CPRC welcomes the progress on the review of the Privacy Act. CPRC has a keen interest in how Australia’s privacy protection framework can be reformed so it offers modern, robust protections that ensure Australian consumers, and our overall society, are better off as the Fourth Industrial Revolution continues to gather momentum. Our research confirms the lack of agency and understanding consumers have over their privacy, rendering them powerless with no real, meaningful way for consumers to express their preferences. Australian consumers are ready for change.
Our submission highlights the following elements:
- We must modernise what it means to be identifiable and go far beyond the constructs of the current definition of personal information. Considering a principles-based approach to the definition will also help to cater for future data points that may attribute to being identifiable.
- Enable transparency and meaningful choice and control through:
- standardised notices that support consumer comprehension
- comprehensive consumer experience (CX) research that measures consumer comprehension of rights and risks
- placing a clear onus on businesses to ensure consumers are being enabled to make informed, meaningful choices
- ‘fair and reasonable’ requirement being an overarching requirement in the Privacy Act
- right to erase personal information and data held by companies where there is no legal reason for it to be retained.
- Implement pro-privacy default settings to ensure baseline settings enable fair and safe collection, use and disclosure of consumer data.
- Create an effective ecosystem for privacy protections and complaints mechanisms by ensuring the regulator is adequately resourced with the capacity and capability to monitor and enforce privacy breaches in this complex environment.
- Consider a holistic approach to dispute resolution, such as via the establishment of a Digital Ombudsman that can provide support on all facets of a digital experience.