Law: Privacy Act 1988 (No. 119, 1988) (as amended) ('the Privacy Act')
Regulator: The Office of the Australian Information Commissioner ('OAIC')
Summary: The Privacy Act, which includes a set of Australian Privacy Principles, provides general personal data protection requirements and provisions, including the right to access and to be informed. However, the Privacy Act does not explicitly refer to 'data controllers' or 'data processors,' nor does it include provisions regarding data protection officer appointments or Data Protection Impact Assessments. On 22 February 2018, the 'notifiable data breaches' provisions of the Privacy Act came into effect, requiring mandatory notification of all 'eligible data breaches' to the OAIC as well as affected individuals. In addition, in 2019 the Australian Government passed the Treasury Laws Amendment (Consumer Data Right) Bill, which provides consumers with the right to data portability in order to enable them to switch between products and services. The Consumer Data Right was introduced to the banking sector in 2020 and will be rolled out progressively into the retail energy and telecommunications sectors.
Notably, the Australian Parliament approved the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 ('the 2022 Bill'), which came into effect on 13 December 2022. Importantly, the 2022 Bill significantly increases penalties for repeated or serious privacy breaches by companies which fail to take adequate care of customer data and provides the OAIC with greater powers to resolve privacy breaches and quickly share information about data breaches to help protect impacted customers.
On 16 Febuary 2023, the Attorney General publicly released a Report on the Privacy Act Review. The Report outlines the 116 proposed reforms to the Privacy Act and was informed by feedback received in response to the aforementioned Issues Paper released in October 2020 and a Discussion Paper, released in October 2021. At the same time as releasing the Discussion Paper for the Privacy Act review, the Australian Government published an Exposure Draft for the proposed Privacy Legislation Amendment (Enhancing Online Privacy and Other Measures) Bill 2021, however the bill was never introduced to Parliament.
In addition, there are various other pieces of privacy legislation and authorities within the states and territories, further information on which is available through the jurisdiction dashboard links below.