Intellectual Property, Information Technology & Cybersecurity

Australia Introduces First Tranche of Privacy Law Reforms

Earlier today, the Government introduced draft legislation to reform the Privacy Act 1988 (Privacy Act) into Parliament. The Privacy and Other Legislation Amendment Bill 2024  (Bill) marks a significant step forward for Australian privacy law, aiming to make it “fit-for-purpose in the digital age”.

With the introduction of this Bill, the Australian Government is seeking to legislate the first tranche of agreed recommendations of the Privacy Act Review, ahead of consultation on a second tranche of reforms. The Bill’s drafting was also informed by the government’s previous response to the review.

The Office of the Australian Information Commissioner (OAICwarmly welcomed this first tranche of reforms to the Privacy Act, saying the Bill will:

  • strengthen the OAIC’s enforcement toolkit, which will include a new mid-tier civil penalty for interferences with privacy and a low-level civil penalty provision for specific administrative breaches of the Act with attached infringement notice powers;
  • require the OAIC to develop a new Children’s Online Privacy Code to enhance privacy protections for children in the online environment, particularly when using digital platforms;
  • introduce a statutory tort for serious invasions of privacy, which would be an important addition to the suite of regulatory measures needed to address gaps in the existing privacy protection framework and address current and emerging privacy risks and harms (such as doxing).

The Attorney-General provided a more detailed overview of the bill including the proposal to criminalise doxing.

Australian Privacy Commissioner Carly Kind said,

These are important initiatives that will have benefits for the Australian community,

The enhanced civil penalty regime will add significantly to our enforcement toolkit,

And

The statutory tort would also fill a gap in our privacy landscape by providing people with the ability to seek redress through the courts for serious invasions of privacy without being limited to the scope of the Act.

However, Commissioner Kind said much more needed to be done, and the OAIC is eagerly awaiting the second tranche of privacy reforms which includes a new positive obligation that personal information handling is fair and reasonable.

As the OAIC put it, the coverage of Australia’s privacy legislation lags behind the advancing skills of malicious cyber actors. Further reform of the Privacy Act is urgent, to ensure all Australian organisations build enhanced levels of security into their operations, and provide additional tools to enforce protections for personal information.

Written by Jake Huang and Steven Pettigrove

< Back