Protect your privacy, rights and freedoms

Just an example: a ridiculously intrusive warranty registration form from Barbeques Galore. Who in their right mind would give out so much personal information for a barbeque warranty? Besides, under the Australian Consumer Law, a warranty must be provided anyway, without harvesting any personal data.

Anonymous, 5 February 2018

There is a big difference between a company that DID something to earn its customers' trust, and a company that HASN'T DONE anything [yet/known] to lose the trust of its customers. For example, Apple actively pushes its users to create Apple ID and backup/sync all personal data to its cloud. It actually takes quite a bit of determination and vigilance to bar the numerous attempts of any iDevice from uploading your data to Apple. There is no simple "don't touch any of my information" settings, and the is no option to create an Apple ID without giving them your name and contact details. Apple portray themselves as a defender of its customers' privacy, yet they haven't actually done anything to prove it. Simply popping up a screen saying "Apple believes privacy is a fundamental human right..." proves nothing. Believing is not enough, it's the actions that matter. Speaking of which, Apple quickly ditched its plans for end-to-end encryptions when FBI didn't like it. Had Apple say 'no', stood for its beliefs in the fundamental human rights, and, in an extreme case, moved their operations to a country that aligns with their beliefs, then we would have had grounds to trust Apple's promises. But since Apple only "believes" in human rights, but prefers to have an easy life and cooperate with secret and intelligence services, I will never use their iCloud, backup or syncing, and always try to reduce the amount of personal data I keep on any devices made by Apple. There is just no way of knowing who this data will be shared with. The only personal data I have on my iPhone is contact phone numbers and emails of my friends, family members and colleagues (I never add addresses, photos or birthdays there). I avoid using full names for all my contacts. Initials or nicknames are an excellent way to add a bit more privacy even if Apple grabs my contacts and uploads them to its cloud against my wishes.

Anonymous, 27 June 2019

Our family was one of the 500 million victims of the Marriott hack in November 2018. We received a canned apology from them and an ass-covering 'warning' that our private details might have been compromised because we stayed with them a few years prior. We were furious that they kept our data for so long! Had they deleted our data after we checked out, it would not have been hacked. But the biggest shock was to discover that they still want visitors' ID upon check-in even after that breach. We said NO and found a place in another hotel. Having just read in the news that Marriott has been hacked again, we are so glad we went to another hotel then. Will never stay at Marriott in the future.

Anonymous, 3 April 2020

We have an appalling situation with covid vaccination bookings in Australia. As if vaccine shortages weren't bad enough, now we are coerced by our own government into creating HotDoc accounts and signing up for third party crap just to be able to book a vaccination appointment. Doctors decline to accept phone bookings and walk-ins, and demand that we book through HotDoc, which is a commercial organisation and should not be permitted to take advantage of this pandemic disaster to became a middleman between the taxpayer-funded government-run vaccination program and the taxpayers!

Anonymous, 7 August 2021

This is not a coronavirus pandemic. This is a data grab pandemic.
Want to get food? You must have a check-in app, and an email address, and a phone number.
Are you forced to have a phone number? You must give your photo ID to Telstra, Optus, Vodafone, or some other telco. And then wait and watch how all your communications become the property of ASIO spooks.
Are you forced to have an email address? You must give your personal data to Gmail, Hotmail, Yahoo, or some other overseas email provider, and let them read all your private correspondence.
Are you forced to have a check-in app? You must create an Apple or Google account to download it. And then watch how US secret services go through your personal data.
Are you forced to have a covid test? You must give your personal data, and of course you must have a phone number. And then wait and see how your personal data is used to lock you up.
Are you forced to have a covid vaccine? You must book online, enter your personal data, and you must have an email and a phone number. And then watch how you personal data and medical information is sold off by someone like HealthEngine.
Are you vaccinated and now forced to show a proof of vaccination or vaccine passport? You need a Medicare app.
Are you forced to use a Medicare app? You must have an Apple or Google account to download it. And then it must be tied to a mygov account.
Are you forced to have a mygov account? You must enter personal details and provide an email address.
Have you finally got your vaccine passport? Now you have to show your personal details and medical information to every Tom, Dick, and Harry who think they have the right to see it.
And the worst thing: none of this will end even when this pandemic is over. The government will find another excuse why the status quo must remain.

Anonymous, 12 August 2021

It's not difficult to see how Australian government is gradually tying everything to a mobile phone number thus making it a de facto Australia card. For their purposes, it is even better than Australia card. An identity card is passive, it doesn't tell more than is written on it, while mobile phones are ideal for 24/7 spying on everyone everywhere.
First, the government made it mandatory to show a photo ID when you are getting any mobile service. Then it passed data retention and surveillance laws that allow it to watch everything you say and receive in all your communications, know all your contacts and trace your location. Now it is simply making sure that everyone is forced to have a mobile phone by making it impossible to access the most essential things without a mobile number.

Anonymous, 12 August 2021

A brilliant quote from one of the Electronic Frontiers Australia talks:
"Power is enacted for a particular reason, but then it is used in a different context. And we've seen this time and time again with the legislation that gets passed; a lot of if is the legislation since 2001. A global war on terror was declared, and the terror won; just as in the war on drugs, the drugs have pretty much won. What we've got was more terror, but we've also got more responses to that: it became an authoritarian ratchet, where every time the power is given it is never taken away. And the problem is never resolved because it is a war on an abstract noun. You can't win one of those, but it is very convenient for someone who wants to accumulate power."
You can watch the whole video here: EFA Talks: Stepping Stones to Dystopia

Bob, 18 August 2021

We can't be too careful with our privacy, especially in Australia. While everyone is busy surviving this pandemic and vaccine shortages courtesy Australian government, the same government pushed through a hideous surveillance bill that shocked the free democratic world. With the new Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021, Australian police and intelligence services can hack your computer or any other devices. They can access, collect, delete, modify and falsify your data, and take over your social media accounts, and all that without a judge warrant.
Australia became a prison colony once again. Anyone can now potentially be framed for a serious crime by ACIC or AFP. There are no safeguards in the law that can stop them from simply changing your data to suit their agenda. There are no limits, no oversight.
As usual, it was done under the anti terrorism, drugs and child exploitation pretext, nothing new there! But really isn't it about keeping the rich powerful? An arm of government or a multi-billion corporation that is breaking laws, tired of human rights defenders, or inconvenienced by some investigating journalist could get the police to hunt people down using government-sponsored malware, break into and plant things on people's phones, and make all corporate and political problems go away.

Anonymous, 1 September 2021

Mass surveillance is not about the hackneyed terrorists or pedophiles, it is about having control over every single person in the country. Very convenient for the government and for those who line their pockets.

Rick M., 2 September 2021

"Informed consent is a fallacy if the person cannot alter the consent they are giving; or if the consent is locked in a point of time, which allows the consent given today to be used for a different reason later." Electronic Frontiers Australia

H.S., 7 October 2021

It is all about personal data and control, always has been. Thousands of people die every year in Australia because of the fear or reluctance to see a doctor due to privacy concerns. Does the government and the medical system do anything about it? Do they offer an option to get medical help anonymously? Are they decreasing their demands for personal data? Nope! Instead they want to grab more data and share it with every arm of government that wants it. MyHR, MyGov, Medicare, ABS... That's in addition to forcing many patients into booking medical appointments online, through commercial booking systems, which of course are only too eager to grab all the personal data as well.
But...a few hundred people die FROM covid during the whole pandemic (not talking about those who died WITH covid, which the government still counts as covid fatalities), and the powers see it as an opportunity to turn this country into a prison colony, lock everyone in, force to undergo vaccination (which by the way didn't bring back our normal way of life), grab everyone's latest and freshest personal and contact data through travel passes, vaccinations and covid tests, and get DNA sample through covid tests as well. If they were allowing anonymous on-the-spot testing, that would at least be believable that it was done ONLY for medical reasons. But no, they want full name, dob, home address, medicare number, id, email, phone number,... so that they have a full file on each person.

Ole, WA Australia, 6 November 2021

Anything affecting our freedom and privacy should be legislation/laws, not regulations. Because regulations can be changed by any minister at any time, while legislation changes must go through the parliament, which is the foundation of democracy.

Anonymous, 17 November 2021

There is virtually no data privacy within Australian medical system. Let's follow this example from scratch:
Suppose you have (hopefully not!) a health issue that requires hospital treatment.
First, you will have to see a general practitioner. For that, you will need to make an appointment. These days, many GP places want their patients to use online booking systems. You will need to create an account and enter a load of your personal data, which will become a part of this system that is made and maintained by some other company, stores your data in an unknown location and makes it available to an unknown array of people. If you entered your email address, then your email provider will be privy to your health communication as well. If it is something like Gmail, Google will add all medical information from your emails to a profile it has on you. It will also mean that Australian and overseas spying and surveillance agencies get access to that information as well.
Then you get to your appointment and have to fill another load of forms handing over yet more of your personal data. That data will be entered into the medical practice system, and most likely will be stored on a remote server belonging to the company that provides that system, or even uploaded to some cloud storage that may be overseas. Your data is also likely to be entered to the reminder system that will go on pestering you about screening and follow up appointments.
If you need any medical laboratory tests, like a blood test, your data will be given to the pathology lab. It gets entered into their system, uploaded to their cloud storage and disclosed to various third parties "as required or authorised by law". Those pathology labs often are big chains with thousands of people working for them. Who and when has access to your information, anyone's guess.
If you have a notifiable disease, ranging anything from cancer, through measles, to laboratory-confirmed influenza, your personal and contact details will be immediately reported to the government.
If you need any diagnostic imaging, like X-ray, CT scan or MRI, your data goes to the imaging provider, their system, their cloud and their related parties.
Then your GP will send you to a specialist, and your data will be added and proliferated through the medical and accounting systems that the specialist uses.
If during your appointment the doctor makes some notes on their personal computer, your personal and medical data is likely to end up somewhere in Apple iCloud or Google Drive, which means overseas and accessible by overseas agencies.
Then if you need to be admitted to hospital for a surgery or other procedure, your will need to fill the hospital admission forms. Again, these days they want you to create an online account and enter all your info there. This of course adds your data to yet another system of an unknown scope. If it is a public hospital, your data can become a part of a massive behemoth with thousands of employees. If it is a private hospital, your data will become the property of a private business, which may be foreign-owned.
If during the hospital procedure an anaesthetist was required, your data goes to them as well, then to their accountants, their computer systems and their cloud storage. If assistive imaging was used, then your data goes there. If histology analysis was requested, your data goes to a pathology lab, which is likely to be different to the one that got your details earlier.
If you felt too rotten after the procedure and forgot to pay at least one of the numerous bills, your personal information may be sold to the debt collector mob.
If you use Medicare card, then the government keeps tabs on you every step of the way. If you have private health insurance, then your data is collected, stored, shared and used for making money by yet another business, in addition to talking large sums of money directly from your purse.
So, by the time you are done with just this one health issue, your personal, private and sensitive information is entered into hundreds of databases, stored on hundreds of servers all over the globe, accessible by thousands or maybe millions of people, and dozens of corporations are making money from it. Can you call this "privacy"? I certainly can't! And the worst part: you can't do anything about this. You have zero say and zero power. The only time you will find your own data behind a brick wall is when you yourself try to get full access to it or delete it. It is either impossible, or there are so many obstacles along the way that you will eventually give up.
In most cases, in Australia it is impossible to bypass the GP, or to get any medical services anonymously, even if you pay 100% out of your pocket. The only way to prevent or at least to lessen this personal data dissemination is to stay away from the medical establishment altogether. Which of course can be detrimental to your health. And who would benefit from that? The same government and corporations! They win no matter what you do.
If you give up your privacy and let your data to be scattered all over the world, they will use, misuse, abuse and sell it ten times over and spy on you from cradle to grave.
If you decide to avoid all doctors, then you are likely to shorten your lifespan, which is a win for the system too. Because you will still have to pay Medicare and all other taxes spent on healthcare despite being unable to get any use from it. And while it may sound shocking, but in reality neither the government nor private businesses like health insurance companies want to see you living past your retirement age. Their ideal scenario is when people live, work and pay taxes and fees, and then die the moment they can't do that anymore, before they become older and therefore a higher cost for them.

