectors accounted for more than 50% of intra-ASEAN trade in 2003. In value terms, the priority sectors contributed US$48.4 billion and US$43.4 billion of intra-ASEAN exports and imports, respectively, in 2003.

Attached to each protocol is a roadmap to serve as the basis for economic integration of each of the priority sectors. These roadmaps were prepared with active involvement of the private sector. The roadmap includes specific measures that are of direct relevance to each sector, as well as common measures that cut across all priority integration sectors to be implemented with timelines from now on to the year 2010. For example, relevant to e-ASEAN, product standards and technical regulations will be harmonised to reduce the transaction costs of doing business in ASEAN.

Galexia's work on e-commerce legal infrastructure harmonisation forms a vital part of this initiative. Read more about the ASEAN E-Commerce project »


Overview of E-Commerce Legal Infrastructure - October 2004

The development and implementation of a harmonised legal infrastructure for e-commerce can facilitate the development of e-commerce by providing parties with certainty that their transactions will be recognised in multiple jurisdictions. This paper provides an overview of the requirements for establishing a successful E-Commerce Legal Infrastructure.

Related links:


Second ASEAN E-Commerce harmonisation workshop in Bangkok - October 2004

Following on from the successful first workshop for the ‘Harmonisation of Legal Infrastructure for E-Commerce in ASEAN’ project in May 2004, Galexia hosted a second workshop in Bangkok, Thailand in October 2004. The workshop brought together high-level representatives from ASEAN member countries to discuss options for harmonisation.

Related links:


Galexia presented at APEC TEL 30 - September 2004

Galexia made a presentation to the 30th meeting of the Asia-Pacific Economic Co-operation Telecommunications & Information Working Group (APEC TEL WG), in Singapore in September 2004.

The presentation, for the e-Security Task Group of APEC TEL WG, was on the harmonisation of e-commerce laws in ASEAN.

Related links:

External links:


Exemptions in the Australian Electronic Transactions Act - September 2004

Related Galexia services and solutions

This article provides an overview of the Commonwealth Electronic Transactions Act (ETA) and the eight State and Territory ETAs in Australia. It focuses on the many exemptions and how to find them.

This is an important area of law for many new technology implementations involving electronic communication. If a particular transaction is exempt from the ETA in one or more jurisdictions, this can present a significant barrier to the use of electronic communication. For example, a wholly electronic process for selling consumer credit products is not viable in many Australian jurisdictions, because consumer credit laws requiring hard copy disclosure documents are exempted from the relevant ETAs.

Identifying and locating the relevant ETA exemption can be a difficult and time-consuming task. This article provides some guidance through the ETA maze, and includes an appendix listing common exemptions and their location.

Related links:


Galexia's Commonwealth Endorsed Supplier Arrangement extended to 2007 - August 2004

Galexia’s Endorsed Supplier Arrangement (ESA) with the Australian Government has been extended to September 2007.

Related links:


Galexia develops and hosts course materials for Electronic Commerce Law - August 2004

Related Galexia services and solutions

Galexia has developed materials for the University of NSW course on Electronic Commerce Law (2004). This is available as an updated extranet for course participants.

Galexia has also developed and hosts course materials on Cyberspace Law. Read more »


Galexia publishes article on Managing Consent in a Multidisciplinary Team Environment - June 2004

This article examines the issue of Managing Patient Consent to the use and disclosure of personal information in a Multidisciplinary Team Environment. It reviews the recent NSW Administrative Decisions Tribunal decision in KJ v Wentworth Area Health Service and considers the future of privacy law and practice in this field.

This paper is available in the following formats from <http://www.galexia.com/>:

Read more on Galexia’s published works »


Galexia at the inaugural Asian Law Institute (ASLI) conference - May 2004

The ASLI inaugural conference topic was ‘The Role of Law in a Developing Asia’ and was hosted by the Faculty of Law, National University of Singapore, on 27 and 28 May 2004. The conference covered a number of contemporary issues on Asian law, including, constitutional reform, the administration of justice, Asian legal traditions, international trade and investment, cross-border crime, the harmonisation of commercial law in Asia and intellectual property protection in Asia.

