Privacy Act Review: Coming Soon

The much-anticipated review of the Privacy Act 1988 (Cth) (Privacy Act) may be happening very soon.

After announcing the Privacy Act Review on 12 December 2019, and conducting consultation in 2020 and 2021, the new Attorney-General Mark Dreyfus has pledged to bring in sweeping reforms in the coming months.

Privacy Act Review: Looking back

The Privacy Act Review was part of the government’s response to the Australian Competition and Consumer Commission’s Digital Platforms Inquiry. The purpose of the Review was to ensure privacy settings:

• empower consumers;
• protect consumers’ data; and
• best serve the Australian economy.

Concurrent measures

During the Review, there have been other amendments to the Privacy Act, notably:

1. the introduction of the Consumer Data Right;
2. Expanded powers of the eSafety Commissioner; and
3. the Online Privacy Bill.

You can read more about eSafety here.

The Online Privacy Bill is a separate reform to the Privacy Act Review. It proposes to introduce an Online Privacy Code for social media platforms.

Privacy Act Review: Looking ahead

Proposed changes to the Privacy Act include:

• strengthening individuals’ privacy rights by:
  • strengthening consent requirements; and
  • introducing a person’s right to erasure;
• creating a direct cause of action or statutory right for breaches of privacy laws; a recommendation of the Australian Law Reform Commission in 2014;
• introducing specific codes for certain industries, such as the Online Privacy Code for social media platforms, and other distinct industries; and
• increasing maximum penalties which are significantly out of step with international jurisdictions.

Strengthening consent

The principle manner to strengthen consent requirements is with pro-consumer defaults – also known as the principle of privacy-by-design – and accessible privacy settings that give individual obvious, clear ways to set privacy controls. The inherent policy idea underpinning privacy is the rights of individuals to control their information, and by result, their identity.

It is possible that the consent reforms will focus on requiring pro-privacy default settings when information about children and vulnerable people is involved. This is also a part of the Online Privacy Bill, proposing explicit parental consent to use social media platforms for children under the age of 16.

What your organisation can do now

As we await the introduction of a Privacy Bill 2022 to Parliament, we recommend organisations:

• ensure they have a privacy policy in place, even if they are a “small business” with an annual income of less than $3 million. The Privacy Act Review has considered scraping the small business exemption; and
• plan – and budget – for needing to refresh how they handle personal information. Replacing or upgrading software or client management systems can be expensive, time-consuming and critical to business infrastructure.

How we can help

With expertise in privacy and safeguarding, Moores can support your organisation to you achieve your mission by helping you:

• optimise how you use personal information in a lawful way, and
• avoid costly and embarrassing breaches of privacy.

When was the last time your team had privacy training?
For more information about your organisation’s current privacy obligations, see Moores’ Privacy Toolkit – a free online resource you can download here.

Contact us

Please contact us for more detailed and tailored help.

Subscribe to our email updates and receive our articles directly in your inbox.