Anonymous, 6 April 2022

A worrying tally, that's true.
In addition, if in the meantime the person was prescribed any medication, their personal data would also end up with a chemist. And if that was one the massive groups, such as Chemist Warehouse, My Chemist, Amcal, PharmaSave, Discount Drug Stores, National Pharmacies, Priceline or Terry White, that's several thousand more potential data access and leak points.

While the immortality of the soul is questionable, the immortality of our data is a frightening fact in the modern world. That's why people should be at least as fanatical and serious about guarding their privacy as they are about their faith.

Anonymous, 22 June 2022

"Where it is required or authorised by law" or "where the use or disclosure is required or permitted by that state's or territory's law" ... it really pisses me off to see these lines on every page that wants to snatch your personal information. What's the point of this lousy clause if we all know that the law requires, permits and authorises hundreds of organisations to access our private info? What choice are we given? To disagree? To opt out? Gladly! Can we then purchase a mobile phone without identity documents? Can we access all the government services we've been already taxed for without being told to create a mygov account? Can we submit tax returns in mytax without a phone number? Can we download any government apps without being forced to give our contact data to overseas corporations like apple and google? Can we unenroll from medicare and stop being taxed for it, to end its snooping through our health records? Can we refuse to fill the census? Or should the authorities just stop pretending that we have any privacy left?

Anonymous, 27 July 2022

Amazing that nobody's saying anything about this. But because we're constantly told to download this app or other by our banks, Medicare, Mygov, phone providers and so on, Google and Apple have obtained personal details of nearly the entire adult population!
Because we can't download apps without a Google or Apple account. And Google now wouldn't allow to create an account without a mobile phone number. And we can't get an Australian mobile number without identification....
Do you see where all this is going??

Anonymous, 30 July 2022

It's time Australians began voting for the parties and independents who are serious about privacy protections! Of course the lower house is hopeless, same old same LIB<=>LAB, both supporting the worsening situation with privacy violation and mass surveillance. But in the Senate there is still hope.

People please! don't be lazy before each election. Go to each candidate or party site, open the 'policies' page and search for the word 'privacy'. It's super quick and easy to do this. You don't even have to lift your bum off the couch. Just take a bit of time, do your research, and vote for those who truly stand for your rights, freedoms and privacy. Your and your children's future is at stake!

Ali, 8 September 2022

Here we are: Optus got hacked. And now thanks to Australian government's obsession with collecting data "to prevent crime", over 9 million Australians lost their personal information and have their identity in jeopardy. And why is it only Optus being blamed for this? If the government didn't require telcos to collect names, addresses, birthdates, driver license and passport numbers, there wouldn't be much for hackers to steal.

Angry Customer of Hacked Optus, 23 September 2022

How does this incessant data harvest and perpetual storage prevent crime??? It only facilitates it! When will our police state learn that the only 100% secure data is the data that you haven't been given to anyone?

Angry Customer of Hacked Optus, 23 September 2022

The hacked Optus is the consequences of govt's requiring ID for every phone number, and then requiring a phone number for everything else.

Mykaela, 25 September 2022

This government and telco data greed doesn't stop criminals and terrorists, but it aids them alright. If a terrorist wants to get a mobile phone, they will get it with a fake ID. And now they have 9 million stolen IDs to choose from! Only ordinary people suffer.

Anonymous, 26 September 2022

I'm bloody sick of this situation!!!! Everywhere they require that you have a phone number. Every government agency and most companies demand it. So you have no choice other than to get a number. And in Australia this means you have no choice other than giving a telco a shitload of your personal data. Then they store it forever and let hackers take it.

After this catastrophe with Optus the government should change their stupid laws. Either don't require phone numbers like they are compulsory, or let people buy prepaid phones anonymously.

Anonymous, 25 September 2022

The Australian government will never learn. Because they don't want to. Keeping everyone under surveillance is more important to them than the safety of their citizens.

Why can't we have prepaid SIMs anonymously? And if we must show our ID to get a SIM, then it should be sighted|checked but NEVER recorded. Otherwise we all will become victims of identity theft eventually because of our government's data greed.

It's a vicious spiral. First they asked everyone name and address. Then that information became public knowledge thanks to the AEC giving out electoral roll to everyone who wants it. So they began asking birth date and phone number. Over time this data got leaked|stolen|disclosed too. So they began asking ID numbers. This now got stolen by hackers as well. So what's next? Compulsory biometric data collection?? No thank you!!

Anonymous, 28 Semtember 2022

After this Optus hacking nightmare I had to replace my driver licence. And while filling the new licence form I began to wonder...why did driver licence application require the person's town and country of birth? I asked the government employee, and was told that it was just for identification.
But this doesn't make sense. They already have my name, date of birth and home address. This should be enough. I am convinced that for the purpose of driver licensing the place of birth is irrelevant. This information can only be used for deep surveillance and racial discrimination, and becomes additional data for hackers to get hold of.

Anonymous, 9 October 2022

Everyone is now talking about the Optus data breach and criticising the personal data collection by all other telcos. But nobody is saying anything about the grossly excessive data collection by doctors, medical practices, laboratories, centres and hospitals. This page seems to be a rare exception.

Any medical establishment has much more identity data than any telco, plus plenty of very private medical information. In many cases this data is entered and stored in patient management apps that are purchased overseas from shonky developers. And doctors get broken into by hackers all the time. But because each hacked doctor doesn't have 10 million patients, it all gets hushed and nobody attempts to curb their appetites for our data. I am convinced that Optus hack victims got so much attention and help only because 10 million people have been affected, including half of our government. But when hackers steal all your personal data from your local GP, nobody cares. Business as usual.

Why aren't Australians allowed to seek medical advice and medical help anonymously? If people can't use Medicare for that, ok. The government should at least let people do that by paying out of pocket. Enough of this medical surveillance from cradle to grave. The Optus hack showed us all that looking after one's privacy and personal data is just as important as looking after one's health.

Vanessa, 12 October 2022

Australian healthcare system does make an impression that collecting patient personal data is more important than respecting the patient's privacy and wishes. Luckily it so far hasn't implemented the UK model where each person has to register with one GP. In Australia people at least have the freedom to see several practitioners simultaneously if they so wish.

The fun continues. Now Medibank joins Optus at the cyber attack party. Another 4 million customers turned into potential hacker victims. First, our government blackmailed half of Australia's population into paying for private health insurance. Then the insurers grabbed customer money and personal data. And then they spent the money on idiotic ads instead of proper security.
I left Medibank 3 years ago and yet I received an attack warning from them. Why are they holding onto my data for so long? Especially if they are unable to keep it secure.
If the Australian government has half a brain, they should rewrite all privacy laws ASAP and mandate that all corporate dimwits delete all ex-customer data immediately after the customer had left. And by DELETE I mean wipe it out properly, without any chance or restoring it later. Not just mark it as 'hidden' or 'deleted' in their shonky apps.

Angry Customer of Hacked Optus and Super Angry Ex-Customer of Hacked Medibank, 14 October 2022

I've just received this message from Medibank, "Our ongoing investigation continues to show no evidence that any customer data has been removed from our IT environment. I want to reassure you we take the protection of your information very seriously, and this remains our key priority."
They couldn't make it more vague and useless.
The question isn't whether the data has been REMOVED from Medibank's environment. The question is whether it has been ACCESSED|COPIED|DOWNLOADED by the perpetrators.
I can well damn see that my info hasn't been removed from Medibank. How else have they been able to contact me?

Anonymous, 18 October 2022

I am totally pissed off by the advice given to data breach victims to set up a credit monitoring with Experian. To do that, you will have to give Experian more of your personal and contact data. And who will guarantee that it won't be stolen by hackers from there??

Anonymous, 18 October 2022

All companies and government services are data theft targets. All of them! And for us as customers it is their mandatory requirement to accept their "Privacy" Policy, which is actually designed to protect the companies and their sub-contracted third parties, not the customers!

We are given no choice but to hand over our personal data to those companies. And when ('when', not 'if'!) it gets stolen, we hear nothing but useless apologies and excuse stories.

Tina, 19 October 2022

After downplaying the impact of the breach, Medibank have finally revealed that the highly sensitive data their customers trusted them with has in fact been accesses and copied by hackers.
The most upsetting thing about this terrible incident is that out of 3.9 million Medibank customers, the majority were basically financially bullied by Australian government into taking up private health insurance. Under threat of Medicare levy surcharge, these people were forced to give their money and personal data to health insurance companies.
And now what we've got?
* The members of Australian government who came up with this policy now either have lucrative jobs or are comfortable retired.
* Medibank made billions.
* The government offloaded their healthcare spending while retaining and even increasing Medicare taxa.
* And ordinarily Australians lost their money, their personal data, and most likely also their safety for the rest of their lives. Because once personal data is stolen, nobody can know when, where and how criminals are going to use it.

Angry Customer of Hacked Optus and Super Angry Ex-Customer of Hacked Medibank, 20 October 2022

Unfortunately this seems to be the case. People are essentially forced into getting a phone number, because almost every company and government entity requires it as mandatory. And those with certain level of income are financially penalised by the government if they don't have private health insurance, which means that they are more or less forced into it as well. In Australia it means giving a lot of identity data to the companies like Optus and Medibank, where the data not only isn't protected properly, but it also looks like it isn't deleted when no longer needed, thus compromising the safety of ex-customers as well as all current customers.

And I am glad that I refused to pay my Medibank premiums via direct debit. Medibank contacted me several times trying to convince me how "convenient" that would be. I said NO and insisted on yearly invoices. Now I know that at least my credit card details haven't been stolen from Medibank, because I have never given it to them. Although of course a credit card can be easily changed, unlike name, address or date of birth. But it's still wise to protect every bit of data whenever possible. If the government and corporations can't do it, then we have to. And the most effective way for us to do it is to refuse to give out in the first place.

FC, 22 October 2022

It looks like Medibank had our data stolen from all its numerous brands. I am so angry about this! And I would really like to see every responsible member of Medibank staff to be held accountable, from the minor cretin who let his/her credentials to be stolen, all the way up to the CEO. Same for Optus and every surveillance-obsessed member of the government who mandated that telcos should collect and hold onto our data. Ideally they should be forced to have all their personal data published online, for all hackers and scammers to help themselves. Then they will understand how it feels to live for the rest of one's life in fear that at any moment someone can misuse your identity, rob you, or commit any crime in your name. The same should also be done to every member of the government who instituted this forced private health insurance system. Don't those corporate and political shysters get that it is impossible to compensate someone for the loss of their identity?

