Amendments to the Privacy Act are on the horizon

Oct 17, 2023

In February this year we summarised the Attorney General’s highly anticipated review of the Privacy Act 1988 (the Act). The report made 116 proposals, addressing three key areas, covering the scope and application of the Act, protections under the Act and regulations and enforcement.

In recent weeks the Australian Government has responded to the Attorney General’s review. In its response, the Australian Government has agreed with 38 of the Attorney General’s proposals and agreed in-principle with a further 68 proposals. What this means is that whilst the Australian Government does agree with the majority of the Attorney General’s proposals, further consideration on some proposals is still required.

There are five key themes that the privacy reforms will focus on:

  1. Bringing the Privacy Act into the digital age

The privacy reforms will bring the scope and application of the Act into the digital age – meaning that it will better capture a broader range of information and the entities which handle this information. How public interest can be better protected by applying the Act more broadly will be explored.

  1. Uplifting protections

The Act will be amended to provide more accountability to entities in how they handle an individual’s personal information, ensuring that it is maintained in line with community expectations. The amendments will also impose stricter requirements on when information needs to be kept secure and when it should be destroyed.

These changes will include amendments to the Notifiable Data Breaches Scheme and provide for new protections to high privacy risk activities and more vulnerable groups, such as children.

  1. Increasing clarity and simplicity

The reforms will provide greater clarity on how individuals’ personal information should be protected, simplifying the obligations that apply to entities when they are handling information on behalf of another entity.

The reforms will also provide for better flexibility in code-making, by reducing inconsistencies across different legal frameworks and simplifying the requirements for transferring personal information overseas.

  1. Improving control and transparency for individuals over their personal information

Perhaps most importantly, the reforms will provide individuals with greater control and transparency over their information. This is intended to be achieved by improved notice and consent requirements.

The reforms will also provide individuals with the right to apply to the courts for relief where their personal information has been interfered with, and impose a new statutory tort for serious invasions of privacy. 

  1. Strengthening enforcement

The reforms will also increase the enforcement powers of the Office of the Australian Information Commissioner (OAIC) and increase the scope of orders the court can make in a civil penalty proceeding, providing the courts with the ability to consider applications for relief made by individuals.

As part of increasing its enforcement powers, a review of the OAIC will also occur, which will ensure that the privacy regulator has the appropriate resourcing to ensure it has capacity to enforce the new privacy laws.

The Australian Government has highlighted its commitment to introducing legislation to protect the personal information of Australians in 2024. Before legislation can be introduced the Attorney General’s Department must now begin drafting legislative amendments, which will be informed by a detailed analysis and targeted consultations with stakeholders.

The Australian Government’s response to the Attorney General’s review is available in full on the Attorney General’s website.

If you have any questions about the Attorney General’s report or the response by the Australian Government, the KKI Commercial Team are here to help.