Privacy and Other Legislation Amendment Bill 2024
Privacy concerns in the digital age are at an all-time high, and the Australian Government has recognised the need to enhance individual protections. In September 2024, Australia introduced significant amendments to the Privacy Act as the “Privacy and Other Legislation Amendment Bill 2024“. These amendments aim to safeguard Australians’ privacy better, particularly in a rapidly evolving technological landscape, and hold organisations accountable for how they handle personal information. This article provides an in-depth look into the key reforms of the new legislation and their implications.
Introduction of a Statutory Tort for Serious Invasions of Privacy
One of the most significant changes introduced by the legislation is the creation of a statutory tort for severe invasions of privacy. This legal remedy allows individuals to seek compensation if their privacy is seriously breached without relying solely on existing defamation or negligence laws.
The tort covers scenarios like the unauthorised disclosure of personal information and unlawful surveillance. This addresses gaps in current law, providing individuals with more robust avenues for recourse and increasing accountability for organisations handling sensitive information.
Children’s Online Privacy Code
As a parent, the need for reform in this area is close to my heart. Ever since my children’s induction into the online world, we have drummed into them not to give away their personal details online, and, if necessary, to make up birth months and days or any other information that can be tied back to their identity. And it is their right to do this. Unless you are legally required to, nothing says you must give away accurate information when signing up for an App or downloading a game. Year of birth may be necessary if there is an age restriction, but other identifying data is not! This is what is so annoying about the proposed changes to platforms such as Meta. It is almost like they are feeding off the fear of parents. We will make changes to what your children will see. If they want to dispute their age, scan their face – um, no! If you want to create an account after this date, scan your ID. Um, an even bigger NO!!!
With children becoming increasingly active online, protecting them is a top priority. The new legislation mandates the creation of a “Children’s Online Privacy Code”, a framework specifically designed to safeguard children’s online experiences. The code sets stringent requirements for companies collecting, storing, and using children’s data.
Online platforms must ensure that consent is obtained from a parent or guardian before collecting personal data from children. The reforms also require organisations to explain how children’s data will be used, empowering children and parents to make informed decisions.
Transparency in Automated Decision-Making
As more organisations leverage artificial intelligence (AI) and automated systems, the lack of transparency in making decisions has become critical. The amendments address this by requiring organisations that use AI or automated processes to make decisions affecting individuals to be more transparent.
Individuals now have the right to be informed if their data is being used for automated decision-making, the factors influencing those decisions, and the potential impact on them. This is particularly relevant in financial services, healthcare, and social media industries, where automated processes can significantly affect individuals’ lives. If you are utilising AI in your decision-making practices regarding individuals, make sure you update your Privacy Policy to reflect this. DM me to chat more on this 😀
Data Sharing During Emergencies
The 2024 amendments also streamline data-sharing provisions in national emergencies or disasters. This ensures that critical information can be shared quickly and efficiently between government agencies, health authorities, and other organisations to protect public safety.
The new rules, however, maintain strict safeguards to ensure that this data sharing does not unnecessarily infringe on individuals’ privacy. Only data necessary to manage emergencies can be shared, and once the emergency is over, stringent rules on data retention and destruction apply.
More Substantial Penalties for Privacy Breaches
The penalties for serious privacy breaches have been significantly increased under the new legislation. The maximum penalties for privacy violations can now reach tens of millions of dollars, mainly if a breach affects many people or involves sensitive information such as health data.
The increased fines are a deterrent and a warning to organisations that handle personal data. Companies that fail to comply with the revised rules may face severe financial and reputational damage, making adherence to these standards more critical than ever.
Criminalisation of Doxxing
Again, this is close to my heart. Hearing horror stories of relationships breaking up, people being petty over parking spaces, and the stupidity that shows itself in society at times is terrifying!!!! Doxxing, the practice of publicly sharing an individual’s private information with malicious intent, is rising. The new privacy amendments make doxxing a criminal offence under the Criminal Code Act 1995 (Cth) (Criminal Code), with individuals found guilty facing penalties of up to seven years in prison. I am keen to see how this will be policed, especially since research indicated that one in 20 people have experienced doxxing, with young people more likely to be affected.
The move by the Australian government acknowledges the real-world harm that doxxing can cause, such as harassment, stalking, and even physical violence. Criminalising doxxing reflects the Government’s commitment to tackling online harassment and safeguarding individuals’ privacy, how the policing of doxing will pan out, only time will tell!
Enhanced Powers for the Australian Information Commissioner (OAIC)
The amendments give the OAIC enhanced investigative and enforcement powers to effectively enforce the new rules. The Commissioner will now have the authority to issue compliance notices, undertake investigations without waiting for complaints, and impose swifter penalties.
This means that the OAIC will play a central role in ensuring that organisations comply with the new privacy standards. Individuals can also expect quicker responses and resolutions when they report privacy breaches.
The Path Forward: Balancing Innovation and Privacy
The Privacy and Other Legislation Amendment Bill 2024 has tried to balance allowing innovation and technological advancement while safeguarding individuals’ privacy. By focusing on areas such as AI-driven decision-making, which I see as a necessary enhancement for the future, and children’s online privacy, the Government has positioned itself to tackle the privacy challenges of tomorrow. However, these reforms also present challenges for organisations, particularly those in tech-heavy industries, who must now assess and overhaul their privacy practices to ensure compliance. If you are one of those organisations, give Morrisec a shout, and we can sit down and chat.
Conclusion
As digital technologies continue to reshape our world, privacy laws must evolve to meet new challenges. The changes to Australia’s privacy legislation mark a significant step in this direction. By enhancing protections for individuals, providing more robust enforcement mechanisms, and addressing emerging privacy risks, the legislation aims to create a safer and more accountable digital environment for all Australians. For organisations, the new laws present both a challenge and an opportunity—to rebuild trust with their customers by demonstrating a commitment to protecting personal information.
Download our PDF summarising the changes to the privacy act.
0 Comments