On September 28th, the Australian Government addressed proposed changes to the Privacy Act 1988 (Cth) in response to recommendations from the Australian Competition and Consumer Commission (ACCC) and the Office of the Australian Information Commissioner (OAIC). These recommendations stemmed from the Privacy Act Review Report released in February. The government has acknowledged the importance of enhancing individuals’ control over their personal information, strengthening regulatory enforcement powers, and increasing transparency and accountability for businesses.
Response to the proposed reforms
The government has agreed to several notable reforms, including:
(1) Implementing a new requirement that the collection, use, and disclosure of personal information must be ‘fair and reasonable in the circumstances’. This ‘fair and reasonable’ test aims to balance the interests between individuals and entities handling their personal information, irrespective of whether consent has been obtained.
(2) Establishing a direct right of action for individuals to seek remedies for Privacy Act breaches resulting from interference with privacy. A statutory tort for ‘serious’ invasions of privacy will enable individuals to seek redress.
(3) Amending the definition of ‘consent’ to require that it must be ‘voluntary, informed, current, specific, and unambiguous’.
(4) Requiring non-government organisations to conduct Privacy Impact Assessments, similar to Commonwealth Government agencies. Additionally, organisations will need to appoint a dedicated privacy officer to oversee privacy compliance.
(5) Granting the OAIC additional powers for investigations of civil penalty provisions, the ability to undertake public inquiries, and review specified matters with the approval or direction of the Attorney-General. These powers aim to ensure consistency with domestic and international regulators.
However, when it comes to strengthening consent requirements for the collection, use, and disclosure of personal information, the government has expressed the need for further consultation. They emphasise that changes to consent may pose challenges for research organisations working in the public interest and might place an unrealistic burden on individuals faced with lengthy policies.
What next?
Overall, these proposed reforms aim to modernise Australia’s privacy laws in the digital age and protect individuals’ personal information in our data-driven world. Privacy advocates have welcomed these changes, as they believe they will help rebuild trust in the use of personal data by businesses and government agencies. The government is expected to engage in consultations with stakeholders before presenting the proposed amendments to Parliament in 2024.
Authors: Ashna Govil & Zaki Zeini, paralegals.