Legislation for a long-awaited overhaul of Australia’s outdated privacy laws will be introduced to Parliament in less than four months, rounding out a policy reform process that has been more than four years in the making.
Prime Minister Anthony Albanese announced the timeline last Wednesday, although limited his comments to the introduction of anti-doxxing laws — a recent focus for the federal government.
On Thursday, Attorney-General Mark Dreyfus said that legislation to “overhaul the Privacy Act and protect Australians from doxxing” would be introduced by the government in August.
He reiterated that the current privacy regime is “woefully outdated and unfit for the digital age”, with “speed of innovation and the rise of artificial intelligence” only making the need for legislative change more important.
A spokesperson for Mr Dreyfus on Monday confirmed to InnovationAus.com that the legislation will address the entirety of the government’s response to the Privacy Act Review.
The legislation will institute all proposals that the government agreed to in its response to the review in September 2023, but it is not yet clear how many of the in-principle proposals will be included.
The government is expected to continue to consult on proposed reforms until the laws are introduced, although it has not been determined if draft exposure legislation will be released before the bill is tabled.
Australia’s Privacy Act reform journey has been four years in the making, starting under the former Coalition government in response to the Australian Competition and Consumer Commission’s report on digital platforms in December 2019.
The review report was finally handed to the Albanese government at the end of 2022 — a full year after the department was originally expected to finish the review — and it responded to in September 2023.
Of the 116 reforms proposed in the review, released publicly in February 2023, the government agreed to 38 in full and 68 in principle, including a new statutory tort for serious invasions of privacy.
There were also 10 proposals that the government excluded from the incoming set of reforms. This included a proposal to remove Privacy Act exemptions for political parties and representatives.
The government has already committed to including new civil penalties to “allow for better targeted regulatory responses”, among other several other enforcement reforms at the Office of the Australian Information Commissioner.
All recommendations relating to the use of automated decision-making were also accepted. These seek to ensure information on “the types of personal information” as well as “the types of decisions” made with automated decision-making processes that “have a legal or similarly significant effect on an individual’s rights” is made available.
In a speech to the Privacy by Design Awards last week, Mr Dreyfus said “it’s past time we stopped treating the most personal and private information of Australians as an asset that entities hold”.
“Effective privacy regulation builds confidence, which in turn supports data-driven innovation and growth, and the digital economy,” Mr Dreyfus said.
“A failure to improve Australia’s privacy standards would not only have implications for individuals, but has the potential to adversely impact the international competitiveness of Australian business. We must keep pace and more closely align with global standards.”
To bolster the OAIC, the government has already appointed standalone privacy commissioner Carly Kind in November 2023, splitting the responsibilities of outgoing Information Commissioner Angelene Falk.
Ms Kind has reportedly said the implementation of the Privacy Act reforms could would enable Australia to “leapfrog” privacy regimes in other jurisdictions.
Do you know more? Contact James Riley via Email.