Contact

Privacy 108 Responds to Privacy Act Issues Paper

Published
31 Jan 2021
Read time
4 min read
Category
Law, News, Privacy, Privacy Practice

In November 2020, the Australian Federal Government commenced its latest review of the Privacy Act 1988 (Cth). Led by the ACCC and the Attorney-General’s office, the review aims to bring Australia’s privacy laws into the digital era, strengthen privacy protections for individuals and streamline compliance for businesses working across international borders.

Coming out of recommendations from the ACCC’s Digital Platforms Inquiry, the Issues Papers raised a number of key questions for consideration covering issues such as:

  • Should the definition of personal data be updated;
  • What should be required to demonstrate consent;
  • Should the current exemptions to the operation of the Act continue to apply;
  • Should the regulator have more powers;
  • Do the current provisions in regards to cross- border disclosures appropriate appropriately; and
  • How has the mandatory data breach notification system worked.

Privacy 108’s submission

Privacy 108 submitted its response to the Issues Paper in November 2020. The main points in our submission included:

  • Consumer protection should be supplementary to, and not a replacement of, the human rights protection approach the Privacy Act is built on;
  • The definition of personal information should be more closely aligned to that in the GDPR and recognise the idea of ‘individuation’ as a test of reasonable identification;
  • There would be significant benefit to the regulated community if a single privacy framework could be developed to apply to all Australian entities, including Federal and State government agencies;
  • We support the removal of exemptions for small business, political parties and employee records held by private entities. We also support the narrowing of the exemption for journalistic activities.  These may some of the be areas for development of Codes of Practice to provide guidance on the application of the privacy principles.
  • We do not support any increased use of notice and consent as mechanisms to support unethical or unfair use of personal data, though we do support clearer and more transparent notice and a higher threshold for ‘consent’, including maintaining its currency.
  • Privacy 108 supports a general right to be forgotten subject to certain exceptions. The inclusion of such an explicit right is consistent with similar provisions in the CDR scheme and the My Health Records Act.
  • We believe that many of the issues raised by the review could be resolved by a better funded and more active OAIC or other regulator. For example, questions about transparency could be resolved by a more active campaign by the OAIC, perhaps working with multiple agencies, to reduce issues with the length, complexity, form and timeliness of current notices.
  • Consideration of an alternative method for resolution of complaints, perhaps leveraging State based Fair Trade or Administrative Tribunals already established and resourced to support resolution of these types of claims, might free up OAIC resources to focus on greater engagement with the regulated community.
  • Privacy 108 also supports consideration of individuals having a direct right of action under the Act.   This could be by way of a combination of alternative dispute resolution mechanisms and a right to sue.  The right to sue should also contemplate class actions.  Again, the individual right to sue  (whether as part of the Act or a separate tort) would relieve some of the current complaint resolution burden on the OAIC.

Next Steps

Following this Issues Paper, next steps include a second issues paper to be released in early 2021. This second paper will seek more specific feedback building on the preliminary outcomes from the first Issues Paper, and possibly including suggested options for reform.  The final outcome is likely to involve significant reform to the Privacy Act, such as stricter requirements for notice and consent, an updated definition of ‘personal information’ (hopefully more aligned to that in the GDPR), and enhancement of the OAIC’s enforcement powers and further rights for individuals.

As with other second generation, privacy laws this will represent a shift from a purely principles-based regime to more prescriptive measures for certain key protections.

It would also be good to see the government commit to a better funded and resourced regulator to support implementation of and compliance with the more prescriptive regime.  This outcome seems less likely.

A full copy of Privacy 108’s submission is available here: Privacy 108 Response to Privacy Act Review Issues Paper Covering Letter January 2021

 

Oops! We could not locate your form.

Ready to turn insight into action?
Connect with Privacy 108.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Privacy 108 collects your name and contact details to respond to your enquiry and communicate with you about it. If you do not provide this information, we may be unable to respond. We do not disclose this information to third parties. For more information about how we handle your personal information, including how to access or correct it or make a complaint, please see our Privacy Policy or contact us at hello@privacy108.com.au.
Jodie Siganto
Privacy, security and training
Jodie is one of Australia’s leading privacy and security experts and the Founder of Privacy 108 Consulting.
Jodie Siganto
Privacy, security and training
Jodie is one of Australia’s leading privacy and security experts and the Founder of Privacy 108 Consulting.
Talk to us?
Looking to take your business to the next level? Speak with our experts today!
Contact us
Related articles
  • 1300 41 20 50
  • Level 3, 240 Queen St, Brisbane QLD 4000
  • Ground Floor Reception, 3 Spring St, Sydney NSW 2000
  • PO Box 3295, Yeronga QLD 4104
  • Follow us on LinkedIn
Services
Privacy Risk Management Privacy Impact Assessments AI Governance Privacy Legal Services Research and Policy
Company
About Privacy 108 Our Team Careers Insights Contact Us Privacy Policy Terms & Conditions
Subscribe to our newsletter
Subscribe
Privacy 108 Consulting Pty Ltd ABN 52 600 425 885 is an incorporated legal practice registered with the Queensland Law Society. Liability limited by a scheme approved under Professional Standards Legislation.
We respectfully acknowledge the Traditional Owners of the land we work on and pay our respects to their Elders past, present and future in maintaining the culture, country and their spiritual connection to the land.
© 2026 by Privacy 108 Consulting Pty Ltd. ABN 52 600 425 885
Website by DeeperLook
Subscribe to our Newsletter

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Privacy 108 collects your name and email to send you our newsletter. If you do not provide this information, we will be unable to send it to you. We may use third-party service providers (such as email marketing platforms) to distribute our communications. Some providers may store information overseas, including in the United States. For more information about how we handle your personal information, including how to access or correct it or make a complaint, please see our Privacy Policy or contact us at hello@privacy108.com.au. You can unsubscribe at any time using the link in our emails or by contacting hello@privacy108.com.au.