Getting your Trinity Audio player ready...
|
The Australian Government released its response to the Privacy Act Review Report. The report, initially published in February 2023, prompted public consultations to shape the government’s response. The impetus for this review stemmed from recommendations arising from the Australian Competition and Consumer Commission’s 2019 Digital Platforms Inquiry final report.
In their response to the review, the government has committed to advancing efforts aimed at bolstering privacy safeguards for individuals and ensuring that Australian businesses receive clear guidance on the scope of information covered by the Privacy Act and the most effective methods to safeguard such data. They also intend to maintain an ongoing dialogue with stakeholders during the development of draft legislation.
The Government will advance the evaluation of changes to Australia’s privacy framework, focusing on five key areas of emphasis:
- Modernise the Privacy Act to encompass digital advancements, expanding its reach to include a wider range of information and entities handling personal data.
- Enhance privacy protections by holding entities accountable for handling data in line with community expectations, bolstering data security requirements, and improving response to data breaches. Special safeguards will be introduced for high-risk activities and vulnerable groups like children online.
- Simplify privacy obligations for entities, offer clearer guidance, and harmonise privacy regulations with other legal frameworks, particularly for international data transfers.
- Empower individuals with better control and transparency over their personal information, introducing new rights and avenues for redress in cases of privacy interference.
- Strengthen privacy enforcement by granting greater powers to the OAIC, expanding court orders in civil penalty cases, and enabling individuals to directly seek relief for privacy breaches. Additionally, a strategic evaluation of the OAIC’s resources and potential funding models will enhance its effectiveness as Australia’s privacy regulator.
Following the release of the Privacy Review Act, which commits to 38 out of 116 proposals in the Privacy Act Review Report and agrees in principle to 68 measures, The CEO of the Tech Council of Australia (TCA) released a statement expressing satisfaction with the government’s acceptance of many of their proposals. The TCA has consistently advocated for the modernisation of Australia’s outdated privacy laws to align better with the increasingly interconnected global digital economy.
Key measures proposed by the TCA include the need for more harmonised and interoperable privacy laws in line with international standards like GDPR, the introduction of data controllers and data processors concepts, clearer definitions for organisations’ obligations to protect personal information, a review of laws related to the retention of personal data, privacy impact assessments for activities with higher privacy risks (e.g., Facial Recognition Technology), the establishment of an ‘Australian link’ for the Privacy Act, and granting the Office of the Australian Information Commissioner (OAIC) the ability to publish guidelines on emerging technologies and privacy practices.
Additionally, the TCA supports the introduction of a Children’s Online Privacy Code similar to the UK’s Age Appropriate Design Code, covering data standards, parental controls, consent, and a process led by the Australian Information Commissioner.
The TCA plans to consult with its member community on various aspects that require further consideration and assessment of potential implementation risks and issues. These include the right to erasure, transparency requirements for substantially automated decision-making, clarification of the roles and responsibilities of data controllers and processors, removal of the small business exemption for privacy, proposals for a direct right of privacy and statutory tort of privacy, and the design of privacy and collection notices.
The government’s response notes that the digital economy has brought about innovation, increased productivity, and various advantages for Australians. Nevertheless, the extensive data exchanges that support digital systems have also paved the way for significant data breaches, impacting millions of Australians and jeopardising their sensitive personal data, making them vulnerable to identity theft and scams. Robust privacy safeguards are essential for establishing the security, trust, and confidence needed to foster innovation and economic expansion.
OpenGov Asia reported earlier that the University of Wollongong (UOW) and the Indian Institute of Technology (IIT) Kanpur have joined forces in a pioneering effort funded by the Australia-India Cyber and Critical Technology Partnership. This grant, facilitated by the Department of Foreign Affairs and Trade (DFAT), is poised to advance the field of privacy in cloud computing, a critical domain in today’s rapidly evolving technological landscape.