Angry Customer of Hacked Optus and Super Angry Ex-Customer of Hacked Medibank, 25 October 2022

Today's news: "Medibank has confirmed the criminal entity behind the cyber attack on the company has access to personal data and health-claims data of about 4 million current customers, and countless former ones too."
Why? Why?? Why??? Why do they keep the data of countless former customers?!
It seems that in Australia if you want your data to be safe, you should never ever take out private health insurance or give your data to any company at all. Because ditching any one of that shitty bunch later is not enough. They never delete your data. They hold onto it forever. And as long as they hold your data, your privacy will always be in danger.

Angry Customer of Hacked Optus and Super Angry Ex-Customer of Hacked Medibank, 26 October 2022

This hacking business with Medibank is terrifying and extremely distressing.

All my life I have been super careful with my data. I took great care, and so there has never been a shred of my personal information online or in wrong hands. That's why I have never had any problems with scam, spam, or theft. I have never had to worry. Until now. All because I was forced by our own government to get health insurance and give my personal data to Medibank. And now Medibank by its gross negligence ruined it all.

I am also deeply insulted by Medibank's word play and corporate trickery during this whole incident. In every message they emphasise how transparent they decided to be. But the truth is that they didn't _decide_ it. The law requires them to. And they haven't been transparent. They have been downplaying the damage until they no longer could. Their definition of "no evidence that the data had been accessed" was that they hadn't had the hackers to prove it to them, not that they carefully analysed their system and were absolutely sure of data safety. What kind of security is that, to rely on hackers to prove the fact of daat theft??!!!

Now I wonder what else might have been stolen from them and all other companies over the years without anyone even knowing. Maybe that's why Australians get scammed so badly all the time. Corporations always blame ordinary users for that, while in fact the main threat to our data are our government and so-called legitimate businesses.

Anonymous, 26 October 2022

Now it looks like it's going to be a finger-pointing performance over the stolen data of ex-customers. The government reproaching Medibank and Optus for slackness and shitty security. While Medibank and Optus saying that the government required them to keep old data for years. Meanwhile the ordinary Australians have to wade through the shit all those well-paid bloodsuckers created.

Angry Customer of Hacked Optus and Super Angry Ex-Customer of Hacked Medibank, 27 October 2022

Perhaps if data security had truly been taken seriously by those companies and by the government, the former customer data would have been kept in a separate isolated system not connected to the internet. It would have satisfied the legal requirements, and at the same time it would have protected thousands of people from this disaster. But unfortunately the ultimate focus always seems to be on hoarding more data and making bigger profits.

In addition, if it is the Health Records Act that requires health insurers to hold onto former customer data for at least 7 years, it still doesn't explain why the data of those former customers who had never made a claim hadn't been deleted. The records of those customers do not contain any medical information, and therefore shouldn't be kept under the excuse of the Health Records Act.

One would think that if those companies really cared about customer data safety, such critical identity data as passport numbers, driver licence numbers and Medicare card numbers would be either kept in a totally isolated data storage or not kept at all.

These number are either no longer needed after the initial identity check, or only needed extremely rarely for serious criminal investigations. And for such serious cases someone should be able to move their ass and retrieve the data for the police from a physically isolated secure storage.

And for medical insurance claims, Medicare number should be asked when the claim is made, and then immediately deleted once the claim has been finalised. Hackers can't steal the data that has been thoroughly deleted!

Those companies made their billions, but we have to live in fear that someone may take out a loan, or open a bank account, or commit some crime using our names. Because the criminals now have sufficient personal data to do any of that at any moment.

Anonymous, 2 November 2022

I've never had more than one random opportunistic scam call per month. Now thanks to Medibank and to the government policy that forced me to take out PHI I am inundated with targeted scam! Dozens of calls every day. And they all know my full name, date of birth, home address, etc.
"The information was obtained after a criminal stole a password and username from someone with the ability to gain access to all of Medibank's customer data."
So how about we get to know who that 'someone' was, how that imbecile let their password to be stolen, and which superior imbecile hired the first imbecile for such a responsible position. And so on. All the way to the top.
They think that working for a large company that sits on the personal data of millions of innocent people is all about big salaries. They forget that it also requires solid qualifications, relevant experience and huge responsibility. They think that some lousy MBA degree and experience in sales or project management makes them experts in IT security. Clueless corporate parasites!

Anonymous, 9 November 2022

Uhuh, that's Australia's fair go. Forced to pay Medicare, forced to pay PHI, and now afraid to use either of them fearing that your private&medical info can end up in the hands of criminals. 100% profit for the govt and their mates at PHI.

Anonymous, 10 November 2022

There are class action processes against Optus and against Medibank. The problem is that in our anti-privacy and anti-individual-rights country those actions will either achieve nothing, or the offending companies will simply increase their prices and make the remaining customers repay back the money lost in fines and compensations.

S., 12 November 2022

Got this from Medibank today:

"Confirmation of data stolen in recent cybercrime
"Dear ***,
"We're deeply sorry to inform you that some data relating to your membership has been stolen in the recent cybercrime event. Based on our investigation, we can confirm the following data relating to your membership has been stolen:
• first name and surname
• gender
• date of birth
• email (where you have provided it to us)
• address
• phone number (where you have provided it to us)
• policy number
"We believe data that was stolen has been released by the criminal on the 'dark web'. The dark web is a closed online network, often accessed for criminal purposes. We strongly advise all affected customers to take the precautions outlined to safeguard their online identity. We recognise the distress this may cause you and we apologise."

The most insulting are those 'where you have provided it to us' remarks. As if Medibank gave us any option NOT to provide that information!

They made it MANDATORY to give them my phone and email! Otherwise I would have never given it to them.

I never ever give any of my personal data unless I am forced. That's why it all has been safe and secure until Optus and Medibank let the criminals take it. So now I am getting a barrage of scam calls and messages every day. And I am sure that millions of other victims are in the same situation.

And yes, big thanks to Medibank for the idiotic advice! I was perfectly capable to keep my data safe and secure until:
• We were forced by our government to buy this insurance
• We were forced by Medibank to give them our personal data
• We were forced to pay hefty premiums
• The corporate greed of Medibank spent more money on marketing than on security.
And now all we get are insincere corporate apologies and idiotic advice that it is now our responsibility to protect ourselves from criminals.

Angry Customer of Hacked Optus and Super Angry Ex-Customer of Hacked Medibank, 14 November 2022

Yeah yeah now we are getting a smokescreen of excuses. Now Russian hackers are to blame, not the morons from Medidumb and not the Aus govt. Did they really think that sitting on the personal data of 10 million people only means big profits? They've obviously forgotten that it also means big responsibility and an obligation to have top-notch security.

Anonymous, 16 November 2022

Totally agree! I am really getting pissed off with Medibank's and Australian government's fingerpointing at Russian hackers. What, didn't they know before that hackers exist, Russian or otherwise???

Hackers can only steal what's not secured properly. And in this case our data has been stolen only because Medibank grabbed it AND failed to keep it secure. And the Australian government is guilty of forcing PHI onto people and of not having proper legal protections for our personal data.

Angry Customer of Hacked Optus and Super Angry Ex-Customer of Hacked Medibank, 17 November 2022

Thanks to the morons at Medibank all our personal info is now available on the dark web! I can really confirm this! I have just received a scam email to the email address that I have ALWAYS used ONLY for the Australian government and Medibank! Nobody else had ever known it and I had never had any spam or scam there. Never. Until MB morons let it become known to all criminals in the world!

Jul-, 4 December 2022

@Jul-: Same here. I began getting spam and scam to the email that I have ever only given to myGov, Medicare and Medibank. I have always been super careful with my privacy and my personal information. I specifically had this one "safe" email, so that I could be sure that everything that comes to it was legit. Not anymore. Thanks f*ing Medibank!
It doesn't matter how careful and responsible a particular Australian citizen is. Australian gov and/or corporations will f*ck his/her privacy & safety up.

Anonymous, 5 December 2022

Folks, beware! Now that thanks to Medibank and Optus all scammers on this planet have our phone numbers and home addresses, they became very cunning.

Because these days most people don't answer call from hidden numbers, and because Australian telco allow any scammer to show anything in the caller ID, the scammers have long been using caller ID spoofing. They simply picked any random number, sometines accidentally belonging to an unsuspecting individual in Australia, and other times totally fictitious, and showed it as their caller ID. Until now, scammers usually used Victorian and NSW landline numbers or Australian mobile numbers for these purposes. But smart people quickly learned not to answer interstate or out-of-town calls if they weren't expecting one.

But now, because Medibank and Optus provided the whole dark web with our full personal details, scammers have got a new trick. They began spoofing phone numbers that are geographically close to your home. I have never experienced this before, but in the past few days I have been getting numerous calls from all sorts of local numbers. Some belong to hotels, restaurants and other businesses in my area, others are just private local numbers. I have never given those places my contact details. In fact, I have never visited most of them. But after googling each caller ID I could see that it belonged to some place nearby.

So scammers now take your home address, find places that are close to you, and then start calling you pretending to be from those places. To many people such calls may appear more legitimate. They may be thinking that it's their doctor, dentist, childcare, school, accountant, etc is calling.

Please folks, be careful! Don't get fooled. Since Australian businesses and Australian government supply scammers with our data instead of protecting us, we have to do everything to protect ourselves.

Malcolm, 8 December 2022

Thank you Malcolm for this detailed warning!

I feel so distressed and let down by Optus, Medibank and the Australian government! I thought I was the most careful person and that my personal information was really safe, because:
- I have never used any social media.
- I have never had any avoidable online accounts with any commercial entities, not even apple or google.
- I have never "subscribed" for anything or anyhow shared my data with anyone online or in person.
- I have made sure that all my family and friends are very careful with all their personal data too.
- I have never given any of my personal information to anyone, except where I was forced by Australian laws, like giving my details to telco, insurance companies, banks and some government departments (e.g. for driver licensing).
The result: over 2 decades of perfect safety. Until Optus and Medibank screwed us all up big time. Now I am bombarded with spam and scam. I am absolutely devastated. This damage is irreparable.

Anonymous, 8 December 2022

Privacy issues with the Australian Bureau of Statistics, Australian Census, Household Surveys and data linkage

Until the 2006 census, the ABS was removing people's names and addresses when census processing was completed. In those circumstances, very few people had issues with being an anonymous piece of aggregated information, i.e. statistics in its true sense. Once the personal information was irreversibly destroyed, people knew they had a guarantee that their data could not be misused in the future. The census really was what it was created to be: a snapshot of anonymous population.

