A significant review of the Privacy Act is running six months late and will be handballed to the next government, despite being launched two and a half years ago.
The review of Australia’s privacy laws was launched in December 2019 following the competition watchdog’s landmark report on digital platforms, which made a number of recommendations for reforms to the Act.
Instead of backing these recommendations, the Coalition opted to launch another review into the wider Privacy Act.
Nearly a year after announcing the review, the government released an issues paper relating to it in October 2020 and ran a period of consultation on it.
Another year later, a discussion paper was released in October last year, with submissions closing in January. There has been no update on the Privacy Act review in the three months since submissions closed on the discussion paper, with an election set for 21 May.
It was originally planned for the final report from the Privacy Act review to be handed to the federal government in October last year, and this is now six months overdue.
It comes as the privacy watchdog is facing a funding cliff in the coming years, with its resourcing to be cut in half if extra funding is not provided as part of this review.
The federal government also failed to pass accompanying legislation which would have increased the penalties for data breaches and handed improved enforcement powers to the privacy office.
The Privacy Act review is looking at whether the current laws effectively protect personal information, whether individuals should have a direct right of action to enforce their privacy protections, whether a statutory tort for serious invasions of privacy is needed, the effectiveness of enforcement powers and the feasibility of an independent certification scheme to monitor compliance with privacy laws.
The discussion paper unveiled late last year scoped the introduction of a direct right of action for individuals subject to a privacy breach, a statutory tort of privacy and an end to the exemption for political parties being canvassed in the discussion paper.
Many of these recommendations mirrored those made by the Australian Competition and Consumer Commission (ACCC) in its 2019 report to government before the review was launched.
The main body responsible for the enforcement of the Privacy Act, the Office of the Australian Information Commissioner (OAIC), is also staring down a significant funding cut in the coming years.
The recent budget revealed that the OAIC’s annual funding of $29 million in 2021-22 will be cut in half to $15.9 million in 2024-25. This is due to an annual top up of $8 million only applying to the 2022-23 and 2023-24 financial years.
The Privacy Act is expected to recommend increased funding and resourcing for the OAIC, while the discussion paper proposed an industry-funded model for the office.
Around the same time as the Privacy Act review was launched, the federal government announced plans to increase the penalties for data breaches by social media firms and hand new enforcement powers to the OAIC, in the wake of the Cambridge Analytica Facebook scandal.
But these reforms were never introduced to Parliament and have not passed into law, despite being announced more than three years ago.
The Coalition also failed to pass its controversial “anti-trolling” bill in the last sitting week before the May election.
Do you know more? Contact James Riley via Email.