Fed Govt acts to strengthen privacy protections

Privacy Act reform

In response to a Privacy Act Review Report, the Federal Government has committed to stronger privacy protections by vowing it would grant individuals greater control over how their privacy and personal information should be handled by different entities.

In particular, the Government has agreed, or agreed in principle, with the majority of the review’s proposals, including:

  • establishing stronger protections for children, including the introduction of a Children’s Online Privacy Code;
  • making entities accountable for handling individuals’ information and enhancing requirements to keep information secure, including destroying data when it is no longer needed;
  • providing entities with greater clarity on how to protect individuals’ privacy, and simplifying their obligations when handling personal information on behalf of another entity; and
  • giving individuals greater control over their privacy by requiring entities to seek informed consent about the handling of personal information.

Additionally, the Government has said it would continue to work with the small and medium-sized business sector on enhanced privacy protections for private sector employees and for small businesses themselves.

The legislation, which was passed last year, already increased penalties for serious privacy breaches, and provided the Australian Information Commissioner with greater powers to address privacy breaches.

In 2022, the Government announced the new legislation, which increased penalties for repeated privacy breaches to up to $50 million. This followed a spate of high-profile data breach events, including, among others, of telecom giant Optus and Australia’s largest health insurer Medibank, which collectively resulted in the loss of more than 20 million customer records.

The Department of the Attorney-General has said it will conduct an impact analysis and continue to work with businesses, media organisations and government agencies to “inform the development of legislation and guidance material in this term of Parliament”.

Privacy reform will complement other critical reforms being progressed by the Government, including Digital ID, the 2023-2030 Australian Cyber Security Strategy, the National Strategy for Identity Resilience, and Supporting Responsible AI in Australia.

The Privacy Act Review Report, which was released in February 2023, originated out of recommendations from the Australian Competition and Consumer Commission’s 2019 Digital Platforms Inquiry- Final Report.

In its response to the report, the Government has said it will progress with consideration of reforms to Australia’s privacy framework under five key areas:

  • bringing the Privacy Act into the digital age
  • uplifting protections
  • increasing clarity and simplicity for entities and individuals
  • improving control and transparency for individuals over their personal information
  • strengthening enforcement

The Privacy Act Review Report is the culmination of over two years of extensive consultation, with the Report concluding that it is necessary to overhaul Australia’s privacy laws, as many other countries have done, to ensure they remain fit for purpose in the digital age.

Failure to uplift Australia’s privacy standards to more closely align with global standards, it said, has the potential to adversely impact the international competitiveness of Australian businesses.

“This agreement is subject to further engagement with regulated entities and a comprehensive impact analysis to ensure the right balance can be struck between privacy benefits for Australians and other impacts on regulated entities,” the response reads.

“It is important that the benefits and economic costs are understood including any appropriate adjustments. This further exploration, which will be led by the Attorney-General’s Department, in consultation with Treasury, will inform Government’s further consideration of these proposals.”