What’s Next For Australia’s Privacy Laws?

One woman, lady explorer and biologist standing in nature by waterfall alone, using binoculars.

With the Australian government currently undertaking the most significant review to our data laws ever, smrtr’s co-founder and CTO Boris Guennewig explains what might be next for Australia’s privacy laws.

Australia’s privacy laws look set for a significant shakeup following the ACCC’s inquiry into digital platforms.

As part of the government’s response to the Digital Platforms Inquiry it recommended a review of the Privacy Act, with promises to strengthen consumer protections.

Australia’s Privacy Act has been amended almost 90 times since it was introduced in 1989. However, the upcoming review will likely see the most significant changes yet.

Many argue that current laws are outdated and do not carry tough enough penalties for businesses that have failed to protect customer’s privacy.

The Office of the Australian information Commissioner (OAIC) recently found that privacy is a major concern for 70 percent of Australians, while 90 percent revealed they want more control over their personal information.

What is the Privacy Act?

The report also highlighted the public’s lack of understanding of the existing laws. 34 percent of Australians revealed they had never heard of the Privacy Act, while 58 percent had heard of it but could not name it.

As it stands today, the Privacy Act regulates how Australian Government agencies and organisations with an annual turnover of more than $3 million (with some exceptions) handle personal data.

The Privacy Act has 13 Australian Privacy Principles (APPs), which deal with how personal information is processed, standards of collection, disclosure, quality and security of personal information.

As of 2018, the Office of the Australian Information Commissioner now requires individuals to be notified if they are affected by a data breach under the Notifiable Data Breaches scheme.

What will it look like?

If Australia’s updated data privacy laws are to really be world-leading, they will have to build upon existing global frameworks.

The EU has been a leader in this space, with the launch of the General Data Protection Regulation (GDPR), while the Californian government has also introduced a Consumer Privacy Act in recent times.

Many have tipped the government to come up with ‘GDPR-like’ regulation,which will promote principles such as data minimisation, transparency and security.

While GDPR was a leader in terms of its timing, this does not necessarily mean it has led the way in terms of effectiveness.

Early data shows that while the regulation is strict on paper, in practice, it has (so far) lacked teeth. Of the $US63 million in fines handed out under the GDPR as of June 2020, $US57 million was issued to Google. This is despite the fact there have been 89,000 data breaches recorded.

According to NSW minister for customer service Victor Dominello, Australia is now in the fortunate position to cherry-pick from the best parts of these global laws.

“My view is we reform to our own standards here. Based on our own temperature. So we pick the best out of the GDPR, but we craft it to [Australia]. Because they’re [the EU] obviously leading. But we craft it to Australian conditions,” he told a conference.

While the primary objective of any new data protection legislation in Australia will no doubt be to improve privacy for customers, these changes will also improve how businesses use data.

As well as increasing customer trust, data protection regulation has the potential to reduce data maintenance costs and better consolidate organisational data.

Whether it be through our data audit service or working with clients to create a more streamlined and compliant data strategy, at smrtr, we are prepared for any new data privacy laws that may emerge in the coming months.

If you’d like to learn more please, contact us and we’ll be in touch within the next business day.

Advertise with us

Please login with linkedin to comment

Privacy Laws smrtr