On 18 December 2015, just before Christmas, when everyone was busy with other things and least likely to keep an eye on bureaucratic news, the ABS published the following announcement on its website:

The Australian Bureau of Statistics has decided to retain names and addresses collected in the 2016 Census of Population and Housing in order to enable a richer and dynamic statistical picture of Australia through the combination of Census data with other survey and administrative data.
Whilst the Census has always been valuable in its own right, when used in combination with other data the Census can provide even greater insight.
... The combination of Census data and health data can help improve Australia's understanding and support of people who require mental health services and assist with the design of better programs of support and prevention.
This decision has been informed by public submissions, public testing and the conduct of a Privacy Impact Assessment.

www.abs.gov.au

Informed by public submissions? Public testing? You are the public. Have you been duly notified of this significant change? Did you get to test it and agree with it? Have you been given a fair chance to lodge a submission? You can make your own conclusions about how much your opinion really matters to the ABS.

Getting informed by public submissions ABS-style was done as follows: on 11 November 2015 the ABS published a media release on its site saying that it is considering the retention of names and addresses as a key enabler for improved household surveys and high quality statistics, and gave the public until 2 December to respond. Those who managed to discover this release and respond in time were most likely the people who worked in the industry, made a living out of the ABS data, and naturally knew where and when to look. Naturally, such people and organisations had high interest in supporting data harvesting and privacy invasion as far as it could possibly go.

Whenever there are concerns about or opposition to a new method of intrusion of individual privacy, we hear the same response: the decision to do so followed an extensive public consultation process. How many people find it easy to obtain information about such public consultations taking place? Or, more importantly, how many get to see the contents of all the submissions to a certain public consultation? It cannot be called an “extensive public consultation” if very few know about it, and the opinions of those who disagree can be dismissed without any accountability. Unless these consultations are widely advertised and the contents of all submissions are made public, the statements about extensive public consultation process are just a facade.

Moving towards the 2021 census, the ABS became quite bold about transforming the census from an anonymous snapshot into an ongoing and far-reaching data-matching operation. With the voice, rights and freedoms of the entire population curtailed by the covid-19 pandemic, the ABS could openly state that they will keep all personal data and will locate and link records pertaining to the same individual from multiple data sources, such as Australian Taxation Office, Department of Education, Department of Health, Department of Human Services, Department of Social Services, etc. This meant that your health records, pharmaceutical prescription data, tax file, Centrelink file, children's school records and other information can be accessed, combined, analysed, stored, added to from other sources, shared and used without giving you any say in the matter.

The Australian Bureau of Statistics has become an Integrating Authority under the Commonwealth data integration arrangements. As such, they got an ongoing access to the data in the Medicare Consumer Directory, Centrelink Administrative Data and Personal Income Tax. The identifying details of every person who had been entered into at least one of these databases since 2006 have been harvested and added to the Person Linkage Spine, which is continuously updated and augmented, keeping track of the changes of names and addresses of each person. The Spine is then used for Multi-Agency Data Integration Project (MADIP), renamed into Person Level Integrated Data Asset (PLIDA) in 2023, which links the information form the census, household surveys and a multitude of other sources: Australian Taxation Office; Department of Education, Skills and Employment; Department of Health and Aged Care; Department of Home Affairs; Department of Social Services; Services Australia. This provides whole-of-life insights, combining information on health, education, government payments, income and taxation, employment, and the census collected over time about each person.

Some would say that if the government wants to link all the data about each person, even against the will of the public, it might be better done by the ABS, as they are obliged to provide at least some privacy protections. However, the problem with giving such task to the ABS is in their unprecedented powers and capabilities: they now have access to the most comprehensive databases containing personal data; they also have extremely powerful technical means for infinite data linking, analysis and storage; and they have the unique powers to force private individuals into answering almost any personal questions. No other government agency is allowed to do this. Imagine if the police had the powers to interrogate anyone about anything at any time for the simple reason that it randomly chose the person? It would immediately be apparent that something was drastically wrong in Australia. Yet when the ABS does it, the public is supposed to accept it.

In 2022, the so-called DATA Scheme was introduced by the Australian government — a Scheme for sharing Australian Government data, which encompasses all data lawfully collected, created or held by a Commonwealth body, or on its behalf. This essentially means that any information about an individual and their personal life collected by the ABS, including collection under compulsion, becomes “government data”. The ABS is of course a participant in the Scheme. Their survey information now says, The ABS may share information it collects as part of the DATA Scheme, established by the Data Availability and Transparency Act 2022. The ABS will only share personal information through the DATA Scheme with the written approval of the Australian Statistician. Does this mean that now our personal data is not only kept, but can also be shared whenever the head of the ABS decides to do so?

The ABS tried to avoid public otrage by promising that it will remove names and addresses from other personal and household information, store them securely and separately from other census information, that they will never be recombined, and that the ABS never has and never will release identifiable census data. If these promises were true, if names and addresses will really never be recombined, released or used for any other purpose, why keep them?

Hackers do exist, and so does the possibility that the government can change the legislation or amend any policy at any point in the future. A new law may allow the data to be treated less securely or released without de-identification. There is no law against changing the law! There is no law that could permanently protect the privacy of individuals who were forced to hand their personal information over to the ABS. No one can guarantee that at some point in the future the ABS will not be told to release all the confidential data it holds, or to track people down under some vague pretext like “national security”. And with the new trend of keeping data forever, it will not only affect the data collected at the time, but will also jeopardise the security of decades of linked data from the past.

If the ABS were truly anonymising our information instead of keeping it behind some semi–de-identification in a separate file, there would be no such danger: one cannot release the data they don't have, no matter what the new law or the government says. Unfortunately, the ABS is doing the opposite: instead of future-proofing the security of our private and sensitive information, it routinely proposes to retain more identifiable data and to merge census data with information from birth and death registers, immigration data, disease registers, health records, tax files, and its own surveys.

This, without doubt, is the most significant invasion of privacy ever perpetrated on Australians by the ABS. What is motivating me is that as an Australian citizen I am appalled that the ABS can think it can use the threat of prosecution to make me provide data that allows the ABS to set up, what is in effect, a ‘Statistical Australian Card’.

A letter by Bill McLennan, head of the Australian Bureau of Statistics 1995–2000

The ABS undermined the vital trust of the public in the government. Without this trust, no free democratic society can function. This trust is very fragile, and, once damaged, can take a lifetime to restore.

The ABS seems to be disregarding the fact that whenever a rich source of data exists, there will always be agencies seeking access to it. And some of those agencies are very powerful. The ABS also seems to be ignoring the fact that until now they have been able to collect the information and develop a reliable set of statistics only because the public had confidence in it. The introduced changes that impact privacy will inevitably erode public confidence and decrease the reliability of the collected data. The ABS already had to resort to compulsion and coercion to force the participation of some individuals who were avoiding census and surveys because of fears for their privacy and security. What's next?

The ABS says the compulsion is necessary for creating a population sample that provides a balanced and unbiased representation of all population of Australia. Yet the very same ABS was using census and survey forms with carefully arranged and worded questions to get certain answers.

For example, the question about religion, What is the person's religion?, actually presumes that the person has a religion, and induces to select from the list a religion the person was taught at school or grew up with, even if they no longer actively practise it. The “no religion” answer option was buried under a long list of common religious affiliations and several empty lines dedicated to the “other” answer option. Millions of people could easily miss that option.

The result of such bias-inducing design wasn't only in that it made Australian taxpayers over-subsidise religious institutions, but it also exaggerated the religiousness of Australian population and allowed religions to influence political decisions in such secular areas as public health, which, for example, made Australia to remain one of the last developed countries where abortion was still the subject of criminal law until 2021!

If the ABS had been truly seeking an unbiased representation of Australian population, the question would have been worded Do you practise any religion? and the “no” option would have been put first, above the list of various faiths. The truly devoted, religious people would have had no trouble skipping the atheistic answer, while the people who are not seriously religious would not have been confused. Thus the ABS's claim that the elimination of bias is important to the point of justifying coercion doesn't hold up.

Only in 2016, after years of criticism and public campaigns, the ABS finally moved the “no religion” option to the top of the list in the 2016 census, and immediately, for the first time in the history of Australian census, the “no religion” answer outnumbered the believers in every religion. This proves the point: the ABS appears to be very concerned about bias when people are defending their privacy, but had no problems with the bias of its own creation.

In addition to the 5-yearly census of every person in the country, the Australian Bureau of Statistics conducts a number of surveys that require more information from individuals, and that the bureau claims are, again, compulsory: Monthly Population Surveys (MPS), Australian Health Survey, Income and Housing Survey, and many others. The ABS selects the “victim” households, dispatches a letter addressed “to the householder”, and from that point the tenants of the dwelling have little choice but to let their private lives become government property or be prosecuted.

These surveys can be lengthy, spanning many months, inconvenient, and very privacy-invading. People have no right to say ‘no’ to protect their own personal data and their family from potential risks of misuse, identity theft, leaks or hacker attacks. There is no choice and no exit, because the ABS enjoys the power given to it by the antiquated Census and Statistics Act 1905 to issue Notices of Direction, to force people to supply the information and to threaten them with exorbitant fines, courts and jail sentences.

The ABS claims that the surveys must be compulsory for each “chosen” household in order to provide a balanced representation of all households in Australia so that the estimates made from the data reflect, as closely as possible, all households. If some households do not participate, this may result in one type of household being represented more often than another type, which may result in biases in the data. But, as shown above, in reality the ABS not only doesn't mind bias, it can deliberately create it and persist with it.

The ABS also likes to stress that they rely on willing cooperation of the selected householders. Though it is unknown how willing any consent can be if people have no choice, and threats are used. It is also unknown how many people are willing to give honest answers when they are being coerced and their personal information is cross-checked and linked. Voluntary participation can bias the results of surveys, but wouldn't coercion and intimidation make it even worse? Most people can give honest answers only when they can be sure that their identity is absolutely and irreversibly safe, which sadly is no longer the case when the ABS is involved.

*, 3 January 2023

I could not believe that Australian government has made Australian ETA app mandatory for tourist and short-term visa applications. This is a shameful and totally stupid decision by our government. Zero consideration for the elderly, the people who don't have a compatible device, and the people who what to protect their privacy and not be forced into signing up for Google or Apple just to able to download this app.

Judging by App Store and Google Play reviews, this app is buggy, extremely difficult to use, and demands unnecessary permissions such as location. At the very least, Australian government should bring back the website alternative for ETA applications, like New Zealand does. But so far, the attitude of Australian Department of Home Affairs is, "Can't use the app? You can't get the ETA!" This is modern day electronic discrimination and one of those occasions when one feels ashamed for one's own country.

Sincere apologies to all those people who wanted to visit our beautiful country and were unable to do that because of this moronic app mandate.

Anonymous, 26 January 2023

That seems to be unacceptable indeed.
At least —for now— they have ditched that disastrous Digital Passenger Declaration app and went back to paper Incoming Passenger Cards. These work fine for everyone who can write. No Apple, no Google, no glitches, no hackers.

All the the time we are fed the same bullshit mantra that "organisations must take reasonable steps to ensure the personal information they hold". Same bullshit that applied to Optus, and to Medibank, and to all other data-greedy corporations that got hacked. And what? Were the guilty named and got punished? Were the victims duly compensated? Did anyone get their safety and privacy back? Nope! Optus and Medibank keep making millions of dollars by exploiting us and our data, while we now have to deal with a barrage of scam calls and text messages every day.

When someone in the government decides that it's a good idea to collect everyone's data, put it in the cloud and share across multiple systems and governments, too many people get access to all that, making it an excellent target for hackers.

