Thank you very much Paul, for this.
Very helpful in positioning our work in terms of global activity.
From: Paul Templeman
Sent: Thursday, September 28, 2023 9:28 AM
To: wg-ancr@kantarainitiative.org
Subject: [WG-ANCR] Australian Government releases response to the Privacy
Act Review Report
Hi ANCR WG
Thanks Mark and Sal for the opportunity to share the Australian perspective
at 0PN Digital - Implementing Transparency & Consent to enable the Digital
Commons last week.
I have a bit of an update. The Australian Government has responded to the
Privacy Act Review Report. See
https://www.ag.gov.au/rights-and-protections/publications/government-respons
e-privacy-act-review-report.
Chapter 4 of the response is "Improve transparency and control" including
consent, privacy policies and collection notices, individual rights, and
ability for individuals to seek redress for interferences with privacy.
An overview is below or the full report is available at
https://www.ag.gov.au/rights-and-protections/publications/government-respons
e-privacy-act-review-report.
Privacy Reform - what is it?
Consultation
The Privacy Act Review was undertaken by the Attorney-General's Department
and involved nearly three years of extensive consultation. The Report
concluded that it is necessary to overhaul Australia's privacy laws, as many
other countries have done, to ensure they remain fit-for-purpose in the
digital age.
Feedback following the release of the Report has reiterated a clear
expectation that Government will strengthen privacy laws to ensure the
collection, use and disclosure of people's personal information is
reasonable, reflects community expectations and is adequately protected from
unauthorised access and misuse.
Industry and other stakeholders have acknowledged the importance of privacy
reform and emphasised the need for reforms to strike an appropriate balance
between enhanced privacy protections and impacts on regulated entities.
What's next?
The Government's response to the Privacy Act Review Report sets out the
pathway for privacy reforms. The Government is committed to introducing
legislation to protect the personal information of Australians in 2024. Of
the 116 proposals in the Privacy Act Review Report, the Government response
agrees to 38 proposals, agrees in-principle to 68 proposals and notes 10
proposals.
'Agrees in-principle' indicates that further engagement with entities and a
comprehensive impact analysis is needed before the Government makes a final
decision on implementation of a proposal. The Attorney-General's Department
will lead the next stage of work, which will involve the development of
legislative amendments informed by a detailed impact analysis and targeted
consultations with stakeholders. This measured approach will ensure
Government is informed of potential compliance costs for regulated entities
and other potential economic costs or benefits (including for consumers) in
finalising its decisions. The Government will also consider appropriate
transition periods as part of the development of any legislation.
While this work is underway the Attorney-General's Department will also
progress implementation of non-legislative proposals, for example to develop
a Children's Online Privacy Code and additional guidance to assist entities
to meet their obligations. The Government will ensure there are meaningful
opportunities to engage in this next phase of privacy reforms, noting there
has been extensive consultation to date on many issues.
Overview of themes
The privacy reforms will complement other reforms being progressed by the
Government, including Digital ID, the 2023-2030 Australian Cyber Security
Strategy, the National Strategy for Identity Resilience, and Supporting
Responsible AI in Australia
The privacy reforms will be progressed under the following focus areas:
Bring the Privacy Act into the digital age
The reforms will bring the scope and application of the Privacy Act into the
digital age by recognising the public interest in protecting privacy and
exploring further how best to apply the Act to a broader range of
information and entities which handle this information.
Uplift protections
The reforms will uplift the protections afforded by the Privacy Act by
requiring entities to be accountable for handling individuals' information
within community expectations, and enhancing requirements to keep
information secure and destroy it when it is no
longer needed.
Reforms to the Notifiable Data Breaches scheme will assist with reducing
harms which may result from data breaches and introduce new organisational
accountability requirements to encourage entities to incorporate
privacy-by-design into their operating processes.
New specific protections will also apply to high privacy risk activities and
more vulnerable groups including children.
Increase clarity and simplicity for entities and individuals
The reforms will provide entities with greater clarity on how to protect
individuals' privacy, and simplify the obligations that apply to entities
which handle personal information on behalf of another entity.
The reforms will increase the flexibility of code-making under the Act,
reduce inconsistency and improve coherence across different legal frameworks
with privacy protections, and simplify requirements for transferring
personal information overseas, particularly to those
countries with substantially similar privacy laws.
Improve control and transparency for individuals over their personal
information
The reforms will provide Individuals with greater transparency and control
over their information through improved notice and consent mechanisms.
The reforms will also explore the scope and application of new rights in
relation to personal information and increased avenues to seek redress for
interferences with privacy, through a direct right of action permitting
individuals to apply to the courts for relief for interferences
with privacy under the Privacy Act and a new statutory tort for serious
invasions of privacy.
Strengthen enforcement
The reforms will increase enforcement powers for the OAIC, expand the scope
of orders the court may make in civil penalty proceedings and empower the
courts to consider applications for relief made directly by individuals.
A strategic review of the OAIC and further consideration of its resourcing
requirements, including investigating the effectiveness of an industry
funding model and establishing litigation funds, will enhance the
effectiveness of Australia's privacy regulator.
Best
Paul .
Paul Templeman
paul@templeman.co mailto:paul@templeman.co