12 September 2024

Recent Privacy Act Updates

Today, we welcomed the first tranche of privacy reforms. Reviewing the Privacy Act 1988 has been an important initial step in strengthening Australia’s privacy framework. While there are some positive developments, such as the new statutory tort for serious invasions of privacy and more enforcement powers and increased penalties, the fragmented approach potentially leaves crucial gaps in protecting Australians’ digital rights.

Some identifiable gaps:

1. Australians expect businesses to treat their data with care and respect. The law needs to set this basic standard.
2. The exclusion of the fair and reasonable test, lack of universal privacy obligations for all businesses, and absence of privacy-by-default measures continue to place a disproportionate burden on Australians for their online safety.
3. It’s unreasonable to expect Australians to spend hours each day managing their digital privacy.
4. The “tick and forget” consent approach forces consumers to accept business practices that can be harmful, such as excessive data collection or using data to push harmful products to vulnerable individuals.

These omissions unfairly burden consumers with managing their own digital privacy. At CPRC, we believe in and support robust privacy protection for all Australians.

What Australia needs:

1. A modernised definition of ‘personal information’
2. Implementation of genuine privacy-by-default measures
3. Requirements for businesses to ensure fair and safe data practices

We remain committed to championing privacy reforms that truly protect Australians and look forward to policymakers creating a comprehensive privacy framework that safeguards Australians’ interests in our digital age. The responsibility for fair and safe data handling should lie with and shift to businesses, not be placed heavily on the shoulders of consumers.