When you have all your personal and biological identity compromised and your life destroyed, it doesn't matter whether the organisation "took reasonable steps". After such breach you can't have your life back, ever.

You can cancel your credit card, you can change your password, but you can't change your name and date of birth every time one of those swines get hacked, and you certainly can't replace your face.

...Not to mention the country-wide facial recognition database with our biometric data that our caring government assembled from all our driver's licence photos kindly provided by the state governments. The pretext was of course to enable the police to combat crime. But in reality it is for mass surveillance and population control.

You can test it yourself next time when someone snatches your bag. Even if that person's face is clearly recorded by CCTV cameras, nobody will be found. Police will find nobody. Absolutely. Nobody. But just you try to do anything in protest against the abuse of our rights and civil liberties, and the police will immediately find who you are and where you live.

The primary reason why the state wants our biometric data is for surveillance and control, not for the wellbeing of individual citizens.

Anonymous, 12 February 2023

Would be interested to get your take on the new requirement to register a personal account in order to access the ABC's iView on-demand services.

Andre, 15 February 2023

I think that the ABC iview account requirements were intrusive, unnecessary (which in an ideal world should have made them illegal under the Privacy Act), and created yet another potential place for hackers to break into.

If the ABC wants to provide extra features that require user identification and tracking, such functionality should be offered as optional and voluntary, not mandatory.

As I could not agree with their new mandatory sing-in policy, I had to stop using ABC iview the moment it was locked behind a sign-in. Now I am just paying for this service via taxes while being unable to use it.

Companies must be gaining something from having their apps downloaded instead of their websites visited. Every social media and streaming service is deliberately making their websites completely useless on mobile so you have to download the app. These apps take up space on your phone, they drain your batteries, and they track you.

Anonymous, 4 March 2023

Australian government's requirement to use their ETA app for tourists is downright cruel. My mother is 87. She barely knows what an app is! How is she supposed to download, install and use this ETA app that even some IT professionals have trouble using?! When the old application form was on the website, we could do it for her. But the app must be used by the applicant because it logs the location and takes a photo of the person in real time.

She wants to visit us in Melbourne for a few weeks, most likely for the last time in her life, to see her grandchildren and the little great-grandchildren. Now she either has to apply for a different visa that requires much more paperwork and hassle, or we have to travel to the other side of the planet with two toddlers and a newborn! But the government doesn't care. They've made their app and they are determined to force it onto people no matter what.

Anonymous, 20 March 2023

The only entities that benefit from compulsory apps are Apple and Google (because they control all app accounts and downloads), advertisers (because they can track you and bypass ad-blockers), and the surveillance arms of the government (because a user has much greater privacy options in a decent desktop browser, whereas an app can simply refuse to work unless it gets full access to all user files, contacts and location).

Anonymous, 29 March 2023

I have an old iPhone. I use it only for calls and text messages. No apps. And up until now everything was fine. But now an Australian entity is forcing me to install their app.
They say, "it's just one app and it's free!"
But it doesn't matter if it is just one app or ten. To let you download any app, Apple demands an Apple ID. And to create that "free" Apple ID, they want my full name, date of birth, home address, email address and phone number! My personal data is the real price for their "free" ID and their "free" app.
How is it even legal for Australian government and Australian companies to force Australian citizens into giving so much personal information to a foreign company?!
And what if Apple gets hacked, like Sony was, like Opus was? Then what? How will Australian government give me my security and privacy back?

Anonymous, 12 April 2023

The requirement to download an app always presumes the ownership of an Apple iPhone or Android device. This is a very unfair and monopolistic view. It discriminates against all people who don't own such devices.

Ian White, 19 April 2023

Apple Inc is really infuriating me with their lies and bullshit. They advertise and tout that user privacy is the centre of everything they do. But in reality they belong to the same spying brigade as Google, Microsoft and other corporations, telco and governments. And it's getting worse.
Some years ago it was possible to create an Apple ID without a phone number. Now Apple made phone number mandatory.
So to get a new mobile number with Optus, it is mandatory to download Optus app. To get the app, it is mandatory to create an Apple ID. And to create an Apple ID, it is mandatory to give them your phone number! Catch-22. For f***'s sake!
I chose iPhone over Android because I didn't want Google spying on me 24/7. But unfortunately I was too naive to believe that Apple and its iPhone would be any better.
I really hope someone takes this corporate mob to court for extortion, privacy abuse and creating a monopoly.

Anonymous, 3 May 2023

Unfortunately Apple doesn't seem to regard its own harvesting of user data as an intrusion of privacy:
• Apple demands users to create an Apple ID even just for downloading free apps;
• Apple device users are forced give their full name, date of birth, email address, phone number and home address to Apple for the mere access to apps, which they often neither need nor want, and have been forced to download and use by their bank, their telecommunication provider, their government or some other entity that doesn't care about user accessibility and true privacy;
• to take advantage of full iPhone functionality the user must be permanently signed into their phone thus placing themselves under permanent tracking and surveillance;
• Apple uses everyone's iPhone for tracking and mapping even when the user signed out and disabled all location services (just go to iPhone Settings > Mobile Data > System Services and marvel at how many megabytes Mapping Services pull out of your phone even if you have disabled all location services and all tracking features, and how much of your data is used by other iOS services, even those that you have never used);
• Apple still doesn't offer a way to opt your WiFi network out of data gathering. Even Microsoft and Google offer the "_optout_nomap" directive to add to your WiFi SSID to stop their data collection. But Apple doesn't abide by this policy, ignores these directives, offers no other option, and grabs data about every WiFi network, not just Apple users.
All this leads us to the logical conclusion that Apple's marketing about user privacy is just that: marketing.

Medicare aka Services Australia is by far the largest spying and surveillance agency in Australia. They have the most money because they take a portion of everyone's income regardless of whether the person uses them or not, and they collect data on everyone. They take 2% of everything you earn, pay back a pittance, and harvest all your very private medical and personal information. And they share your data with many other agencies. I know this for certain because I once changed certain details in Medicare only, but soon many other agencies had my new information too. I was even contacted by some poxy researchers who obtained my new data from Medicare. They knew my name, home address, other contact details, and they knew which medical tests and procedures I had done. I had never heard of those researchers before, and have never been given any opportunity to prevent this outrageous invasion of my privacy. Now I have zero trust in Medicare. I wish I could un-enrol from Medicare, make them delete all my data, and put a stop on their stealing my salary.
I also absolutely hate how the whole system is set up. Hardly any doctors bulk-bill now. So you end up with huge out of pocket expenses on top of what Medicare had taken from you and what you have been forced to pay to private health insurers. And you have to pay the whole amount immediately, then give Medicare your bank account details to get a fraction back.
If they really wanted to lower your medical bills, why not let you pay less straight away? Guess why not? Because then they may not get the detailed surveillance report on where and when you go, about which doctors you see and which exactly tests and procedures you have done. People would probably use pseudonyms for most medical appointments, to guarantee their own privacy. But with Medicare you get no privacy. Your medical history and your personal data is in their hands and is shared with others.

Anonymous, 7 May 2023

Isn't the real purpose of all ETA and ESTA to collect personal information on ordinary law-abiding people for subsequent discrimination? It has nothing to do with real crime or terrorism. Because when security agencies have substantiated suspicions that someone is linked with crime, they don't need any eTA to deal with that person.

And now sadly Europe is about to jump on this bandwagon with their ETIAS. The only reason why authorities would ask about your place of birth, birth name and the names of your parents is for ethnic profiling, stereotyping and discrimination. They of course swear that such discrimination is illegal and is not going to happen. But what else would they want that information for? There is no other use for it, because nobody can choose where to be born and to whom. So if these countries are not going to use that data for their travel authorisation decision-making, why ask for it? Full name + date of birth + current citizenship + match of the photograph are more than enough to uniquely identify any individual. And the countries that in addition to this also harvest fingerprints have no excuse here at all.

The most worrying thing about ETIAS is that a database that is shared between 30 countries and accessed by millions of bureaucrats, border force employees, security and surveillance agency personnel cannot possibly be kept secure. It will inevitably be abused, breached or hacked, leaking personal information of thousands of expatriates and political refugees to murderous dictatorship regimes. And because those victims are not citizens of the countries that had their ETIAS system breached, they will get no help and no protection.

Elias, 8 May 2023

Does anybody know if Amaysim has any plans to stop forcing their app onto those who need international roaming?
Do they have any plans to sell their roaming packs via the account on amaysim.com.au that we can access with a normal web browser without installing the app?
Or is there any other way to get international roaming packs from Amaysim without downloading their app?

Chaz, 11 May 2023

July 2023 update: the app is no longer required. Amaysim have added the international roaming feature to web user accounts on www.amaysim.com.au (new self-service beta). Big thanks to everyone who made an effort to send their feedback to Amaysim and thus caused this positive change!

According to what some Amaysim users say, here is how you can get Amaysim international roaming packs without downloading the app:
1. Decide which roaming pack you want (do an online search for Amaysim Critical Information Summary International Roaming Packs PDF document and see which pack suits you best).
2. Add sufficient funds to your Amaysim credit (you can do that with recharge vouchers, direct deposit via BPay, or a bank card payment in your amaysim.com.au web account).
3. In your amaysim.com.au account, go to yor SIM plan settings and enable international roaming.
4. Contact Amaysim support and ask them to add the roaming pack for you.
5. Enable international roaming in your phone settings before you leave Australia.

Be super patient with amaysim.com.au website — it is veeery slow and sometimes buggy, but it nevertheless is good to have this alternative to being forced to use the app.

From Amaysim replies to similar user requests on sites like ProductReview, it sounds like they may have plans to make international roaming packs available via My Amaysim (amaysim.com.au) web account. However it is impossible to tell whether those are real plans or just empty promises aimed to appease the users and buy some more time to ride out the problem.

Either way, it is worth contacting Amaysim with your feedback and request them to stop forcing people into downloading the app. All the vital features that are available in the app must also be made available in the web account. The more people tell Amaysim about this, the higher is the chance that the app will become an option, not an obligation.

I think that this obsession with place of birth data is excessive and suspicious.
I once enquired at Queensland Transport Department as to why their driver licence application form wants to know the town, state and country of birth. How could this data possibly be relevant to my ability to be a safe driver? I can only see it being used for racial discrimination and surveillance. Otherwise what are the chances that a person with identical full name, identical date of birth and identical photo appearance lives with me at the same address?
One of their muppets actually responded, "It is for identification purposes only! For those rare freak cases when parents give their twins the same name."
I then asked whether he truly believed that in such cases the town/state/country of birth would be different and would actually help to differentiate those twins.
The muppet found nothing to say to that.

Anonymous, 18 May 2023

It's the same shitty situation everywhere. Every entity collects maximum information, but not for your benefit. Only for spying on you.

For example in banks. For international transfers, in addition to the account number (which of course is a perfectly legit requirement), they also want the beneficiary's full name and home address. What for?

The bank terms say, "We don't check names against account numbers. We won't be responsible and accept no liability for any transfers that are not sent to the intended recipient because incorrect details were provided."

So why do they demand the full name and address? Not to prevent mistakes or to make sure that you don't lose your money. They want that information only for spying on everyone!

