Update: Unfair contract terms reforms commence

The current status

From 9 November 2023, expanded provisions for unfair contract terms (‘UCTs’) found in standard form contracts have taken effect under the Australian Consumer Law and the ASIC Act. These changes will apply to any new contract, and any amended or renewed contract, made from that date.

unfair contracts
To assist understanding of the reforms for both industry and consumers, ASIC has provided new guidance you can find here.


Before the reform, unfair contract terms in standard contracts with small businesses and consumers were void but not illegal. The first key amendment is that unfair contract terms are now illegal and attract significant financial penalties. The criteria for establishing whether a contract term is deemed ‘unfair’ have remained largely unchanged.

Expanded scope

Small business threshold: As part of these reforms, the scope of small businesses eligible for Unfair Contract Terms (UCT) protections has been widened. To fulfill the updated criteria for small businesses, a company must either employ fewer than 100 individuals or generate less than $10 million in annual turnover.

Standard form contracts: The UCT protections continue to apply to standard form contracts. However, a significant change is that even if the other party is provided the opportunity to negotiate minor adjustments to the contract’s terms or to choose from a selection of term options, the contract may still be considered standard form. Also, a contract may still be classed as standard even if another party involved in a different transaction had the ability to negotiate and implement significant modifications to that same form of contract.

Notable legislative changes

The recent amendments have removed the monetary contract threshold formerly stipulated by the ACL, which restricted the upfront price payable in the contract to not exceed $300,000.

Under the ASIC Act, the UCT regime will now only apply to a small business contract if the upfront price payable (excluding interest) for the contract is $5 million or less.


Under the Australian Consumer Law, the maximum penalty for violations of the UCT regime has been raised.

For companies, the penalty has increase to $50 million from the previous $10 million, or it may calculated as three times the benefit gained by the company if quantifiable. Alternatively, it can amount to 30% of the corporation’s turnover during the period of the offence, as opposed to the previous penalty of 10% based on the annual turnover only within the 12 months before the breach. For individuals, the maximum penalty has been changed from $500,000 to $2.5 million.

These penalties will apply to new contracts, renewals, or modifications of existing contracts that are entered into on or after 9 November 2023.

If you would like us to review your standard templates in light of the new provisions, please contact us.

Author: Zaki Zeini, paralegal.

Update: Incoming Privacy Act Reforms

Data collection policies will need to be updated to align with the incoming changes expected to be passed in 2024.

On September 28th, the Australian Government addressed proposed changes to the Privacy Act 1988 (Cth) in response to recommendations from the Australian Competition and Consumer Commission (ACCC) and the Office of the Australian Information Commissioner (OAIC). These recommendations stemmed from the Privacy Act Review Report released in February. The government has acknowledged the importance of enhancing individuals’ control over their personal information, strengthening regulatory enforcement powers, and increasing transparency and accountability for businesses.

Response to the proposed reforms

The government has agreed to several notable reforms, including:

(1) Implementing a new requirement that the collection, use, and disclosure of personal information must be ‘fair and reasonable in the circumstances’. This ‘fair and reasonable’ test aims to balance the interests between individuals and entities handling their personal information, irrespective of whether consent has been obtained.

(2) Establishing a direct right of action for individuals to seek remedies for Privacy Act breaches resulting from interference with privacy. A statutory tort for ‘serious’ invasions of privacy will enable individuals to seek redress.

(3) Amending the definition of ‘consent’ to require that it must be ‘voluntary, informed, current, specific, and unambiguous’.

(4) Requiring non-government organisations to conduct Privacy Impact Assessments, similar to Commonwealth Government agencies. Additionally, organisations will need to appoint a dedicated privacy officer to oversee privacy compliance.

(5) Granting the OAIC additional powers for investigations of civil penalty provisions, the ability to undertake public inquiries, and review specified matters with the approval or direction of the Attorney-General. These powers aim to ensure consistency with domestic and international regulators.

However, when it comes to strengthening consent requirements for the collection, use, and disclosure of personal information, the government has expressed the need for further consultation. They emphasise that changes to consent may pose challenges for research organisations working in the public interest and might place an unrealistic burden on individuals faced with lengthy policies.

What next?

Overall, these proposed reforms aim to modernise Australia’s privacy laws in the digital age and protect individuals’ personal information in our data-driven world. Privacy advocates have welcomed these changes, as they believe they will help rebuild trust in the use of personal data by businesses and government agencies. The government is expected to engage in consultations with stakeholders before presenting the proposed amendments to Parliament in 2024.

Authors: Ashna Govil & Zaki Zeini, paralegals.