ARTICLE
13 September 2024

Australian Privacy Law Reform – The Wait Is (Almost!) Over

KG
K&L Gates

Contributor

At K&L Gates, we foster an inclusive and collaborative environment across our fully integrated global platform that enables us to diligently combine the knowledge and expertise of our lawyers and policy professionals to create teams that provide exceptional client solutions. With offices spanning across five continents, we represent leading global corporations in every major industry, capital markets participants, and ambitious middle-market and emerging growth companies. Our lawyers also serve public sector entities, educational institutions, philanthropic organizations, and individuals. We are leaders in legal issues related to industries critical to the economies of both the developed and developing worlds—including technology, manufacturing, financial services, health care, energy, and more.
The long-awaited privacy reform has finally been introduced into the Australian Parliament today with the introduction of the Privacy and Other Legislation Amendment Bill 2024.
Australia Privacy

The long-awaited privacy reform has finally been introduced into the Australian Parliament today with the introduction of the Privacy and Other Legislation Amendment Bill 2024. Described as 'Tranche 1' of the reforms, the Bill introduces significant uplifts to several aspects of Australia's privacy laws.

The proposed changes include:

  • The long-touted statutory tort for serious invasions of privacy;
  • As we predicted, new 'tiered' penalty provisions which will apply as soon as the law comes into force, allowing the Commissioner to issue infringement notices of up to AU$66,000 for specific breaches of the Australian Privacy Principles (APPs), including:
    • Not having a privacy policy, or not having a fully compliant privacy policy;
    • Not allowing individuals to remain anonymous or use a pseudonym (unless it is impracticable to do so);
    • Not keeping written records of certain disclosures;
    • Not complying with the direct marketing provisions in APP 7;
    • Not dealing with correction requests; and
    • Not providing compliant notifications about data breaches.
  • Introduction of an 'adequacy' recognition mechanism into APP 8, to make it easier for organisations to disclose personal information to third parties outside Australia – specific permitted countries or binding schemes will be specified for these purposes in the regulations, and disclosures to third parties in those countries or subject to those binding schemes will be permitted without the disclosing organisation being required to take additional steps to ensure the recipient complies with the APPs in relation to that information;
  • Additional notice requirements in entities' privacy policies regarding use of automated decision-making (the transitional provisions allow for a period of 24 months before this takes effect);
  • Additional protections for minors, by paving the way for the introduction of a Children's Online Privacy Code, which must be developed and registered by the Commissioner within 24 months of the law coming into force;
  • A new criminal offence for malicious release of personal data online, known as 'doxxing', with jail terms for publishing private details with the intent of causing harm, including up to 7 years' imprisonment if the person or group is targeted on the basis of their race, religion, sex, sexual orientation, gender identity, intersex status, disability, nationality or national or ethnic origin;
  • Additional entry, search and seizure powers to the Commissioner; and
  • Additional orders which may be made by the Federal Court for contraventions of the Privacy Act.

Although the changes are yet to be passed, now is most certainly the time to ensure your organisation has at least the most basic (and visible) privacy compliance measures in place, and to start considering the make-up of your organisation's privacy reform project team.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More