The Australian Government has introduced a pivotal step in updating privacy laws with the Privacy and Other Legislation Amendment Bill 2024 (the Bill). This move, announced last week, represents the first phase of a broader initiative to modernise privacy regulations in response to the digital age’s challenges.
This update makes several changes to the Privacy Act 1988 and 7 other laws to better protect people’s personal information.
Key changes include:
- Expanding the powers of the Information Commissioner.
- Allowing easier information sharing in emergencies or after data breaches.
- Requiring a new Children’s Online Privacy Code.
- Adding protections for sharing personal information overseas.
- Introducing new civil penalties.
- Increasing transparency about automated decisions using personal data.
- The Privacy Act 1988 will now include a legal claim for serious privacy breaches.
- The Criminal Code Act 1995 will also add criminal offences for releasing personal data in a way that is threatening or harassing, known as ‘doxxing’.
From Data Security to Doxxing: Unpacking the Latest Australian Privacy Reforms
This development follows the Government’s acceptance of recommendations from the Attorney-General’s Privacy Act Review Report, which emphasised the need for an enhanced privacy framework that is robust and adaptable to the evolving digital landscape. While the Bill does not encompass all anticipated reforms, it sets the groundwork for substantial changes affecting how businesses handle personal data.
Key Reforms
The Bill brings several significant updates designed to address contemporary privacy issues:
- Statutory Tort for Serious Privacy Breaches: Individuals will now be able to seek legal redress for severe privacy intrusions, provided these breaches were intentional or reckless. This change marks a notable shift by allowing individuals to directly address privacy violations between themselves.
- Strengthened Enforcement Powers: The Australian Information Commissioner (OAIC) will gain broader authority, including the ability to conduct public inquiries and mandate corrective actions for privacy violations. These enhancements aim to bolster oversight and accountability.
- Criminal Offences for Doxxing: New criminal provisions will target the malicious online disclosure of personal information, known as doxxing. Offenders could face imprisonment, especially if the targeted individuals are identified based on sensitive attributes such as race or religion.
- Children’s Online Privacy Code: The Bill calls for the creation of a Children’s Privacy Code to better safeguard minors in digital environments. This code will apply to services likely used by children and will be enforced by the OAIC.
- Enhanced Data Security and Transfers: The Bill clarifies requirements for data security and facilitates international data transfers by recognizing countries and schemes with privacy protections comparable to Australian standards.
- Transparency in Automated Decision-Making: Businesses will need to disclose the use of automated systems in decision-making processes that significantly impact individuals. This requirement aims to improve transparency and accountability.
- Emergency Data Sharing Guidelines: New rules will govern the sharing of personal information during emergencies, ensuring privacy while enabling effective crisis response.
Key Takeaways
The Bill represents a significant evolution in Australia’s approach to privacy management. It aligns privacy laws with modern digital realities and introduces personal privacy rights that extend beyond organizational data handling.
For Businesses:
- Update Privacy Policies: Ensure policies reflect new requirements for automated decision-making and personal data handling.
- Prepare for New Legal Challenges: Be aware of the new statutory tort and criminal offences related to doxxing, and enhance data protection practices.
- Adapt to New Codes and Guidelines: Implement changes to comply with the forthcoming Children’s Privacy Code and updated data security and transfer protocols.
This reform marks an important step towards a more comprehensive privacy framework. Businesses should review their privacy mechanisms and conduct risk assessments to ensure compliance with the new regulations. It’s an ideal time to update your privacy practices in line with these changes.
Disclaimer: This article provides a general overview of the Privacy and Other Legislation Amendment Bill 2024 and is not intended as legal, or any other advice. Consult with a legal professional for advice tailored to your specific needs.