Anonymous, 3 July 2023

Many countries introduced travel authorisations during the Covid pandemic. Allegedly only for health protection reasons, to deal with the virus. The pandemic is now well over, but of course all those authorisation requirements remained. So obviously the pandemic was only a pretext for installing these systems that increase data collection and surveillance of ordinary people.

Anonymous, 7 July 2023

I once had digital scales that required an app. Can you believe it??? The big brother wants to know how fat I am :))))) I didn't look properly when I was buying that shit, so I didn't notice that the f***ing scales won't work unless I download their app and give them my data. I immediately dumped the scales in the electronic waste bin when I discovered that. F*ck that shit!

Martin, 13 July 2023

I would add: be super careful with doctors, medical centres, pathology labs and the rest of them healtcare lot.

For example, optometrists obtain customer details under the pretext of being “healthcare providers” under the Health Practitioner Regulation National Law (which, by the way, says nothing about personal data collection and usage), and then use that data for marketing and spam. The customers are rarely given a clear choice of not being included into the mailing lists, or for their data not to be shared with numerous third parties, including mailing list services, which often are foreign third parties. The only option is to opt out once the spam starts coming. Unfortunately, opting out at that stage doesn't erase personal data from the marketing databases or stops its further disclosure and misuse, it only stops the unwanted communications, sometimes only for a limited time.

Even one short visit to a GP can lead to the collection and sharing of the patient personal information quickly spiralling out of control. In addition to the doctors practice, personal data, including full name, date of birth, contact details, medicare card number and bank account details, is often entered into an appointment management system that is owned and operated by a commercial third party, such as HotDoc. If the patient needs any tests or diagnostic imaging, their personal data goes to laboratories and diagnostic centres too. Pathology laboratories have become almost monopolies in recent years, and now set their own rules that are designed for their convenience, not for the privacy of the patients. For example, even if the patient elects to fund the test out-of-pocket, to avoid Medicare surveillance and preserve their privacy, the laboratories refuse to accept cash payments and insist on collecting an extensive range of personal details, to make sure that the patient doesn't get any change for pseudonymity or anonymity, despite Australian Privacy Principles saying that it is the patient's right. The Medicare acts as a perfect surveillance and data linking tool for the government and the medical system. If the person discloses their Medicare card number, the nature of each appointment, procedure, test and medication prescription becomes known to the government. And if any test or procedure has any potential relevance to one of the cancer screening programs run by the Australian government, the details and results of such tests are also reported to the government and collected in National Cancer Screening Register (NCSR).

Medical establishments have become frequent targets of hacker attacks and honeypots for identity fraudsters: doctors and other medical professionals collect and keep huge volumes of highly personal and private data, yet have no skills or expertise to keep it secure. How many people dare to question why a medical centre is asking for certain personal information and what they are going to do with it? People simply comply and supply. Medical centres often engage other companies too look after their technology needs (which means those companies have access to your health information without being bound by healthcare privacy laws), or use third-party software for managing bookings, medical records and communications. That software is often made overseas and uses cloud facilities located in other courtiers, which means nobody knows what happens to your data and who has access to it.

Clinical pathology laboratories are data accumulation and sharing machines within Australian medical system: they obtain the patient personal details, add clinical test data to it, and then keep and share this information with medical practitioners, can disclose it the government or enter it into disease screening registers without asking for the explicit patient consent or offering any way of opting out of this.

Anonymous, 11 August 2023

It is extremely frustrating that we are held hostage by the companies and governments that demand our personal data but don't keep it safe.

Tania, 26 October 2023

This new ETIAS application requirement is going to be the reason why I will have to stop travelling to Schengen countries. I loved travelling to Europe for its history and the remnants of the cultural achievements of its past, but it looks like Christmas holiday 2023 will be my last trip to Europe. After that I will be holidaying in the countries that have much more respect for the privacy and security of my personal information.
I absolutely cannot understand why all my life we didn't need any "authorisation" to travel to Europe, but from 2024 we suddenly do. We are the same people. What has changed? The increase in the insatiable desire to hoard everyone's data and to spy on everyone? No thank you. I do not believe that ETIAS system will be able to keep our information secure. It is an impossible task. This system will be shared between 30 countries that can't agree even on the most basic political and economic points. I don't want my data to be held by them and potentially misused in the future when one of those countries has a sudden political tantrum.
An important point to keep in mind that ETIAS and EES will apply only to non-EU citizens/residents, who of course don't have the same rights and privacy protections as the EU citizens. EU keeps expanding to include the countries which I definitely wouldn't want to have any access to my personal data. Just think what will happen when it turns out that one of those countries siphons your data to some non-democratic regimes? Another lame "sorry, but you'll just have to suck it up"?
It's even more ridiculous considering that the EU let in millions of individuals whose personal and cultural values are incompatible with European law, order, and principles of democracy. That's where the majority of today's issues in Europe stem from. Definitely not from a few Australian and New Zealand tourists that travel to Europe for a holiday. So, from 2024 I will be spending my tourist money in the countries that haven't joined this data-grab charade.

Anonymous, 2 December 2023

Another thing that is absolutely infuriating about online forms that we have to fill is that they are almost always multi-page. You don't see in advance all the privacy-intrusive questions that you have to answer, so you can't decide in advance whether you want to even begin filling the form. On the first page they always ask you for your identity information: name, date of birth, passport number, phone number, etc. And only on the following pages you get to see the questions that make you decide to abandon the process. But by that stage you personal data has already been grabbed, sent to their cloud, and no doubt will never be deleted from there. And you never know how it will be stored and used.

Anonymous, 14 January 2024

It is really sad that free travel is becoming practically non existent. Many countries that used to be visa-free travel destinations now increasingly require that tourists obtain a travel authorisation. They say it's "not a visa", but in reality it is. It has all the hallmarks of a visa: you have to do it in advance, you have to give a lot of your personal data, you have to pay, you have to wait, and there is always a risk of getting a refusal without any meaningful explanation. And any one such stupid refusal can create massive problems in the freedom of travel for the rest of your life. So yes, all those ESTA, ETA, ETIAS and so on are visas in disguise. And that sucks.

But what sucks even more is that some of those authorisations must be applied for through an app. There is no web application option. So in addition to some other country grabbing my data, they made it mandatory for us to let Google or Apple grab our data too, because we cannot get those apps without a Google or Apple account.

I love to travel, and I used to do it very often. But because of all this, my travel destinations are now exclusively the countries who haven't yet joined this grab-data-under-any-pretext club.

Why do they want to know the names of my parents? Why do they want to know what other citizenship I might have? The only reason for such questions would be to discriminate against people who happened to be born in some "wrong" place. This is racist and this should be illegal to ask, just as it is illegal to ask about religion or sexual orientation.
I have my valid passport. Why was it perfectly enough yesterday, but today it is suddenly not enough anymore??

Anonymous, 15 January 2024

A warning to everyone who is banking with NAB:

NAB have removed the Remitter Name (Payer Name) field from the Pay Anyone page in their Internet Banking. Now you have absolutely no say in which of your personal information gets passed to other parties. NAB now takes your full name, slaps it into the transaction description, and sends it to everyone whom you have to transfer funds to.

Clearly, NAB have learned nothing from the recent massive data breaches in Australia. Instead of protecting the privacy of their customers, they took steps to do the exact opposite.

I have always used only my last name for all funds transfer transactions. It was perfectly sufficient for the payee in identifying the payment, but it would be insufficient for identity theft. And I am sure that many people did the same. But now NAB robbed us of this opportunity to protect ourselves.

Angry Customer of Hacked Optus and Super Angry Ex-Customer of Hacked Medibank, 15 January 2024

This indeed can be a privacy issue for some customers. For example, for women who wish to keep their private life private by continuing making payments to some parties under their maiden name. In the past, they were able to enter the desired remitter/payer name for each transaction. But it seems that now NAB strips them of their privacy and announces their new name to everyone.

Presumably, this increasing disregard for customer privacy and the removal of the customer control over how their personal information is used is a part of the general shift of the banking system from providing financial services towards policing and surveillance. That's why we now often hear of the incidents where banks close someone's accounts without any apparent reason and without any explanation. Some AI risk assessment system within the bank makes a decision based on who knows what — and the person gets thrown out without ever being told why. The situation is becoming more difficult for ordinary people, as they are forced by the governments and private companies to have bank accounts, yet the terms are often unacceptable, and the accounts can be closed by the banks at any time with no transparency. "Terrorism" and "money laundering" became everyday pretexts for almost any action perpetrated by financial institutions against private individuals.

Another reason for this change may be the bank's move to Osko payments. Osko doesn't seem to offer the customers any choice or flexibility in this regard. It simply grabs the full name of the account holder and sends it out.

This is a really good article. As as I was reading it, I couldn't stop saying, 'yes, yes, yes...'
Personally, amongst the listed 'offenders' I find Australian medical system the most extensive invader of privacy. They collect the widest scope of very personal data while holding vital medical help hostage.
For example, in Australia it is virtually impossible to test for STI anonymously, even when paying fully out of pocket and not using Medicare. People are forced to give their personal information, and if tested positive, they get reported to the government!
Given the extreme sensitivity of the issue, this means that many people would not do such tests because they don't want to be forced to provide their personal information. But as Australian medical system is much more concerned with collecting personal information and reporting it to the government than with keeping people healthy and safe, thousands of people have to live with STD, damaging their own health and possibly infecting others - all because Australian system left them no other option for protecting their privacy.
We all know that the promises that the data will be kept "confidentially" and "safely" are worthless. Privacy laws can change at any time, the system can be hacked, and there are always numerous exceptions for when and how personal data can be disclosed and used for other purposes - just read thought any so-called privacy statement!
This obsession with data collection costs ordinary people their health and their lives.

Anonymous, 27 April 2024

It's been almost 2 years since the Medibank data breach, and its horrible consequences seem to be worsening. At first it was just a barrage of spam and scam calls and messages, but now I am getting notifications of various accounts registered in my name.

I know for certain that the Medibank breach is the cause if it, because the scammers are using my email address that was stolen from Medibank. I used it only for my insurance, banks and government services. Nobody else knew this email address, not even my friends and family. And none of the other places reported a breach.

The situation is extremely distressing. It is terrible to feel so violated and powerless, and to live the rest of my life not knowing where and how my details can be used by criminals. There is no way to solve the problem. I find the ubiquitous advice to request a credit report from credit reporting agencies very unhelpful for two reasons:
1. A credit report can only indicate that my data has been breached and that someone else was attempting to open some accounts or take out loans in my name. I already know that it is the case! The third parties who accessed my credit report as a result of the data misuse will not delete my personal data anyway. They all want to collect and hold maximum data about everyone, they don't care if that data was illegally obtained from criminals. So, report or no report, there is no way to get your privacy and safety back.
2. To provide a credit report, Equifax, Experian, and Illion all want my ID credentials, which would only increase the risk of further, more serious data breaches. At the moment, only my full name, address, date of birth, phone number and email address have been stolen from Medibank. Luckily, Medibank did not have any of my ID credentials. But if any of the credit reporting agencies get hacked (this has happened before, and it will happen again!), my ID credentials will be stolen as well, and with that, hackers can cause infinitely more trouble for me. Trying to deal with the consequences of one data breach by giving more data to more companies is an utterly stupid advice.

