On September 28, 2023, the Attorney General's (AG) Department published the Australian Government's response to its Privacy Act Review Report 2022. In its response, the Government stated that, of the 116 proposals in the report, the Government agreed to 38 proposals, agreed in principle to 68 proposals, and noted 10 proposals.

The Government agreed to the proposal that the objects of the Privacy Act 1988 (the Privacy Act) should be amended to recognize the public interest in protecting privacy. Notably, the Government agreed in principle to the proposal that the Privacy Act should be amended to give individuals the right to opt out of their personal information being used or disclosed for direct marketing purposes.

More specifically, the Government's response outlines the following focus areas for privacy law reform:

• bringing the Privacy Act into the digital age by recognizing public interest in protecting privacy and exploring further how best to apply it to a broader range of information and entities that handle personal information;
• strengthening privacy protections under the Privacy Act through new organizational accountability requirements to encourage entities to incorporate Privacy by Design into their operating processes, and reforming the Notifiable Data Breaches (NDB) scheme to reduce harms caused by data breaches, as well as enhancing privacy protections for high privacy risk activities and vulnerable groups including children;
• providing entities with greater clarity on how to protect individuals' privacy, by simplifying the obligations that apply to entities that handle personal information on behalf of others, and clarifying the requirements for transferring personal information overseas, particularly to countries with similar privacy laws;
• providing individuals with greater transparency and control over their information through improved notice and consent mechanisms, and providing new avenues for individuals to seek redress for privacy breaches, including through a new tort for serious invasions; and
• increasing enforcement powers for the Office of the Australian Information Commissioner (OAIC), and expanding the scope of orders the court may make in civil penalty proceedings.

Moreover, the Government outlined in its response that it would consult with stakeholder groups when drafting further legislation to strengthen privacy protections.

You can read the press release here and the Government's response here.