The Times Australia
The Times World News

.
Times Media

.

Long-overdue Australian privacy law reform is here – and it’s still not fit for the digital era

  • Written by Katharine Kemp, Associate Professor, Faculty of Law & Justice; Lead, UNSW Public Interest Law & Tech Initiative, UNSW Sydney

Almost four years since the Privacy Act review commenced[1], the Australian government has introduced a reform bill that fails to make most of the fundamental changes needed to modernise our privacy laws.

Attorney-General Mark Dreyfus[2] said in May that the government would introduce legislation to reform a privacy regime that’s “woefully outdated and unfit for the digital age”.

But the new bill doesn’t touch most of the substantive principles in our privacy law, originally passed in 1988 and largely unchanged since then. This was an era long before our everyday lives were conducted via the internet or smartphones.

The reform bill does finally introduce a statutory tort for serious invasion of privacy, which has been anticipated for more than a decade[3]. It also provides a process for a potential children’s privacy code, and “tiered” penalties that provide lower fines for more minor breaches of the act.

But it continues to leave Australians at the mercy of rampant tracking, targeting and profiling by data brokers[4], major retailers, rental platforms and data-matching firms. Catastrophic data breaches flow from poorly regulated data practices – and we’re still not protected.

What does the reform bill change?

While the government calls this a “first tranche” of reform, it has not yet committed to a timeline for further reform. That would come after the election.

The amendments are far from the “overhaul” that privacy experts and advocates expected. Instead, they focus on rules for relatively narrow situations or groups, without changing the most important principles that tell government and businesses how to treat our personal information.

A Children’s Online Privacy Code, to be developed by the privacy commissioner, is likely to be a long time in the making, following further periods of consultation. The deadline for registering this code is more than two years away.

But we urgently need fundamental privacy protections for all Australians, whether they be 13, 18 or 80 years old.

The proposed reform includes a statutory tort (a civil wrong) for serious invasions of privacy. This is a positive, if belated, development – it was already recommended in 2008[5] and 2014[6].

It would allow Australians to sue for damages for serious invasions of privacy. This is either an intrusion into seclusion (for example, being filmed in a private place) or misuse of information relating to a person, where they had a reasonable expectation of privacy.

This law would only apply if the invasion is “serious” and committed intentionally or recklessly. Serious harms caused by an organisation’s negligence would not be enough.

The bill also includes an “anti-doxing” offence, with prison sentences up to seven years. This amendment was not debated as part of the Privacy Act review. It responds to an incident earlier this year[7] when the personal details of hundreds of Jewish members of an online support group were published without their consent[8].

The introduction of a doxing offence will not broadly improve the way organisations treat our personal data. Most privacy harms are not caused by the publication of personal details that is “menacing or harrassing” under criminal law.

Read more: What is doxing, and how can you protect yourself?[9]

What does the bill leave out?

The proposed amendments leave out most of the fundamental reforms necessary to make Australia’s privacy laws fit for the digital era.

There is no “fair and reasonable” test for dealing with personal information. This would have helped prevent businesses relying on supposed “consents” to use information unfairly in situations where a person has no real choice but to provide the information.

The proposal to end the small businesses[10] exemption was also omitted. Unlike most countries, Australia’s privacy law doesn’t apply to small businesses, which make up about 95% of businesses.

For instance, real estate agents and rental platforms[11] are becoming notorious for the privacy risks and harms some inflict on renters and clients. But if their annual revenue is less than A$3 million, they may have no obligations under the Privacy Act.

The bill leaves out an updated definition of “personal information”, which would capture data commonly used to track and profile Australians online. An updated definition would help guard against data brokers singling out individuals[12] using unique identifiers, but claiming the Privacy Act doesn’t apply to them.

An improved definition of “consent”[13] was also left out. The proposal would have required consent to be “voluntary, informed, specific, current, and unambiguous”. The current law allows consent to be “implied”. Companies have used this to rely on vague terms hidden in the fine print of website policies.

There is still no direct right of action for individuals to seek relief in the courts for a breach of the Australian privacy principles. Instead, they must make a complaint to the Office of the Australian Information Commissioner, which then decides whether it will make any investigation or determination.

Four years and little to show

The Australian Competition & Consumer Commission recommended[14] wide-ranging reform of Australia’s privacy law in 2019. It noted other countries have modernised their privacy laws, but Australians use the same digital platforms without comparable protections in place.

The Privacy Act review began in 2020 and received hundreds of submissions. This culminated in 116 proposals made in a report by the Attorney-General’s department[15] in 2023. Later that year, the government agreed[16] or agreed “in principle” to 106 of those proposals.

In the interim, following several major data breaches[17] in 2022, the government did pass narrow amendments to the Privacy Act[18]. This included large increases in maximum penalties. But the underlying rules remained unchanged and no penalty has ever been imposed.

