We welcome the proposed changes to the Privacy Act 1988 (Cth) and Criminal Code Act 1995 (Cth) included in this Bill, including:
- the introduction of a statutory tort for serious breaches of privacy,
- the creation of a children’s online privacy code,
- expanded powers for the Information Commissioner,
- greater transparency in decision-making involving automation, and
- targeted criminal offences to address doxing.
However, in this submission we make some recommendations for amendments.
We support the passage of this legislation during the current parliamentary term as an important first step toward broader reforms. The Attorney General’s Privacy Act Review Report outlined a comprehensive plan to modernise Australian privacy laws, the most significant update in 40 years, bringing them in line with laws in similar jurisdictions.
While the Attorney General has noted this legislation is only the first tranche of reforms, we seek a clear timeline for further necessary changes, including:
- Modernising definitions: The current definition of personal information does not cover key concepts like locational and inferred information, and the definition of consent is outdated.
- Ending tick-box consent: We need obligations on data collectors to act fairly and reasonably, not rely on unread, lengthy terms and conditions.
- Removing the small business exemption: This exemption leaves 95% of Australian businesses outside privacy compliance, which is harmful to consumers and businesses alike.
- Ensuring enforceability: Individuals need the right to take legal action for large-scale privacy breaches, which may not be fully addressed by the statutory tort.
We urge the government to commit to implementing these and other agreed changes within six months of the next Federal Election, should it be returned to government.
The remainder of this submission make further comments on the proposed statutory tort for serious breaches of privacy and the targeted criminal offences to address doxxing.