Galexia team members were involved in a number of presentations:

Related links:

External links:


Galexia presents on Legal and Privacy Issues in e-Government - May 2004

Galexia participated in The Business e-Volution of Government (Conference and e-Government Expo) on 26 and 27 May 2004, organised by the Australian Government Information Management Office (AGIMO) and Institute of Public Administration (IPAA) Act Division

Galexia presented a paper Managing privacy in identity management - the way forward. This paper examines the question: How can privacy risks be understood and managed within large-scale identity management systems? This paper is published in the IPAA/AGIMO e-Government Research Papers, which was launched at the conference.

Additionally, Galexia participated in the panel discussion on Legal and Privacy Issues in e-Government

Related links:

External links:


Galexia holds first workshop on ASEAN e-commerce harmonisation in Singapore - May 2004

As part of the ongoing Harmonisation of Legal Infrastructure for E-Commerce in ASEAN project, Galexia hosted the project’s first workshop in Singapore on May 26.

The meeting brought together high-level representatives from Brunei, Cambodia, Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam, as well as representatives of the ASEAN Secretariat and Galexia’s own team of experts, to discuss current frameworks for digital signatures and e-transactions, and consider the way forward for the project.

Related links:

Federal Court injunction obtained under Privacy Act - May 2004

In a highly significant legal development affecting many of Galexia’s clients, the Federal Court has granted a permanent injunction under section 98 of the Privacy Act 1988 (Cth).

In the case of Seven Network (Operations) Limited v Media Entertainment and Arts Alliance [2004] FCA 637 (21 May 2004), Seven Network was seeking to restrain the MEAA (a union that represented Seven employees) from using a company phone directory. The MEAA had already used the directory to conduct a phone poll of Seven employees regarding an enterprise agreement that Seven Network was offering directly to its workers. Negotiations over the agreement with the MEAA had previously broken down.

Justice Gyles rejected MEAA’s argument that only the Federal Privacy Commissioner, and not the Federal Court, could grant injunctions under the Privacy Act.

Related links:

External links:

Committee for Economic Development of Australia (CEDA) - E-Commerce - Pausing for Breath, Maximising Financial Returns & Managing Risks - April 2004

Seminar topic: ‘E-Commerce - Pausing for Breath, Maximising Financial Returns & Managing Risks’ for the Committee for Economic Development of Australia (CEDA). The speech will cover a variety of current issues in IT and business management

Date: 2 April 2004

Presenters:

Venue: CEDA Boardroom, Sydney. Level 9, 275 George St Sydney, NSW 1043

Audience: CEDA Member Company Representatives and Guests Only

About CEDA: The Committee for Economic Development of Australia (CEDA) is Australia’s leading business think tank. It regularly hosts presentations by the country’s economic and political leaders and its research has significant influence and media coverage.

Related links:

External links:

Galexia to assist ASEAN harmonise electronic commerce - March 2004

News and Downloads

Related Galexia services and solutions

Galexia has won a competitive tender for a groundbreaking two-year project that will streamline electronic commerce in South East Asian nations.

Galexia is partnering with global law firm Baker & McKenzie to develop and implement a harmonised legal infrastructure for electronic commerce in ASEAN (Association of South East Asian Nations: Brunei Darussalam, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam).

The goal of the project is to assist ASEAN to integrate into one market for goods, services and investment by the establishment of a harmonised legal, regulatory and institutional environment for e-commerce. Additionally, there is an opportunity for some of the developing nations within ASEAN to ‘leap-frog’ paper based commerce and develop more efficient electronic transactions for cross-border trade. The project is the first of its kind to be conducted in the Asia Pacific region, and is second only to the European Union in its approach to legislatively facilitate borderless electronic transactions across a group of nations.

