Australia: AG Department issues report on Privacy Act review asks for public feedback
The Attorney General ('AG') of Australia, Mark Dreyfus, announced, on 16 February 2023, that the Australian Government has issued the report of the AG Department's review of the Privacy Act 1988 ('the Act'). In particular, the report outlines proposed reforms to the Act that are aimed at strengthening the protection of personal information and the control individuals have over their information. More specifically, the proposed reforms include:
- clarifying what information should be protected under the Act;
- ensuring de-identified information is protected from misuse;
- requiring privacy risks to individuals to be considered and protections applied accordingly;
- regulating 'targeting' of individuals based on information that relates to them but that may not uniquely identify them; and
- ensuring risks to privacy resulting from the small business, employee records, political, and journalism exemptions are addressed in a proportionate and practical way.
Furthermore, other proposed reforms address protections for personal information and transparency, including provisions to:
- improve the quality of information available to individuals about how their information is collected and used;
- require entities to take appropriate responsibility for handling personal information fairly and reasonably;
- require entities to identify and mitigate risks before engaging in high privacy risk practices;
- strengthen privacy protections for children and people experiencing vulnerability;
- improve individuals' control over their personal information, including a right to seek the erasure of personal information;
- give individuals more transparency and control over direct marketing, targeting, and sale of their personal information;
- strengthen the requirement on entities to keep personal information secure and destroy or de-identify the same when it is no longer needed; and
- facilitate overseas transfers of personal information whilst ensuring that it is properly protected.
Moreover, in recognition of the need to strengthen enforcement of privacy obligations, the proposed reforms strengthen the powers of the Office of the Australian Information Commissioner ('OAIC') in this regard, and provide new pathways for individuals to seek redress for privacy breaches, including through a new tort for serious invasions of privacy.
Notably, the AG highlighted that the Government is now seeking feedback on the 116 proposals in the report, before deciding what further steps to take, noting that submissions on the report can be made until 31 March 2023.