And by the way, if you are a data breach victim, and found yourself being contacted by debt collectors or any other entities, never give them any additional information about yourself. What they have on you is already bad, because it came from criminals. But your best defence is that they hopefully don't have a lot of your identity information and credentials, so you can prove that what they have was stolen by hackers, and that the company where the debt originated should have had better security checks.

Data breach victim, 6 July 2024

Always read privacy policies or ask who, why and how will collect, keep and use your data. If you don't think they need it, don't give it!
Never be afraid to say 'no'. Protect yourself fiercely. Because once your identity gets stolen, your life will turn into hell forever.

Anonymous, 8 July 2024

Don't ever let your ID to be copied. Especially your passport! You have to be very careful and unwavering when travelling, especially when checking into hotels. GDPR do not allow hotels take copies of customer passports, but in some countries they still do it! Portugal, Spain, Italy and France are big offenders. Hotels in Paris are particularly bad. They keep scans of passports without any security on their computers. Once I even saw hotel staff taking photos of passports with their own phones! If this happens to you, brace yourself for a serious identity theft! A copy of your passport in the wrong hands can be extremely dangerous. Anything can easily be stolen by hackers in those hotels, or even sold to criminals on the dark web by unscrupulous employees.

L-, 5 August 2024

In Europe, the collection of ID documents details by hotels probably depends more on a particular hotel than a country. The best way to protect one's privacy might be to do some research before booking. Check if there are any online comments or reviews about a particular hotel mentioning that they requested passport details or made a copy of it, and if yes, find and book a hotel where they don't do such things.

Great point about paying cash!! Although it is getting harder to do it not only in Australian but also when travelling overseas. In some countries there are now many places that do not accept cash. This means that banks can spy on each purchase and know exactly where what we buy, but also slap a very unfavourable conversion rates on top of that, and some extra fees!! I really can't understand how it is allowed not to accept cash while it is still official currency of the country. Such "no cash accepted" signs should be illegal.

Anonymous, 17 September 2024

This is another reason for doing some research when planning an overseas a trip. Some countries are more 'cashless' than others. There can also be a big difference between large cities and a small towns within the same country. In Europe, for example, the Netherlands is quite bad in this regard (many places there do not accept cash, and often there are no warning signs), France is midway (cash is accepted in most places, but by default they expect a payment by card), Germany is great (cash is accepted everywhere).

It is with dread that I await the next Olympics in Australia. Why? Because it will give our government every possible pretext for even more severe privacy invasion and personal data collection.

They used the Sydney 2000 Olympics as a pretext for introducing Australian Electronic Travel Authority, which of course was not removed after the Olympics was over, and which became a nightmare for elderly tourists. Even worse, it now requires an app, which means giving one's data to Apple or Google or whatever account people are forced to create just to be able to download an app.

For the Brisbane 2032 Olympics the government is already trialling Australia Travel Declaration, which will become the digital replacement for the paper Incoming Passenger Card. It is touted as something that will "streamline processes, improve data quality, and offer a seamless experience for users"... blah blah... as if they were doing it purely for our convenience.

Whenever I see the words "streamline" or "seamless", my bullshit detector immediately rings alarm bells. But the crucial words there are actually "improve data quality", which in government speak means that the new digital Travel Declaration will grab more of our personal data than the paper card, and will share that data with more entities. We will get "streamlined and seamless" ramping up in data harvesting, data matching, and data sharing. And it will probably require an app as well. Think for a moment how fundamentally wrong it will be: to be forced to give your personal data to an overseas company for the permission to return to your own country!

BB, 29 December 2024

ETIAS will be one of the saddest things when it comes into operation. I love Europe for its arts and culture. I work hard all year to be able to afford a holiday in Europe. It's the most wonderful time of my life each year. But my privacy is safety of personal data is also very important to me. I am very concerned that my data will be shared across all 30 EU countries, some of which don't have very trustworthy governments at the moment.

The whitewashing aroud ETIAS is also a cause of concern. The European Union authorities keep saying, ETIAS is not a visa. But in reality, what is it if not a visa? Countries use the visa mechanism for the following purposes: to deny any person the entry in advance, to collect personal data, to collect money. ETIAS will be doing all of these. Therefore it is a visa, no matter how the European Union whitewash it.

The strangest thing is that ETIAS will apply only to short-term visitors from low-risk countries, which means it will do absolutely nothing to reduce the crimes and serious problems that are reported in European news every day as stemming from excessive immigration and failed integration of some migrants.

So now, with sadness and pain in my heart, I began looking for a new holiday destination.

Meg, 23 January 2025

The problem with the looming ETIAS isn't just that it wants to collect totally unnecessary and excessive private information. There is also a huge problem with the fact that this system will be shared between all EU countries and more. Which ultimately will mean it will be leaking data to adversaries and nobody will be held responsible.
For example, I love travelling to Austria, the Netherlands, and Scandinavian countries. Why the hell will my personal data be given to a bunch countries in other parts of Europe?! I have zero intention of ever going there, and I seriously disagree with the political leanings of some of those countries.
Then, the EU is intending to accept more countries, which can hardly be called democratic at all.
And then, what will happen to ETIAS data when another country decides to leave the EU? They will have a copy of the entire ETIAS database, which of course they will keep, and can potentially do whatever they like with that data as they would no longer care about any EU data protection laws and promises.
After sprawling too far, the EU became an unpredictable, unstable, unreliable political mess. An I am definitely not happy to hand over my private information to the entire bunch of those countries.

Anonymous2.0, 29 January 2025

It's good to see that more people are becoming concerned with the privacy and security of their personal data in connection with the looming ETIAS and EES systems in Europe.

Personally, I wouldn't be worried so much if they simply wanted the data that is shown in my passport. But it looks like they also want to collect home address, email address, phone number, and also information about previous names, parents names, other citizenships, all of which is highly sensitive data for some people, whose lives can even potentially be put in danger if that data gets leaked to adverse countries or undemocratic regimes.

The europa.eu website promises that EES and ETIAS will operate according to the privacy-by-design principle, and that all data will be kept for the maximum of 5 years:
"Personal data recorded in the ETIAS will not be kept for longer than is necessary for its purpose. Data shall be stored for the period of validity of the travel authorisation or five years from the last decision to refuse, revoke or annul the travel authorisation."
"The EES will keep your personal data: Records of entries and exits and refusals - for 3 years, starting on the date the records were created. If no exit has been recorded - for 5 years, starting on the expiry date of your authorised stay."

But can we really believe these promises? Will the EU really delete all that data completely, irreversibly, 100%? I don't think so.

The whole point of these systems is to control who can enter the EU and to track those people's movements. The decision to authorise someone's entry can only be made based on some data about that person. Therefore collecting maximum volume of data on each person is absolutely essential for ETIAS to function. Are the European authorities really saying that if someone illegally stayed in the EU for over 5 years, they will happily forget about it and delete all information about that person??? They are either lying completely, or they will simply be transferring all EES and ETIAS data into some other system and keep it there for much longer, while saying that the data has been deleted in EES and ETIAS. This is a common trick when some authorities need to create an illusion of privacy and to promise the data in a certain system will be "deleted" after a short period of time.

Meg, 31 January 2025

Don't worry Meg. ETIAS is sad news for those who love Europe, but ultimately we still have the choice to redirect our love to other holiday destinations that haven't yet jumped onto the data-grab bandwagon. In the end, the EU will only hurt themselves. Millions of illegal migrants who refuse to integrate, and who are the main problem there, will still be living in Europe, and more will be coming, because ETIAS doesn't apply to them. The ETIAS will deter only legitimate tourists, which means that the EU will have less money for coming up with further data-grab ideas.
P.S. Also f*** the UK with their ETA. They made it mandatory for Australia, New Zealand and Canada even ahead of the EU that they exited. So much for us having the same head of state!

Anonymous2.0, 5 February 2025

Do you know, it is possible to get a truly anonymous HPV test in Australia?
A home HPV test kit would be ideal, but I would also be ok with going in person to a clinic as long as I don't have to identify myself.
Basically I want to do an HPV test to screen for cervical cancer, but I absolutely don't want any clinic, lab, government, Medicare, or the National Screening Register to grab my personal data. It's my intimate life, and it's absolutely essential for me to keep it private. All the promises by the Australian government and the Australian medical system to keep my data "safe", "secure" and "confidential" are worthless bureaucratic words in my eyes. I want my sensitive private information to be kept only by me, nobody else. I've already had my personal data stolen twice: from my doctor's practice and from my health insurer. That's enough! Only total anonymity can guarantee total privacy and security.
I understand that I would't be able to claim such anonymous test through Medicare. And I'm ok with that. My privacy is more important to me than money.
I enquired about this in a few medical centres, and they all refused. They claim that collecting my data is necessary for "maintaining the standards of care" in case a follow-up is needed. Typical lousy bureaucratic excuse! It's not like I'm asking for some drugs that can be misused, or for a dangerous treatment! Basically they would rather a woman doesn't test and gets cancer than let her have total privacy and freedom of choice.

Rita, 15 May 2025

Unfortunately it appears that anonymous HPV testing doesn't exist in Australia. In some countries it is possible to order an HPV test kit online and then send the sample to a laboratory giving them only an email address for receiving the results. In some other countries there are sexual health clinics that offer genuinely anonymous testing. However in Australia collecting patient data seems to be a higher priority for the healthcare system than giving women an opportunity to simultaneously protect their health and their privacy.

Under Australian Privacy Principles, individuals have the right to interact with a health service provider anonymously or under a pseudonym. But in reality this principle is largely ignored, and it seems to be impossible to get tested for HPV without someone insisting on collecting your personal data.

Medicare and the Cancer Screening Register sometimes allow people use pseudonyms, but they link those pseudonyms with the real identity. Therefore it creates only an illusion of privacy. Australian government and medical establishment always want to know who is who, thus most likely there is no way to get absolute anonymity and privacy in Australia.

Pathology laboratories are a privacy nightmare. They collect so much personal data and then scatter it all over the place. Each pathology lab report contains the patient's full name, home address, date of birth and Medicare card number. That's enough data to any scammer for doing a lot of harm and even initiating a fill-blown identity theft! For whatever reason labs also love collecting patient's phone number. As if they are going to call us with anything useful to us!

One lab often subcontracts another, which means the data is shared further. And then they dump all that data, including highly confidential medical information, into various screening registers and medical surveillance databases, where the government, bureaucrats, researchers and mega-snooping entities like the ABS have access to it. And so do hackers.

Basically after a person sees a doctor and does any medical diagnostic test at least once, he/she no longer has any control over the collection and disclosure of his/her private information. What a threat to our privacy and security! It's no wonder so many people avoid seeing doctors and doing such tests. This ever expanding data-grabbing setup is harming people's health. And digitalisation is only making it worse.

Anonymous, 6 June 2025

Unfortunately Australia has too many examples of the worst combination: high digitalisation with low privacy protection.

