Home Data Protection Australia Privacy Act Review – a Blueprint for Change?

Australia Privacy Act Review – a Blueprint for Change?

by delta
0 comment

The Australian Attorney General has announced the results of the (long-awaited) privacy legislation review.

This report is Australia’s leading privacy law Privacy Act 1988. This report does not represent official government policy and there is no guarantee that the proposed changes will ultimately be enacted into law. But Australian businesses should start preparing for these changes, especially given the level of bipartisan support for privacy reform following the massive data breach he experienced in 2022.

What changes are you proposing?

Despite the identification of a number of recommended changes, the structure of privacy law remains broadly unchanged. In particular, the Australian Privacy Principles are not supplemented with more precise rules governing data processing activities.

Some of the proposals can be considered clarifications rather than substantive changes, such as the request for an extended guidance note from Australia’s privacy regulator, the Australian Information Commissioner’s Office.

However, there are a number of recommendations that, if implemented, would significantly change the way Australian organizations approach privacy compliance. For example:

  • Significant expansion of data subject rights. Many concepts are borrowed from other regimes such as GDPR. This includes the right to erasure, the right to withdraw consent, the right to object to the collection, use or disclosure of personal information, and the right to have it deleted. Index online search results that contain certain categories of personal information.
  • In addition to serious interference with privacy, the introduction of direct individual rights of action against statutory privacy torts.
  • A more structured process for direct marketing, tracking and trading of personal information, including the unconditional right to opt out of receiving targeted advertising.
  • Partial Deletion of Employee Records Exemptions. It entails limited obligations that apply to HR data, such as the requirement to keep data secure and notify staff of relevant data breaches.
  • Increased transparency around privacy policies and collection notices as standardized templates and layouts should be developed for each sector, including additional data points to help data subjects understand and compare policies.
  • Update the basis on which offshore transfers can be made, such as when Standard Contractual Clauses are used, informed consent is obtained, or appropriate decisions are made.
  • Removal of the exemption for small and medium enterprises (i.e. annual turnover of A$3 million or less). This will significantly increase the number of organizations that will have to comply with privacy laws, but it is reported that this requires further consultation.
  • For organizations that process personal information of minors, a series of changes including the development of a Children’s Online Privacy Code and a ban on direct marketing to children unless certain conditions are met.

What are the next steps?

It is not yet known how the Australian government will respond to the review or whether it will accept the recommendations.

The report itself says that some proposals have not benefited from stakeholder feedback and require further consultation before implementation. Therefore, it may take some time before the changes are fully adopted (if at all).

In the meantime, Australian businesses can now make changes to their processes to mitigate the impact if these recommendations are adopted.

Please contact us for more information.

authors: Sarah Burkett, Nicholas Boyle

DELTA Data Protection & Compliance, Inc. Academy & Consulting – The DELTA NEWS – info@delta-data-compliance.com

You may also like

Leave a Comment


Delta-Compliance.com is a premier news website that provides in-depth coverage of the latest developments in finance, startups, compliance, business, science, and job markets.

Editors' Picks

Latest Posts

This Website is operated by the Company DELTA Data Protection & Compliance, Inc., located in Lewes, DE 19958, Delaware, USA.
All feedback, comments, notices of copyright infringement claims or requests for technical support, and other communications relating to this website should be directed to: info@delta-compliance.com. The imprint also applies to the social media profiles of DELTA Data Protection & Compliance.

Copyright ©️ 2023  Delta Compliance. All Rights Reserved

Newsletter Signup

Subscribe to our weekly newsletter below and never miss the latest product or an exclusive offer.