This project is funded by the ASEAN Australia Development Cooperation Program (AADCP) - Program Stream. AADCP is funded by the Australian Government, through AusAID and implemented in close collaboration with the ASEAN Secretariat and is managed by ACIL Australia Pty Ltd.

e-ASEAN Framework

The e-ASEAN framework agreement states that members shall ‘adopt electronic commerce regulatory and legislative frameworks that create trust and confidence for consumers and facilitate the transformation of businesses towards the development of e-ASEAN’.

It is envisaged the legal infrastructure may take the form of a regionally agreed model for consistent national laws supported by an appropriate infrastructure that will legally recognise the effectiveness of online transactions and facilitate their enforceability.

A harmonised legal infrastructure presents a great opportunity for technological and commercial advancement. The agreed framework and resulting laws will underpin increasing confidence in and use of electronic commerce by businesses, governments and consumers, both within and beyond ASEAN. To be effective beyond ASEAN the framework will reflect the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce (1996) and the UNCITRAL Model Law on Electronic Signatures (2001).

Case study (2008)

Galexia has completed a case study of the Harmonisation of E-Commerce Legal Infrastructure in ASEAN project. The case study illustrates the progress made during the four years of the program (2004-2008), with eight of the ten ASEAN Member Countries having enacted e-commerce laws, and the remaining two having draft laws.

Project case study »

Project Extension (2006)

In January 2006, Galexia won the opportunity to work further in the ASEAN region by undertaking work to provide an extension to the ASEAN project. This project extension will focus on harmonising electronic contracting and Online Dispute Resolution legal infrastructures in the region.

The goal of the project is to assist ASEAN to integrate into one market for goods, services and investment by the establishment of a harmonised legal, regulatory and institutional environment for electronic contracting and dispute resolution. The development and implementation of harmonised legal infrastructures for electronic contracting and dispute resolution will facilitate the development of e-commerce by providing users with common methods for completing electronic contracting steps, and a common framework for resolving electronic commerce disputes.

The project will produce the following outputs:

UNCITRAL Convention of Electronic Contracting (2005)

The United Nations Commission on International Trade Law (UNCITRAL) has finalised its Convention on electronic contracting following over three years of deliberations. The Convention has been formally titled the Convention on the use of electronic communications in international contracts. It will be presented at the UN General Assembly meeting later this year, where if adopted it will become the first UN Convention addressing legal issues created by the digital environment.

The UNCITRAL Convention seeks to enhance the legal certainty and commercial predictability of international electronic transactions by setting out a number of interpretive rules for the use of electronic communications in negotiating and forming contracts.

The new Convention is likely to establish a default standard for electronic transactions. Even if a country does not ratify the Convention (once it is brought into force) it will still influence the terms of a transaction; particularly where the other contracting party is from a country that is a signatory to the Convention.

The Convention on electronic contracting also seeks to harmonise national law regarding how electronic contracts can be made. Harmonised domestic legislation will overcome the legal uncertainty in international business transactions where contracting parties are from different countries. A more certain legal environment will increase confidence in conducting electronic transactions, and in turn participation in e-commerce.

The Convention follows on from earlier work of the UNCITRAL Working Group on Electronic Commerce who released the Model Law on Electronic Commerce in 1996 and the Model Law on Electronic Signatures in 2001 (see below).

UNCITRAL Model Law on Electronic Signatures (2001)

It is intended that Model Law on Electronic Signatures (2001) will operate as a supplement, or an extension to the Model Law on Electronic Commerce (1996).

Despite the wider adoption of the Model Law on Electronic Commerce, within ASEAN the Model Law on Electronic Signatures has only been adopted by Thailand.

Thailand enacted dedicated electronic commerce legislation in 2001 at which point it was convenient to incorporate both the 2001 and 1996 Model Laws. By this time other nations had enacted electronic commerce legislation based on the 1996 UNCITRAL Model Law, and have generally not made any subsequent alterations to their domestic legislation. There are a few countries that have adopted the Electronic Commerce Model Law after 2001 without adopting the Model Law on Electronic Signatures.