The bill is likely to be referred to a parliamentary committee for review. This in turn means it isn’t likely to be passed until 2025, further delaying the limited amendments. As it stands, the reform bill is not enough to fundamentally change the way organisations treat Australians’ personal information.

Our data-protection laws will likely remain well behind those in jurisdictions such as the European Union[19] for years to come.

References

  1. ^ since the Privacy Act review commenced (www.ag.gov.au)
  2. ^ Attorney-General Mark Dreyfus (ministers.ag.gov.au)
  3. ^ anticipated for more than a decade (www.alrc.gov.au)
  4. ^ profiling by data brokers (theconversation.com)
  5. ^ 2008 (www.alrc.gov.au)
  6. ^ 2014 (www.alrc.gov.au)
  7. ^ incident earlier this year (www.smh.com.au)
  8. ^ published without their consent (theconversation.com)
  9. ^ What is doxing, and how can you protect yourself? (theconversation.com)
  10. ^ small businesses (www.afr.com)
  11. ^ real estate agents and rental platforms (www.choice.com.au)
  12. ^ data brokers singling out individuals (cprc.org.au)
  13. ^ definition of “consent” (www.salingerprivacy.com.au)
  14. ^ Australian Competition & Consumer Commission recommended (www.accc.gov.au)
  15. ^ report by the Attorney-General’s department (www.ag.gov.au)
  16. ^ the government agreed (www.ag.gov.au)
  17. ^ major data breaches (www.abc.net.au)
  18. ^ narrow amendments to the Privacy Act (www.legislation.gov.au)
  19. ^ jurisdictions such as the European Union (www.abc.net.au)

Read more https://theconversation.com/long-overdue-australian-privacy-law-reform-is-here-and-its-still-not-fit-for-the-digital-era-238214

The Times Features

Group Adventures Made Easy: How to Coordinate Shuttle Services from DCA to IAD

Traveling as a large group can be both exciting and challenging, especially when navigating busy airports like DCA (Ronald Reagan Washington National Airport) and IAD (Washington...

From Anxiety to Assurance: Proven Strategies to Support Your Child's Emotional Health

Navigating the intricate landscape of childhood emotions can be a daunting task for any parent, especially when faced with common fears and anxieties. However, transforming anxie...

The Rise of Meal Replacement Shakes in Australia: Why The Lady Shake Is Leading the Pack

Source Meal replacement shakes are having a moment in Australia, and it’s not hard to see why. They’re quick, convenient, and packed with nutrition, making them the perfect solu...

HCF’s Healthy Hearts Roadshow Wraps Up 2024 with a Final Regional Sprint

Next week marks the final leg of the HCF Healthy Hearts Roadshow for 2024, bringing free heart health checks to some of NSW’s most vibrant regional communities. As Australia’s ...

The Budget-Friendly Traveler: How Off-Airport Car Hire Can Save You Money

When planning a trip, transportation is one of the most crucial considerations. For many, the go-to option is renting a car at the airport for convenience. But what if we told ...

Air is an overlooked source of nutrients – evidence shows we can inhale some vitamins

You know that feeling you get when you take a breath of fresh air in nature? There may be more to it than a simple lack of pollution. When we think of nutrients, we think of t...

Times Magazine

Segway ZT3 Pro All-Terrain Electric Scooter

Segway-Ninebot, the global leader in the micromobility transportation solutions and robotic service industries is announcing its brand-new ZT series of electric scooters with the ZT3 Pro in Australia. The Segway ZT3 Pro combines cutting-edge smar...

Enamel paint: why you need it for your application

Enamel paint is revered for its glossy, vibrant finish, the kind that leaves any of its applications looking bold and shimmering. This centuries-old paint has become a favourite for industrial applications, providing a stunning and durable finish...

From Pixels to Emotions: Unveiling the Magic of Photo Prints

Enhancing your living space with personal touches that reflect your style and life experiences can turn any house into a cozy and inviting home. One way to achieve this is by adorning your walls with beautiful photo prints. Photo prints not only ...

Take Advantage of Cloud Accounting Software to Unlock Maximum Efficiency

In today's fast-paced business environment, it's critical to have access to real-time financial information. A cloud accounting solution provides a cost-effective, secure, and efficient way to manage your business's financial activities, regardless...

Sesame Street supports emotional wellbeing in young children

SESAME WORKSHOP ANNOUNCES MULTI-YEAR COMMITMENT TO THE EMOTIONAL WELL-BEING OF YOUNG CHILDREN AND FAMILIES Sesame Workshop, the nonprofit educational organisation behind Sesame Street, has announced a new focus on the emotional well-being of yo...

New RAT Variants Running Rampant, Threat Report Reveals

Avast (LSE:AVST), a global leader in digital security and privacy, today released its Q3/2021 Threat Report. In the third quarter of the year, the Avast Threat Labs have seen an increased risk of businesses and consumers being attacked by ransomw...