On 24 March 2019, the Morrison Government announced a proposal for changes to Australia’s privacy laws. If passed by Parliament, the changes will substantially increase the existing protections and penalties under the Privacy Act, and ensure companies are more transparent about their collection, use and disclosure of personal information.
Currently, the Office of the Australian Information Commissioner (OAIC) may apply to the courts to impose civil penalties for a ‘serious or repeated interference with privacy’ of up to $420,000 for individuals and $2.1 million for organisations.
The proposed amendments would increase the maximum penalty for serious or repeated interferences with privacy to the higher of:
- Three times the value of the benefit received; or
- 10% of the entity’s turnover in the last 12 months.
For minor breaches of privacy, the OAIC would be provided with new powers to issue infringement notices and penalties of up to $63,000 for bodies corporate and $12,600 for individuals.
Other proposed changes to the Privacy Act involve the introduction of an enforceable Code of Practice for social media platforms and other entities that transact personal information, together with specific rules to protect the personal information of children and other vulnerable groups.
The increasing prominence of privacy issues is reflected in a rise in privacy complaints received by the OAIC: in the 2017–18 financial year, 2,947 complaints were received. This reflects an 18% increase compared to 2016–17.
These proposed amendments, coupled with an additional $25.1m in funding provided for the OAIC in the 2019–20 Federal Budget, means that the OAIC will be better resourced to respond to, investigate, and take strengthened enforcement action in relation to breaches of privacy legislation.
It is expected that legislation will be drafted for public consultation and consideration by Parliament in the second half of 2019, following the release of the Digital Platforms Inquiry’s Final Report.