In the interests of promoting party autonomy many provisions of UNCITRAL’s Model Law on Electronic Signatures (2001) can be contracted out of or varied by the mutual agreement of the parties. A flexible and expansive approach helps to facilitate the development of new techniques and technologies.

The Model Law on Electronic Signatures also promotes the same functional and media neutrality of its 1996 predecessor by providing that electronic signatures in any form should be treated equally provided they meet the minium functional specifications required to guarantee the signature’s integrity.

Generally, the Model Law on Electronic Signatures provides a broad legislative framework of sufficient detail to enable national governments to fill in the procedural ‘blanks’ needed to tailor the legislation to their national circumstances.

UNCITRAL Model Law on Electronic Commerce (1996)

The Model Law on Electronic Commerce is based on two principles:

1. Functional equivalence - paper documents and electronic transactions are treated equally by the law (Article 5); and
2. Media neutrality - the law does not discriminate between different forms of technology (Article 1 read with Article 2(a)).

These two principles are pivotal in ensuring that electronic transactions receive universal recognition. Transparency and predictability are the other desirable qualities in electronic commerce legislation - these will minimise legal uncertainty between contracting parties.

Existing laws in Singapore, the Philippines, Brunei and Thailand, are to a large extent based on the UNCITRAL Model Law on Electronic Commerce.

Website links

Australian Agency for International Development (AusAID)
http://www.ausaid.gov.au/

ASEAN Secretariat (Jakarta)
http://www.aseansec.org

ASEAN Australia Development Cooperation Program (AADCP)
http://www.aadcp.org

About Galexia

Galexia has expertise and experience in all aspects of electronic commerce law and provides expert analysis of PKI, authentication and digital signature regulatory issues to a range of local and international clients.

The Galexia team matches project management experience with legal expertise and technical understanding.

For more information


Galexia delivers specialist management consulting services to our clients. Galexia has expert consultants in privacy, authentication, electronic commerce and new technology. We leverage our legal, business and technical knowledge to deliver successful business strategies to a diverse range of clients.

Our focus is on research, strategy and advice on electronic commerce, digital signatures, identification, authentication, security and privacy in Australia and the Asia Pacific.


Cardno ACIL Australia is the ASEAN Australia Development Cooperation Program (AADCP) Program Stream manager

This project is funded by the ASEAN Australia Development Cooperation Program (AADCP) - Program Stream. AADCP is funded by the Australian Government, through AusAID and implemented in close collaboration with the ASEAN Secretariat and is managed by Cardno Acil Pty Ltd.

News and Downloads

Related Galexia services and solutions

  • Specialised Legal and Regulatory Consulting. Read more »
  • Identity Management and Authentication - Technical Consulting. Read more »
  • Identity Management and Authentication - Strategic Consulting. Read more »

Enhanced data security and customer understanding through identity and access management - March 2004

Related Galexia services and solutions


 

Galexia lead a workshop on Building privacy into identity management solutions.

This workshop covered how to ensure that privacy compliance and privacy expectations are managed within an identity management strategy, including an overview of Federated Identity solutions.

Part 1 - Recognising the importance of privacy issues within identity management strategies
Part 2 - Privacy design issues in identity management
Case studies
The workshop included three detailed case studies:

Galexia continues to conduct research on distributed identity systems. Read more »

Go to the IQPC identity management conference website »

Read more about the IQPC project »

Galexia completes a strategic consultancy on a national health identifier for the Commonwealth Department of Health and Ageing - February 2004

In 2004 Galexia completed a significant project on identity management in the health sector.

The Commonwealth Department of Health and the Ageing commissioned Galexia to produce a strategic issues paper on a "National Health Identifier".

The paper was completed in February 2004 and is the subject of consideration by the Australian Health Information Council and the National Health Information Group. The project involved national and international research, consultation with government and non-government stakeholders and the development of findings and recommendations.

Read more »

Galexia conference presentation on health identity management - March 2004

Galexia director Chris Connolly has presented a paper on identity management in the health sector to the International Quality and Productivity Centre (IQPC) conference on Identity and Access Management.

