December 7, 2021

Volume XI, Number 341

Advertisement
Advertisement

December 06, 2021

Subscribe to Latest Legal News and Analysis

Australia’s Online Privacy Bill and Privacy Act Discussion Paper: First Steps Towards an Enhanced Australian Privacy Regime

In the Australian Government’s first step towards enhancing and enforcing privacy compliance in Australia, the Attorney-General’s Department has released two publications regarding amendments to Australia’s privacy regime:

  • An exposure draft introducing amendments to the Privacy Act 1988 (Cth) (the Privacy Act), which will establish an online privacy code applicable to major online platforms and introduce increased penalties for non-compliance with the Privacy Act for all entities (the Online Privacy Bill); and

  • A discussion paper seeking further submissions on up to 67 proposals to amend the Privacy Act and introduce a raft of amendments to Australian privacy law focused on increasing enforcement, empowering individuals and aligning Australia with global privacy regimes (the Discussion Paper).

The Online Privacy Bill is Australia’s immediate response to certain issues identified out of the Australian Competition and Consumer Commission’s Digital Platforms Inquiry Report published in 2019 (the Digital Platforms Inquiry). While the Online Privacy Bill is still subject to public submission, we expect that the Australian Government will look to swiftly progress these reforms throughout 2022 in order to give more ‘teeth’ to Australia’s privacy regime while also affecting the Government’s commitment to further regulating major digital platforms.

The primary aspects of the Online Privacy Bill are:

  • Enhanced penalties, with maximum penalties for serious and, or, repeated breaches of the Privacy Act increasing from just over $2 million to an amount not exceeding the greater of AU$10 million, three times the value of the benefit obtained from the conduct or, if the value can’t be determined, 10% of the domestic annual turnover of the offending entity;

  • Increased enforcement powers, introducing new mechanisms for the Australian Information Commissioner to enforce the Privacy Act (through new information sharing arrangements, expanded assessment powers, infringement notice protocols, and expanded scope of determination powers) and creating criminal penalties for multiple instances of non-compliance; and

  • The online privacy code, implementation of an online privacy code that will apply to social media providers, data brokerage services and large online platforms (platforms with 2.5 million or more annual end users in Australia) (the OP Code). The OP Code is designed to enhance privacy protections for users of major digital platforms that collect and trade in high volumes of personal information. Entities subject to the OP Code will be subject to more stringent obligations regarding the notice, collection and use of personal information already existing under the Privacy Act while also introducing new obligations, including a right for individuals to request platforms to cease using their personal information and enhanced protections to children and other vulnerable groups.

The Discussion Paper is another step in the increasingly lengthy process of reforming the Australian privacy regime generally. A follow-up to the initial Issues Paper published in October 2020 (itself a response to the Digital Platforms Inquiry), the Discussion Paper seeks public comment on a vast array of proposals to amend the Privacy Act. Notable proposals include the creation of a Federal Privacy Ombudsman, the introduction of torts of privacy enforceable by individuals, new rights to individuals to object to or withdraw consent regarding the processing and use of their personal information and clarification to ambiguous terms of the Privacy Act, among others. A key focus of the Discussion Paper is the potential to implement terms that will align Australia with privacy regimes abroad, such as the European Union’s General Data Protection Regulation, or at least ensure that Australia’s system can act as a modular expansion of global privacy law through proposals to implement standard overseas data transfer terms and to remove exceptions to the Privacy Act to allow greater alignment with foreign privacy law.

While it is unlikely that all, or even a substantial majority, of the 67 proposals flagged in the Discussion Paper will be implemented, these proposals represent an opportunity for Australia to address holes in its current privacy regime and identify and implement the best elements of privacy compliance around the world.

What is clear from both the Online Privacy Bill and the Discussion Paper is that Australia is taking privacy more seriously. After being one of the first-movers in establishing a holistic data privacy regime in 2012, Australia’s privacy regime has stagnated in the context of privacy globally. These first steps highlight that Australia is not only looking to ensure it is at the forefront of privacy compliance once again, but also that it has the bite to enforce those standards.

Any interested party can provide responses to the Australian Government’s proposals by 6 December 2021 (with respect to the Online Privacy Bill) and 10 January 2022 (with respect to the Discussion Paper).

© Copyright 2021 Squire Patton Boggs (US) LLPNational Law Review, Volume XI, Number 326
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Connor McClymont Corporate Attorney Squire Patton Boggs Perth, Australia
Associate

Connor McClymont is an associate in our Corporate Practice Group, advising clients on a wide range of corporate transactions, focussing on capital markets and corporate governance. Connor also advises clients on data privacy and cybersecurity regulatory compliance and best practice. He works with clients to implement bespoke compliance frameworks and offers advice grounded in understanding the nature of their operations. He has advised clients on a range of matters in related fields, including consumer protection and employment.

Connor has experience assisting on capital market...

61 8-9429-7534
Chris P. Rosario Perth Australia Partner Attorney Mergers Acquisitions Australia Japan Squire Patton Boggs Law Firm
Partner

Experienced corporate lawyer with a focus on mergers and acquisitions and major projects for domestic and cross-border transactions. Chris has extensive experience advising Australian and Japanese companies.

Chris has significant experience advising listed and unlisted corporations in connection with domestic and cross-border mergers and acquisitions, capital markets and infrastructure projects.

Chris spent three years living in Tokyo and working with Itochu Corporation (a Fortune Global 500 company) on many cross-...

+61 8-9429-7553
Advertisement
Advertisement
Advertisement