Themes and Trends in Privacy and Security in 2024

As 2024 draws to a close, our team got together to reflect on the state of privacy and security in Australia and globally. We’ve published a video showing our musings about privacy below, and we’ve summarised some of the key themes in privacy and security in 2024, and wrapped up the post with 5 key action items you should take with you into 2025:

A Year of Incremental Progress

One of the standout observations this year revolves around the slow pace of privacy reform in Australia. Our team noted the frustration shared by many privacy professionals: long-awaited amendments to the Privacy Act arrived late in the year and failed to address critical areas comprehensively. While these reforms introduced a compliance notice regime and a statutory tort for serious invasions of privacy, they also featured notable gaps:

• Definition of “Children”: A blanket definition of children as anyone under 18 lacks alignment with broader regulatory discussions, such as social media age restrictions.
• Negligence in Privacy Breaches: The focus on intentional acts in the statutory tort overlooks negligence, leaving a significant loophole.
• AI Oversight: Reforms initiated transparency for automated decision-making but fell short of implementing stronger individual rights or ensuring fairness through regulatory reviews.
• Terminology Confusion: The introduction of “personal data” in the Criminal Code alongside “personal information” in the Privacy Act creates unnecessary ambiguity.

While these reforms signal progress, many privacy advocates—including Privacy 108’s team—expressed hope for more transformative changes in 2025, such as the introduction of a “fair and reasonable” test for data use.

The Impact of U.S. Policy on Global Privacy Trends

We are also concerned about U.S. technology policies and their implications for global privacy. The lack of robust regulatory guardrails, particularly in artificial intelligence (AI) and cloud services, underscores the need for vigilance in Australia, where most platforms originate from the U.S. As Europeans continue to push back against invasive practices, Australians increasingly echo these concerns. Building a civil society’s interest in privacy might help foster a more rights-based approach in the years ahead.

Privacy Challenges and AI’s Double-Edged Sword

AI stood out as both a highlight and a challenge in 2024. Privacy 108 observed that while the AI boom brings opportunities, it also presents ethical and environmental costs. Organizations grappled with balancing innovation with responsible data use. Meanwhile, the Australian Information Commissioner (OAIC) provided guidance on pixel tracking, AI, and data practices, signaling a stronger regulatory stance. However, businesses must move beyond viewing compliance as a tick-box exercise to address over-collection and over-retention of personal information.

Data Insights Fuel Progress

An encouraging trend in 2024 lies in the growing availability of data to help organisations navigate privacy challenges. Our team would like to praise the clear priorities of Australia’s new Privacy Commissioner, whose efforts included releasing pragmatic guidance and engaging directly with stakeholders through op-eds and podcasts. Reports from Choice Magazine and the Global Privacy Enforcement Network further illuminated consumer expectations and highlighted areas like dark patterns in apps and websites.

Key Action Items for 2025

Building on the themes of 2024, here are five critical steps for organizations to consider as we enter 2025:

1. Adopt Transparent Data Practices: Embrace a cultural shift toward transparency, as emphasized during Privacy Awareness Week. Clearly communicate data collection, use, and sharing practices to build trust.
2. Build AI Privacy Safeguards: When integrating AI, prioritize privacy risk assessments, use de-identified data, and implement consent mechanisms aligned with standards.
3. Strengthen Cyber Resilience: Invest in cybersecurity measures, including supply chain audits and MFA implementation, to mitigate rising threats.
4. Engage with Privacy Awareness Efforts: Use educational campaigns to update internal policies and align with evolving expectations.
5. Tailor Privacy Solutions to Your Industry: Customize strategies based on the specific risks and needs of your sector. Recognize that collecting sensitive data without adequate protections poses significant risks.

Privacy 108’s Guiding Philosophy

At its core, privacy embodies respect, trust, and control. As Privacy 108’s team highlighted, data practices must align with ethical principles to create solutions that genuinely benefit individuals and society. By embracing both innovation and accountability, we can move toward a future where technology and privacy coexist harmoniously.

Let’s work together to shape 2025 as a year of meaningful progress in privacy and security.