The paper considered the potential uses and benefits of broad schemes for health information, as well as looking at community attitudes to new systems. It also assessed current implementations both within Australia and overseas.

Go to the IQPC identity management conference website »

Read more »

Galexia's Representative Complaints paper to appear in Privacy Law & Policy Review - February 2004

The Privacy Law & Policy Reporter (PLPR), Australia’s leading legal journal on privacy law, will be publishing a version of Galexia’s article Representative complaints - a new approach to making privacy laws work for consumers in issue 10.9.

The article, written by director Chris Connolly and researcher Nawaz Isaji, looks at a number of legal approaches in different jurisdictions to handling privacy class actions and complaints made on behalf of individual privacy victims (who often wish to remain anonymous).

Read the article »

Baker and McKenzie Cyberspace Law and Policy Centre (CLE Series 2003) - Online contracts: Banking, finance and insurance - December 2003

Chris Connolly presented on ‘Best practice in the formation Online consumer finance and insurance contracts’.

The issues surrounding the online creation of insurance and finance contracts, including disclosure, non-repudiation, independent advice and the broad policy settings for consumer protection in electronic commerce will be examined.

Read more about Baker and McKenzie projects »

Baker and McKenzie Cyberspace Law and Policy Centre (CLE Series 2003) - Privacy Complaints: How to Get a Win for Your Client (Making Privacy Laws Work) - December 2003

Chris Connolly presented on ‘Representative privacy complaints and class actions’.

There is a growing trend to pursue privacy breaches through representative organisations, or as a part of a class of affected persons. This looks at the benefits of representative complaints, recent Australian and international case studies, tactics and procedural issues.

In September 2003 Galexia published a survey of Australian and international privacy laws that allow class actions and representative complaints to be made.

Read more »

Australian Telecommunications Industry Ombudsman (TIO) Conference - Convergence: Redrawing the Boundaries - December 2003

Chris Connolly presented on ‘Managing Convergence in Telecommunications and Financial Services’.

Go to the TIO conference website »

Galexia's Privacy Management Strategy (PMS) for New Queensland Smart Card Driver Licence released - September 2003


[ Galexia Dots ]

Related Galexia services and solutions


 

In March 2003 Galexia completed the Privacy Management Strategy (PMS) for Queensland Transport on the proposed Queensland Smart Card Driver Licence. In September 2003 this was released to the public as part of a formal consultation process.

This Privacy Management Strategy (PMS) covers a wide range of technical and legal issues and proposes short, medium and long-term measures for ensuring that privacy issues are managed in the proposed roll-out of the new licence.

Download the Privacy management Strategy from the New Queensland driver licence web site:


Read more about Queensland Transport projects »

Case studies on distributed identity - September 2003

Distributed identity is being considered as a privacy positive alternative to national identification schemes (such as the failed Australia Card). The paper argues that while distributed identity may be a reasonable alternative to national identification schemes, distributed identity is not necessarily a privacy positive initiative in its own right. The level of privacy intrusion depends on numerous technical factors and the effective management of privacy issues during design, implementation and the active life of distributed identity systems.

Galexia continues to conduct research on distributed identity systems. These case studies and the accompanying power point presentation provide a brief introduction to the field.

Read more »

Privacy class actions - Galexia has published a survey of Australian and international privacy laws that allow class actions and representative complaints to be made - September 2003

This paper surveys national and international privacy laws to assess the ability of courts and privacy regulators to consider “representative complaints”, and argues that privacy breaches are particularly suited to resolution through representative action. Several case studies of representative privacy complaints are included, as well as an overview of privacy class actions in the United States, Canada, Hong Kong, Australia and New Zealand.

This paper provides a useful insight into the growing trend for privacy class actions and concludes that the benefits of representative complaints are yet to be fully realised in the privacy field.

