August 13, 2022

Volume XII, Number 225


August 12, 2022

Subscribe to Latest Legal News and Analysis

August 11, 2022

Subscribe to Latest Legal News and Analysis

August 10, 2022

Subscribe to Latest Legal News and Analysis

Australian Privacy Act Under Review

In December 2019, the Australian Government announced it would conduct a review of the Privacy Act 1988 (Cth).

A year has almost passed and finally the Australian Government has publicly released details about the review. On 30 October 2020, the Australian Government released the Terms of Reference of the review. In particular, the review will cover:

  • The scope and application of the Privacy Act
  • Whether the Privacy Act effectively protects personal information and provides a practical and proportionate framework for promoting good privacy practices
  • Whether individuals should have direct rights of action to enforce privacy obligations under the Privacy Act
  • Whether a statutory tort for serious invasions of privacy should be introduced into Australian law
  • The impact of the notifiable data breach scheme and its effectiveness in meeting its objectives
  • The effectiveness of enforcement powers and mechanisms under the Privacy Act and how they interact with other Commonwealth regulatory frameworks
  • The desirability and feasibility of an independent certification scheme to monitor and demonstrate compliance with Australian privacy laws.

The Australian Government has released an Issues Paper to seek feedback on potential issues relevant to the reform of the Privacy Act. Submissions in response to questions outlined in the Issues Paper or Terms of Reference should be submitted to the Attorney-General’s Department by 29 November 2020.

Interestingly, the Australian Government will consider issues that are regularly canvassed whenever the Privacy Act is reviewed. Yet again, the Australian Government is considering whether or not to introduce a statutory tort for the serious invasions of privacy and whether individuals should have a direct right of action to enforce privacy. Those who have been following our commentary or heard us speak over the years will not be surprised to learn that these issues remain on the privacy law reform radar in the medium term. If adopted, the inclusion of these rights in the Privacy Act would be a significant reform to privacy law in Australia and would significantly increase the potential avenues and forums for complaints against organisations for their privacy practices.

It appears from the Issues Paper the Australian Government is considering implementing the APEC Cross-Border Privacy Rules (CBPR) system, that provides a mechanism for governments and businesses to safeguard the free flow of data and demonstrate compliance with internationally recognised data privacy protections. Countries that adopt the CBPR system also maintain a domestic certification scheme and this is another issue under consideration. The third parties that undertake the certificationunder the CBPR system must be certified by APEC and may be a public or private sector entity.

In addition, the review provides the Australian Government with an opportunity to ensure Australia has privacy legislation that can operate in a fast paced and increasingly complex digital world, aligns with consumer expectations and can co-exist in a world with foreign privacy laws more akin to the EU GDPR.

Copyright 2022 K & L GatesNational Law Review, Volume X, Number 311

About this Author

Cameron Abbott, Technology, Attorney, Australia, corporate, KL Gates Law Firm

Mr. Abbott is a corporate lawyer who focuses on technology, telecommunications and broadcasting transactions. He assists corporations and vendors in managing their technology requirements and contracts, particularly large outsourcing and technology procurements issues including licensing terms for SAP and Oracle and major system integration transactions.

Mr. Abbott partners with his clients to ensure market leading solutions are implemented in to their businesses. He concentrates on managing and negotiating complex technology solutions, which...

Rob Pulham Corporate Attorney K&L Gates
Special Counsel

Rob Pulham is an experienced corporate advisory and transactional lawyer with an active technology and privacy practice representing companies in the energy, manufacturing, mining, retail, health and financial services sectors, as well as government and not for profit organisations. He has extensive experience advising customers and vendors in the technology industry, with particular focus on software licensing, data privacy and protection, and systems integration projects. In his role as a senior corporate lawyer, Mr. Pulham reviews organisational policies and practices...

Keely O'Dowd, K&L Gates, attorney, Melbourne

Ms. O'Dowd is an experienced lawyer with a focus on technology and sourcing projects. She advises on a broad range of technology transactions, including procurement, outsourcing and software licensing. This work includes drafting and advising on a range of IT procurement and supply agreements. Ms. O'Dowd advises a range of corporations on privacy and cybersecurity.