By 
In response to the Attorney-General’s Privacy Act Review Report, the Albanese government of Australia has unveiled its proposals aimed at safeguarding citizens against identity fraud, scams, and ensuring the country’s global business competitiveness.
The Privacy Act Review Report, initially released in February 2023, sought to clarify the scope of the act, enhance individual protections, provide regulatory clarity, and strengthen enforcement measures. The government has recently released its official response to the report, considering over 500 public responses and signaling its agreement with most of the 116 recommendations.
Among the endorsed proposals are plans for bolstering data protections for children, restricting companies from targeting children for marketing purposes, and introducing a Children’s Online Privacy Code.
The government also recognizes that excessive reliance on consumer consent can place an unrealistic burden on individuals to manage their data privacy risks. It proposes shifting this burden to data-gathering entities, requiring them to obtain informed consent for personal data handling and holding them accountable for the secure and proper management of collected data.
Presently, small businesses with an annual turnover of AU$3 million (approximately US$1.9 million) or less are exempt from the Privacy Act, with no obligations to secure personal data or notify affected individuals in case of a data breach. The government has tentatively agreed to remove this exemption after conducting an impact analysis and allowing for a reasonable transition period.
The exemption for reporting in the Privacy Act, particularly in journalism, will continue to apply, as will exemptions for media organizations from disclosing personal information held about individuals to prevent complaints and harassment.
Additionally, the government has agreed, in principle, to ensure that data collection is fair and reasonable, expanding the definition of personal information to include data like cookie identifiers and IP addresses.
Public reaction to both the Privacy Act and the government’s official response has been diverse.
While welcoming the additional privacy protections for children, The Guardian criticized the rejection of adults’ right to opt out of targeted advertising. The outlet also expressed concerns about the government’s refusal of a potential political exemption in the Privacy Act, fearing it could lead to misleading tactics by political parties and campaigns.
The International Association of Privacy Professionals (IAPP), a global privacy community, acknowledged the government’s progress in various areas while noting that recommendations to enhance the protection of anonymized data were not approved. However, there was an appreciation for recognizing the importance of creating a privacy framework conducive to business growth, with clarity in terms like collection, disclosure, and consent.
The Attorney-General will conduct an impact analysis and collaborate with various stakeholders, including the community, businesses, media organizations, and government agencies, as they work towards legislating these changes in 2024.
These upcoming changes will complement other critical reforms by the Australian Government, including Digital ID, the 2023-2030 Australian Cyber Security Strategy, the National Strategy for Identity Resilience, and Supporting Responsible AI in Australia.
Comments