Insights

Spoiler Alert: Significant Privacy Law Reforms to Impact all Australian Businesses

29 November 2023

Australia’s Privacy Act is facing significant reform, which will create challenges for almost every Australian business. With reform imminent, your business should start preparing for the changes now.

OVERVIEW

• Incoming Reform: The Government has agreed to reform the Privacy Act and these changes could start taking place as early as 2024.
• Potential to Remove the Small Business Exemption: All businesses, no matter the size, may need to comply with the Privacy Act and the Australian Privacy Principles.
• New Obligations: New rights for individuals, consent for using cookies, opt-ins for location tracking, explanations for automated decision making and more.
• Enhanced Enforcement: Higher penalties for non-compliance and the ability for individuals to seek court remedies.
• Take Action Now: Audit your current practices and start building in best practice compliance models, in advance of the changes.

 BACKGROUND

In September 2023, the Australian Government released a response to the Privacy Act Review Report. This report outlined 116 proposals to reform the Privacy Act and its surrounding framework. The Government agreed to implement 38 of those proposals and agreed to 68 of them “in principle”. These reforms are designed to make Australia’s privacy landscape more in line with the European Union’s General Data Protection Regulation (GDPR).

KEY CHANGES THAT WILL IMPACT AUSTRALIAN BUSINESSES

1. Expanding The Law’s Scope

The Government has agreed to broaden the scope of the Privacy Law Act by expanding the definition of “personal information” to include inferred information and removing or reducing several exemptions. One significant proposal is the removal of the small business exemption. This exemption currently excludes businesses with an annual turnover of less than $3 million from complying with the Privacy Act. The Government has so far agreed to this change in principle. This means that further consultation and discussion will occur before any amendments are made. Removing this exemption will require all businesses, big or small, to comply with the Privacy Act and the Australian Privacy Principles.

2. Enhanced Protection Measures and New Obligations

The Government is also seeking to enhance individual protections and controls over personal information. They have agreed in principle to impose a standard of fairness and reasonableness to the collection of data and require Privacy Impact Assessments to be undertaken for high-risk activities including the use of facial recognition. Individuals will also be afforded rights similar to Europe’s GDPR including the right to erasure and the right to object. In terms of marketing, obtaining consent for cookies and having visible opt-ins for location tracking will become essential. Also, if your business has started using AI and automated decision-making, you will need to disclose how these systems make decisions.

3. Enforcement

To enforce these new changes, it is proposed that the Information Commissioner will be given increased powers and civil penalties for breaching the Act will be significantly higher. Individuals will also have the right to redress and to seek court remedies for breaching personal information obligations.

WHAT CAN I DO?

The Government has committed to progressing with these reforms and introducing a draft legislation in 2024. Due to the breadth and depth of these impending changes, acting early is paramount. The first thing to do is to understand where you are now. Audit your business’s current practices, processes, and systems for handling information. You don’t need to know what the future state of the law will be, to do this.

Some things you can start reviewing include:

• Data handling processes;
• Privacy policies;
• Client or customer consent processes;
• Cybersecurity protections;
• De-identification and data destruction policies;
• Privacy impact and risks; and
• Employee privacy training.

If you know your starting point on these things then you can work to define your ultimate future state and be better prepared for the upcoming reforms.

IS THERE ANYTHING ELSE I SHOULD KNOW?

Seneworth is closely monitoring these developments and will provide you with regular updates on this emerging space. Contact us if you want to know more.