On 25 March 2019, the Australian Government announced its plans to reform Australia's privacy laws by tightening the existing penalty and enforcement regime and providing greater funding to the Office of the Australian Information Commissioner (OAIC), Australia's privacy regulator.

The reforms are aimed at protecting Australians online, however the changes will have wide reaching applications in many areas were privacy laws apply. The reforms have been suggested because existing protections and penalties fall short of community expectations, and need to be updated to respond to increased use of personal information online.

The amendments to the Privacy Act will:

  • increase penalties for all entities covered by the Act (including social media and online platforms operating in Australia) from the current maximum of AUS 2.1 million for serious or repeated breaches to AUS 10 million or three times the value of any benefit obtained through the misuse of information or 10% of a company's annual domestic turnover - whichever is greater
  • provide the OAIC with new infringement notice powers and penalties for failure to cooperate of up to AUS 63,000 for bodies corporate or AUS 12,600 for individuals
  • expand options for the OAIC to ensure breaches are addressed through third party reviews and/or publishing prominent notices and ensuring those directly affected by breaches are advised
  • require social media and online platforms stop using or disclosing an individual's personal information upon request
  • introduce specific rules to protect personal information of children and vulnerable groups.

This initiative will be backed by legislative amendments and a code requiring online platforms trading in personal information to be more transparent about data sharing and require specific consent to the use or disclosure of personal information.

Legislation is expected to be drafted in the second half of 2019. For more information, please see the media release here.