16 February 2023
The Office of the Australian Information Commissioner (OAIC) welcomes the final report of the Attorney-General’s Department’s (AGD) review of the Privacy Act 1988 and encourages interested parties to have their say about privacy reform in Australia through the AGD’s feedback process.
“This is an important milestone as we move towards further reform of Australia’s privacy framework,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said.
“As the world has become increasingly connected and information flows more complex, our privacy laws need to adapt to ensure that personal information is protected and handled fairly.”
The comprehensive report released today contains 116 proposals and the feedback process will inform the next steps by the Australian Government.
“As the privacy regulator we see the proposal to introduce a positive obligation that personal information handling is fair and reasonable, as a new keystone of the Australian privacy framework,” Commissioner Falk said.
“This shifts the burden from individuals, who are currently required to safeguard their privacy by navigating complex privacy policies and consent requirements, and places more responsibility on the organisations who collect and use personal information to ensure that their practices are fair and reasonable in the first place.”
Commissioner Falk noted that the report contains proposals that would enhance the powers of the OAIC as the privacy regulator, to enforce privacy obligations and to identify systemic privacy issues and address privacy breaches.
“It also contains other important proposals, such as enabling individuals to exercise new privacy rights and take direct action in the courts if their privacy is breached, and the removal of some exemptions from the Privacy Act. These proposals reflect the baseline privacy rights expected by our community.”
The proposed privacy reforms follow the passing in November of the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, which introduced significantly increased penalties for serious and repeated privacy breaches and greater powers for the OAIC to resolve breaches.