Read more »

Galexia presents paper at national Electronic Authentication Stakeholder workshop for the Vocational Education and Training sector - August 2003

Galexia conducted a National Authentication Workshop for ANTA in Melbourne in August 2003. The workshop considered strategic issues in the development of electronic authentication solutions in the Vocational Education and Training sector. The workshop brought together government and industry participants from all states to consider the potential business case for electronic authentication, plus a range of practical considerations and technical issues.

Read more »

Galexia delivers report on ABN-DSC interoperability - April 2003

Galexia provided a detailed report on issues which have arisen in the implementation of the Australian Business Number Digital Signature Certificate (ABN-DSC). The report was provided to NOIE following a three-month project involving consultations with numerous Government agencies and industry certificate providers. The final report is not a public document.

For more details on the ABN-DSC see NOIE’s authentication pages.

Read more about NOIE (now AGIMO) projects »

Ian Booth joins Galexia as an Associate - March 2003

Read more in Consultant Profiles »

Galexia completes research paper on Electronic Authentication for Flexible Learning for Australian National Training Authority - February 2003

Related Galexia services and solutions

  • Electronic Authentication - Advice, Analysis and Strategy. Read more »
  • Identity Management and Authentication - Strategic Consulting. Read more »
  • Specialised Legal and Regulatory Consulting. Read more »

Related Galexia research

  • Workshop - Electronic Authentication Stakeholder Workshop for the Vocational Education and Training (VET) sector (August 2003). Read more »

 

Galexia has completed the E-authentication research paper for ANTA, a Commonwealth statutory authority established in 1992 to provide a national focus for vocational education and training (VET).

The paper outlines the current legal and regulatory framework for electronic authentication in Australia. It also covers general and specific legal and regulatory issues relevant to education providers and outlines suggested models for electronic authentication in Vocational Education and Training (VET). The paper includes detailed strategic advice for the VET sector.

Download from the Australian National Training Authority (ANTA) Australian Flexible Learning Framework - http://flexiblelearning.net.au


Read more about ANTA projects »

Galexia updates Intelligence Report on privacy law in Asia - January 2003

The Asian privacy Intelligence Report provides an in-depth account on the latest in privacy law and regulation in many important Asian jurisdictions. The previous Intelligence Report covered the jurisdictions of Hong Kong, Japan, South Korea and Taiwan. The updated Intelligence Report adds Malaysia and Singapore to the list, outlining the laws of two of Australia’s closest and most important neighbours. The update also adds fresh information on developments in the existing jurisdictions.

Read more »

 

Privacy Regulation in Asia: Intelligence Report Contents

  • 1. Hong Kong
  • 2. Japan
  • 3. Malaysia
  • 4. Singapore
  • 5. South Korea
  • 6. Taiwan

Access Galexia Intelligence Reports from the client extranet » [client access only]

Contact Galexia for more information »

 

Galexia wins tender to deliver research paper on Electronic Authentication for Flexible Learning for Australian National Training Authority - September 2002

The report will contain a comprehensive analysis of current and proposed e-authentication law and regulation. The report will also contain recommended measures for addressing barriers to the development of flexible learning posed by e-authentication legal and regulatory issues.

For more information see the Flexible Learning Advisory Group.

Read more about ANTA projects »

Galexia Intelligence Report #6 - Privacy Codes of Conduct (Process and Content Issues) - August 2002

This Intelligence Report summarises the key process and content issues which need to be addressed when developing privacy codes of conduct, especially where the intention is to have a code approved by the Australian Office of the Federal Privacy Commissioner . This Intelligence Report provides an update on the Australian legal framework and a discussion of the key steps in developing a code and gaining approval.

 

Privacy Codes of Conduct: Intelligence Report Contents

  • 1. Mandatory Content
  • 2. Complaint-Handling
  • 3. Best Practice inclusions
  • 4. Administrative & Operational Requirements
  • 5. Resources

Access Galexia Intelligence Reports from the client extranet » [client access only]

Contact Galexia for more information »

Galexia focuses on E-Commerce law: The Law and Policy of Consumer Protection in Electronic Commerce in Australia (Updated) - October 2001

The fifth Intelligence Report from Galexia focuses on the law and policy considerations of consumer protection in electronic commerce. It includes the Australian Codes of Conduct, as well as a case study on financial services, which looks at disclosure, privacy and complaint handling within in the online environment. The report also looks to the international scene, to detail the current legal positions of a number of countries in this area.

