How these investigations work
Government platform investigations are different from our device and software analyses. They include a legislative breach analysis — mapping every finding to the specific laws the government wrote for itself, with section numbers, case law, and penalty exposure.
Each investigation follows the same evidence layers:
- Terms of use analysis — reading the actual terms, not the marketing summary
- Tracking infrastructure — examining page source code for undisclosed trackers, analytics, and overseas data flows
- Incident history — data breaches, security failures, audit findings, and what happened to real people
- Legislative mapping — every finding mapped to Privacy Act APPs, discrimination acts, administrative law, and sector-specific legislation
- International comparison — how Australia compares to Estonia, the UK, Singapore, and the EU
- The enforcement gap — what regulators could do versus what they actually do
The strongest enforcement pathways are the three discrimination Acts (DDA, RDA, ADA) — they explicitly cover government services, have no "trade or commerce" limitation, and have established precedent for digital accessibility.
On the radar
Service NSW
State-level digital services portal. Digital Driver's Licence, COVID check-in data retention, facial verification for identity. Australia's largest state government digital platform.
Australia · State
Aadhaar
1.4 billion biometric IDs. Mandatory for bank accounts, phone SIMs, welfare, cooking gas. Database access sold for $7 on WhatsApp. Starvation deaths when fingerprint scanners failed. India's Supreme Court ruled it constitutional but limited.
India
NHS App
UK's health services portal. GP records, prescriptions, COVID Pass. Palantir's $480M contract for NHS data analytics. GOV.UK One Login lost its identity certification in May 2025.
United Kingdom