Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Australia: Privacy and Other Legislation Amendment Bill 2024 introduced to House of Representatives
On September 12, 2024, the Privacy and Other Legislation Amendment Bill 2024 was introduced and read for the first time in the House of Representatives.
The bill proposes amendments to the Privacy Act 1988 (No. 119, 1988) (as amended) (the Privacy Act) to strengthen the enforcement powers of the Office of the Australian Information Commissioner (OAIC) and introduce provisions related to children's online privacy, automated decision-making, and data breaches. The bill also establishes a statutory tort for serious invasions of privacy and amends the Criminal Code Act 1995 to create new privacy-related criminal offenses.
What are the main provisions of the bill?
Among its provisions, the bill requires the OAIC to develop a Children's Online Privacy Code which will apply to social media and other internet services that are likely to be accessed by children. According to the bill, the code will mandate stricter privacy safeguards for children's data and ensure entities comply with privacy obligations specific to children's needs.
Under the bill, organizations will be allowed to share personal information during emergencies or following data breaches, to prevent harm, such as fraud or identity theft. Similarly, the bill permits sharing personal data following disasters or emergencies to support response efforts, including assisting affected individuals. Regarding data transfers, the bill introduces a mechanism to allow the transfer of personal information across borders to countries with substantially similar privacy protections to Australia.
Notably, the bill requires organizations using automated decision-making systems that significantly affect individuals, to disclose how personal data is used in these decisions. Entities must disclose this information in their privacy policies, and be transparent about the use of algorithms and automated systems.
Privacy offenses
The bill introduces a statutory tort for serious invasions of privacy, providing individuals with a right of action for breaches such as unauthorized surveillance, physical intrusion, or the misuse of their personal information. However, the bill provides specific exemptions from liability under the tort, including for journalism, enforcement bodies, and intelligence agencies. The bill also makes it a criminal offense to publish personal data in a manner intended to harass or menace a practice defined as 'doxxing.' For doxxing, the bill imposes a penalty of up to six years imprisonment, or up to seven years if the doxxing targets individuals based on attributes such as race, religion, or sexual orientation.
Enhanced regulatory powers and enforcement
The bill grants the OAIC enhanced powers to investigate potential privacy breaches, including search and seizure powers under warrant. Additionally, the bill empowers courts to order compensation to individuals for loss or damage suffered due to privacy breaches, where an entity is found to have breached a civil penalty provision. The bill also empowers the Information Commissioner to conduct public inquiries into matters relating to privacy.
You can read the bill here and track its progress here.
Update: September 23, 2024
Bill referred to Senate Legal and Constitutional Affairs Legislation Committee
On September 19, 2024, the bill was referred to the Senate Legal and Constitutional Affairs Legislation Committee for inquiry and report by November 14, 2024.
You can read the bill here and track its progress here.
Update: October 9, 2024
Bill passes second reading and referred to Federation Chamber
On October 9, 2024, the bill passed the second reading in the House of Representatives and was referred to the Federation Chamber.