Read more »

Read more about E-Commerce law projects »

Galexia commissioned to write a consultation paper on privacy issues in the use of PKI for individuals - June 2001

Related Galexia services and solutions

In mid-2001, the National Office for the Information Economy (NOIE) and the Office of the Federal Privacy Commissioner (OFPC) commissioned Galexia to produce a research and discussion paper on privacy guidelines for the use of digital certificates. Part of our report was published as a public consultation paper.

In mid-2001, Galexia was commissioned, by the National Office for the Information Economy (NOIE) and the Office of the Federal Privacy Commissioner (OFPC) to produce a research and discussion paper on privacy guidelines for the use of digital certificates.

Part of our report was published as a public consultation paper and is available from the Office of the Federal Privacy Commission - http://www.privacy.gov.au

The Guidelines subsequently became formal Guidelines under the Privacy Act 1988 and are available from the Office of the Federal Privacy Commission - http://www.privacy.gov.au. It sets out guidelines for agencies considering the use of PKI to help them minimise any privacy risks for individuals.

Galexia completes a new Intelligence Report: An Introduction to e-Commerce Law - May 2001

E-Commerce law is one of the most important and diverse sections of Galexia’s research. This Intelligence Report details the law of domain names, copyright, contracts, jurisdiction, defamation and content regulation and how it differs in an Internet context.

Read more »

 

An Introduction to e-Commerce Law: Intelligence Report Contents

  • 1. Introduction - What is E-Law?
  • 2. What does this Intelligence Report Cover?
  • 3. Access
  • 4. Domain Names
  • 5. Copyright
  • 6. Contracts and Jurisdiction
  • 7. Defamation
  • 8. Content Regulation
  • 9. Workplace Issues
  • 10. Privacy
  • 11. Encryption
  • 12. Consumer Protection
  • 13. Further reading and contacts

Access Galexia Intelligence Reports from the client extranet » [client access only]

Contact Galexia for more information »


Read more about E-Commerce law projects »

Galexia's first Intelligence Report: Privacy Impact Assessments (PIAs) - February 2001

This report details the purpose, design and preparation of Privacy impact Assessments (PIAs). It also provides a sample PIA checklist.

Read more »

 

Privacy Impact Assessments (PIAs): Intelligence Report Contents

  • 1. Purpose and description of a PIA
  • 2. Experiences of the PIA process
  • 3. Who should be involved in preparing the PIA?
  • 4. When is a PIA required?
  • 5. Designing a PIA
  • 6. Publication of the PIA report
  • 7. Other compliance measures
  • 8. Sample PIA checklist for the use of Digital Certificates by individuals interacting with federal government agencies

Access Galexia Intelligence Reports from the client extranet » [client access only]

Contact Galexia for more information »


Paper on Electronic Lodgment in the Land and Environment Court - February 2001

Related Galexia services and solutions

  • Electronic Authentication - Advice, Analysis and Strategy. Read more »

Working with the NSW Attorney General’s Department and the Law Society of NSW, Galexia prepared this paper on secure electronic court lodgement. The paper covers PKI, Digital Certificates, and electronic lodgement, and how this may be incorporated into the judicial process. It also details how it may be utilised by both the courts and solicitors.

Final Report:

Presentation at Australian Institute of Judicial Administration (AIJA) Technology for Justice 2001:



[1] From Austroads Connected and Automated Vehicles Program Overview <http://www.austroads.com.au/drivers-vehicles/connected-and-automated-vehicles/overview>

[2] ASEAN Secretariat, e-ASEAN Framework Agreement, 2000, <http://www.aseansec.org/6267.htm>.

[3] [2005] VCAT 2592.