Calls for the federal government to address Australia’s outdated privacy regime have intensified, with digital rights advocates and researchers demanding urgent action in a new open letter.
It comes as the Attorney-General’s Department revealed it is yet to begin drafting legislation to reform the Privacy Act, which the government has committed to in this term of Parliament.
In an open letter published this week, 27 groups called on the government to better protect Australians from data breaches and misuse of personal information by “urgently legislating” five reforms to the Privacy Act.
Changes requested include updating how “personal information” is defined to include IP addresses and metadata, ensuring businesses pass a “fair and reasonable use test” when collecting customer data, and removing small business exemptions from the Privacy Act.
The recommendations, made in the Privacy Act Review released in February, were agreed in-principle by the government last month. Most of the 116 recommendations have been agreed to in full or in principle.
Signatories of the letter include the Australian National University’s Tech Policy Design Centre, Salinger Privacy, consumer rights group CHOICE, and former Human Rights Commissioner Professor Edward Santow.
Salinger Privacy principal and former deputy Privacy Commissioner for NSW, Anna Johnston, reiterated that the privacy laws “are well out-of-date”.
“Without a stronger Privacy Act, Australians will remain at risk of more data breaches, and our data will continue to be collected and sold by data brokers who track, profile and target us online without our consent. It is critical that the government enacts these reforms as soon as possible,” Ms Johnston said.
The Alliance for Gambling Reform’s chief executive Carol Bennett, also a signatory to the open letter, said that the industry is an area of high-risk for unreliable data privacy and information management.
“We need to place responsibility where it should be – on the industries that benefit from the collection of personal data – to mitigate and reduce risks of harm related to their operations,” Ms Bennett said.
The letter was released on Wednesday, a day after officials from the Attorney General’s Department suggested that work was yet to begin on draft legislation, in response to questions from Greens Senator David Shoebridge.
“We’re seeking to start to draft, particularly where there are legislative proposals, what the provisions will look like. At the same time we need to understand the impacts, so a cost-benefit analysis,” acting first assistant secretary for the Integrity Frameworks Division Elizabeth Brayshaw told Senate Estimates.
“Some proposals are interrelated, so it’s not just a single proposal. Sometimes they relate to others. We’re trying to think about both the cost impact of particular proposals and also of the package. As part of that also there are some proposals that actually sought us to undertake further consultation.
Deputy secretary for integrity and international group, Simon Newnham, said he was unable to put a timeline on the completion of draft legislation, but said there was a “sense of urgency to these”, with the government having committed to progress in this term of Parliament. The next federal election must take place in 2025.
“We are leading the next stage of reforms, which involves the development of legislative proposals informed by a detailed impact analysis and targeted engagement with stakeholders,” Mr Newnham said.
“I think it would be fair to say that there has been extensive consultation to date, so we very much look for this next step to be very much a targeted process, including small business, employer and employee representatives, and media organisations.”
He later added that “we are mindful of the window that we have for the introduction of legislation in this term of Parliament”, and that the department would work backwards, “from the end point of a bill… through all of the work that’s required to be done”.
“This is a project approach to multiple moving parts that we need to bring together in a timely fashion. I can certainly assure you that we are working as fast as we can with a dedicated team to deliver that, noting… that the term of Parliament is not an infinite period and we need to work within that.”
Department secretary Katherine Jones also noted that “it’s really critical that we’re able to engage carefully with them, understand the practical issues and ensure that we strike the balance between seeking to uplift privacy protections and managing the impact on regulated entities”.
Do you know more? Contact James Riley via Email.