February 1, 2023

Volume XIII, Number 32


January 31, 2023

Subscribe to Latest Legal News and Analysis

January 30, 2023

Subscribe to Latest Legal News and Analysis

Australia Passes Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022

Earlier this week (on 29 November), the Australian Parliament passed the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 (Bill) which was introduced to Parliament on 26 October 2022.

The Bill amends the following:

  • Privacy Act 1988 to expand the Australian Information Commissioner’s enforcement and information sharing powers and increase penalties for serious or repeated interferences with privacy;

  • Australian Communications and Media Authority Act 2005 to enable the Australian Communications and Media Authority to disclose information to a non-corporate Commonwealth entity that is responsible for enforcing one or more laws of the Commonwealth; and

  • Australian Information Commissioner Act 2010 to allow the Australian Information Commissioner to delegate certain functions or powers.

The biggest result is the increase to maximum penalties for serious or repeated privacy breaches from the current $2.22 million for organsiations to an amount not more than the greater of the following:

  • $50 million;

  • if the court can determine the value of the benefit that the body corporate, and any related body corporate, have obtained directly or indirectly and that is reasonably attributable to the conduct constituting the contravention—3 times the value of that benefit;

  • if the court cannot determine the value of that benefit—30% of the adjusted turnover of the body corporate during the breach turnover period for the contravention.

We will post some answers to key FAQs about these amendments shortly.  For example – what is qualified as a ‘serious and repeated’ interference of an individual’s privacy and how we consider the penalties may be applied – i.e. how a company’s adjusted turnover may be determined.

Australian Information Commissioner, Angelene Falk said the changes create “closer alignment with competition and consumer remedies” under the EU GDPR and “facilitate engagement with domestic regulators and our international counterparts to help us perform our regulatory role efficiently and effectively.” Notably, it also brings the penalties in line with recent changes to the penalties under the Australian Consumer Law regime.

The penalty increase is intended to act as a powerful deterrent, so organsiations no longer see privacy risk as a ‘risk of doing business’.

Stephanie Mayhew also contributed to this article.

Copyright 2023 K & L GatesNational Law Review, Volume XII, Number 336

About this Author

Cameron Abbott, Technology, Attorney, Australia, corporate, KL Gates Law Firm

Mr. Abbott is a corporate lawyer who focuses on technology, telecommunications and broadcasting transactions. He assists corporations and vendors in managing their technology requirements and contracts, particularly large outsourcing and technology procurements issues including licensing terms for SAP and Oracle and major system integration transactions.

Mr. Abbott partners with his clients to ensure market leading solutions are implemented in to their businesses. He concentrates on managing and negotiating complex technology solutions, which...

Rob Pulham Corporate Attorney K&L Gates
Special Counsel

Rob Pulham is an experienced corporate advisory and transactional lawyer with an active technology and privacy practice representing companies in the energy, manufacturing, mining, retail, health and financial services sectors, as well as government and not for profit organisations. He has extensive experience advising customers and vendors in the technology industry, with particular focus on software licensing, data privacy and protection, and systems integration projects. In his role as a senior corporate lawyer, Mr. Pulham reviews organisational policies and practices...