IMO the most profound data collector agency for the Australian government is Medicare.
Medicare takes enormous advantage of the fact that people cannot un-enroll out of it. It collects a lot of personal data and then shares it with a huge array of other government departments, privacy-inavidng agencies like the ABS, researchers, and f*** knows whom else.
Even those of us who refuse to ever use Medicare, have no option to exit it (and to stop paying its levy). Every 5 years when we receive a new Medicare card, we immediately chop it up and throw the pieces away. For all sensitive health issues we go overseas (and feel enormously fortunate that we can do it), because we are well aware that we will get zero privacy within the Australian medical system.
Australian government thinks that it owns our health data. We vehemently disagree with this! We believe that each person should be the sole custodian of their health data, which they then may choose to share with specific health professionals for a specific purpose, and which those health professionals should not be keeping longer than absolutely necessary for that purpose. But the government should get the f*** out of our private life! It gets our taxes and our votes. Everything else is our private life. And it's called 'private' for a good reason.

Anonymous, 24 June 2025

And now welcome another massive Australian data breach... This time it's QANTAS. Prepare to get a canned apology and advice to be careful with how you share your data. Even though the best protection in this case would have been not to share it with QANTAS!
And the worst thing? Nothing will change in the way our data is harvested and breached. There will be just a bit of noise in the news for a few days, and after that business as usual. Or worse: we will be required to supply even more of our personal data or download some stupid app allegedly for increased protection. All despite the fact that the culprits are not the ordinary people. The culprits the Australian government and Australian companies who grab too much data, keep it for too long, and then let hackers to break in and steal it.

Anonymous, 3 July 2025

Unfortunately it seems to be the case. Each new data breach in Australia does not lead to a decrease in personal data collection and retention. Quite the contrary, it prompts ubiquitous demands for mobile phone numbers (which in Australia means handing one's ID to a telco, from where it can be stolen — see Optus), or the push to download various verification apps (which means handing one's data over to overseas corporations like Google or Apple).

I wish Australian government would stop prioritising surveillance and data hoarding over people's safety. Continuing their strategy of pushing everyone into using myGov, which would give the government access to the most up-to-date personal details of every Australian, they told private health insurers that they now don't have to give us annual tax statements. The insurers just have to send that information to the government and then tell people to use the prefill in myTax to retrieve it.

The situation is ridiculous: the government forces us to pay taxes and lodge annual tax returns, they also bully us into taking up private health insurance (which by the way is mostly useless because the very same government refuses to pay the adequate share of medical costs that private insurers want before they contribute anything meaningful themselves), and yet the government goes out of its way to make it all maximally difficult for us, unless we create a myGov account and let all arms of the government to grab, use and share our personal information as they like.

Worse still, Australian government made it mandatory to have a mobile phone number for using myTax, while at the same time made it impossible to get a pay-as-you-go number anonymously (which means 100% safely from data breaches). Therefore, unless we give our data to a mobile provider, pay for a phone and a mobile plan out of our pocket, and put ourselves at risk of an identity theft disaster like happened at Optus, we cannot fill a tax return without major difficulties.

Luckily, for now, I was able to ditch the previous uncooperative health insurer and switch to a different one that still gives its customers annual tax statements. But it's probably only a matter of time before they all go lazy (or be told by the government) and stop giving us the statements.

It's a terrible situation on all fronts:
* No privacy of personal data in Australia, as the government treats our information as its own property and constantly expands the scope of data sharing and data matching, and lets private companies do the same. All the while the Australian Privacy Act is a toothless joke.
* No feasible possibility of being able to live without a mobile phone number, because each arm of Australian government and nearly every private company demands it.
* No chance of getting an anonymous mobile number, like people can do in the UK and New Zealand.
* No opportunity to use paper tax returns without ever increasing obstacles, which means no opportunity to protect ourselves from hacker attacks, data breaches and relentless data hoarding by using paper.
In addition to all that, Australians ended up with being forced to pay for two health insurance schemes simultaneously, neither of which would then pay back the full costs of the necessary health services. Private health insurance is a business, and therefore is focussed on maximising its profits. And Medicare is basically a political tool that is wheeled out before each election, and that mainly functions as the primary personal data collector for the Australian government.

Caroline, 17 July 2025

There is a lot of privacy invasion within the medical system. Patients often don't get to see the full information about themselves that is collected and shared, while many other people and institutions have unlimited access to it.

Australian federal, state and territory authorities are continuously trying to ramp up the collection, matching and sharing of medical data on every person in Australia. From My Health Record, which people luckily can opt out of, through state systems like HealtheNet in NSW, the ieMR in Queensland or Clinical Information Portal in Victoria, which grab and share a massive array of private and sensitive data without giving people the ability to opt out completely, to the booking and patient management systems used by hospitals and general medical practices.

In each instance, patients can lose control over what data is collected about them, who it is shared with, where it is stored, what it is used for now, and what it can be used for in the future. This severely undermines people's trust in the medical system, destroys the confidentiality between doctors and patients, and discourages people from seeking medical help.

Results of many medical tests, together with the patient's personal details, are reported to various government-run health surveillance programs and entered into screening registers and recall-and-reminder systems. The data they collect can go beyond your personal and contact details, and can include the details of your tests, procedures and doctor consultations. The management of some of those systems and registers involves commercial third parties. For example, the National Cancer Screening Register is operated by Telstra. This personal information disclosure can happen without the clear knowledge and explicit consent of the patient, or the patient is informed about this but given no choice and no option to stop their personal data from being distributed throughout the system. Other times, there is an opportunity to opt out of this data sharing and medical surveillance, but patients are told about it only after their data has been entered into those systems.

If you strongly prefer to make your own health decisions and wish to minimise the propagation of your personal data through the medical system and beyond, before consenting to any tests tell your doctor that you don't want your information to be shared with anyone. If your personal data has already been slurped by any of those systems or registers, there are ways to opt out of some of them:

How to Opt Out of My Health Record:

Use their cancelling My Health Record page. Unfortunately it demands that the person either registers for myGov or sends them certified copies of identity documents. A typical ridiculous sitiation for Australia: to protect one's privacy one is forced to give out more personal data. It may also be possible to get the unwanted record deleted by calling My Health Record help line on 1800 723 471.

How to Opt Out of the National Cancer Screening Register:

Fill out these web forms to opt out of the National Bowel Screening Program if you are aged 45–74, and opt out of the National Cervical Screening Program if you are a woman aged 25–74. Beware! Until 2023, providing an email address in these web forms was optional. Now it is mandatory. If you do not want to give your email to the Screening Register, you can opt out by calling them on 1800 627 701. There also used to be an option to print and mail an Opt Out PDF form, but this has been recently removed, which shows how much the Register really cares about privacy, consent, and accessibility for people who are hearing impaired or don't speak English very well. When filling out the forms, pay attention to the options. The “cease contact and correspondence” form will stop the nagging messages, but new information about you will continue being recorded in the register. Whereas the “opt out” form will stop the nagging and prevent any further information about you from being collected by the NCSR.

According to the NCSR “privacy policy”, the data that they have already collected will not be deleted, only made “inaccessible”, whatever that means in their terms. When screening registers were run by states, they offered an option to delete the collected information. In the new national register, this option is absent. Instead, their policy says, your information may be used by the NCSR or given to other parties, such as professional disciplinary authority, child protection officers, enforcement bodies, court or tribunal proceedings, coronial inquiry, research, investigation, health promotion and planning purposes, and where the use or disclosure is required or permitted by that state's or territory's law — whatever this clause may encompass at any given time. Therefore, if maximum privacy is your priority, you may conclude that it is best to opt out as early as possible.

Perhaps one day the government will realise that significantly more people would participate in such tests and programs if they could do it completely anonymously — the only way that can truly guarantee privacy and security. As of now, unfortunately, collecting personal data and spending taxpayer money on promotion campaigns seems to be the preferred modus operandi of the Australian government and healthcare system.

Anonymous, 11 August 2025

You should add "oppose Olympics" to this list. Or wait and see what privacy-invading and freedom-diminishing crap for surveillance and data collection Australian government/authorities will whip up using the Brisbane 2032 pretext. Initially it will be rolled out as "for the Olympics", but then it will never be scrapped, even long after the Olympic Games are over.

Anonymous, 28 August 2025

It is such a pity about the upcoming ETIAS!
I loved travelling to Europe. All my extra savings have always been spent on trips to this amazing array of countries full of culture, art, architecture and history. It will be sad to end this life-long love relationship if ETIAS questionnaire turns out to be too intrusive and I conclude that my privacy and personal safety are more important to me than my hobby. If/when even just one of the EU countries goes rogue, it can share all that data with any overseas dictatorship regime, while the rest of the EU won't be able to protect us!

By the way, on top of the ETIAS, beware of various data-collecting ventures that some EU countries impose additionally. For example Austria demands that all visitors fill a registration form, which collects a lot of personal data. They claim it's for charging their tourist tax, but I think it's just a pretext. I am ok with paying taxes, but I am totally not ok with each hotel grabbing my full name, address, date of birth, passport number, etc... and then storing it for at least 7 years. It's a sure recipe for identity theft. They say it's the Austrian government requirement. But if so, the link for filling that info should come from an Austrian government website, not from some shady third-party deskline.net domain that looks like scam. Check its 'whois' info — it's all hidden. So they want all our information, but won't tell us who they are and who owns that domain. And either way, it is totally unnecessary, as many other EU countries don't do it and instead respect tourist privacy.
If the Austrian government demands my personal data, they should be collecting it directly, and be directly responsible for its security, instead of delegating this all to thousands of hotels and hostels. A small chalet cannot grantee any data safety! That's not what their business is about. Austria is a beautiful country, but this intrusive data collection and the risk of data theft put me off visiting it ever again.

M., 2 September 2025

In addition to the possibility of racial/cultural profiling and discrimination, if the ETIAS insists on collecting everyone's past names and nationalities, together with the current residential address, it will create a risk for many categories of people, including those in witness protection, those with past abusive relationships, and those who fled countries with dictatorship regimes.
Thirty different Member State countries and hundreds of thousands of personnel will have access to the ETIAS data. In such arrangement, nobody can truly guarantee privacy and security of data. Any one of the personnel can abuse their access privileges. Or one Member State can become politically hostile, stop honouring the EU regulations, and give a third country with a dangerous regime access to the ETIAS data. Not only will it then endanger the expats who opposed such regimes, it will also become a significant risk for everyone whose data has been collected by the ETIAS.
Some countries derive significant revenue from organised hacking and scams. Armed with the identity, biographical and family information from the ETIAS, and with the help of ever evolving AI, such scam attacks will become much more sophisticated and much more devastating for the millions of ordinary law-abiding tourists who had no other choice but to believe that the EU and ETIAS would keep their data safe.
On paper, the EU promises data protection rights. But in practice, with multiple different national and EU-wide regimes that will govern the ETIAS and the use of the collected data, such rights will likely be extremely difficult to exercise, especially given the fact that the ETIAS will affect only non-EU citizens.
For example, Article 14 of ETIAS Regulation states that "Processing of personal data within the ETIAS Information System by any user shall not result in discrimination against third-country nationals on the grounds of... race,... ethnic origin,...birth, ...." But if that were really true, why is the ETIAS planning to demand to know one's exact place of birth, name at birth and nationality at birth? The current name and nationality should be sufficient! Distinction is the starting point of all discrimination. And the main purpose of the ETIAS is to collect data for making distinctions between people using characteristics that were previously unknown to the EU border control.

Anonymous, 15 September 2025