Home >Articles & Publications>Article>Proposed amendments to the Australian Privacy Act, as covered in Sajai’s December Address to the Members of the IBA Technology Law Committee

Proposed amendments to the Australian Privacy Act, as covered in Sajai’s December Address to the Members of the IBA Technology Law Committee

Dear Friends,

As we bid farewell to 2021, and get ready to welcome 2022, the universal hope is that the scourge of the pandemic is perceptibly less in the year ahead; and that businesses and economies across the world will rebound like never before.

After China, Australia is relooking at its privacy framework, drawing attention to the challenges faced in respect of privacy and freedom of speech as we enter the year 2022. The Australian government has released a discussion paper to amend the existing privacy law. An early regulator of privacy, Australia had proposed the introduction of a national identity card in 1988 to regulate government agencies and extended its scope to the private sector in 2000. Since then, several changes have been made to the privacy law, including data breach notifications. But the key driver for the current thinking is the focus on Big Tech.

What started as an inquiry, and subsequent report, by the Australian Competition and Consumer Commission on the behaviour of platforms such as Facebook and Google, led to a review of the Australian Privacy Act. Consumer data collection, business models of Big Tech, targeted advertising, personalised content, the role of online identifiers and other concerns and drawbacks of the digital age, are proposed to be addressed in the 28 topics covered by the Attorney General’s Department discussion paper. The task of the Office of the Australian Information Commissioner will be easier if provisions such as instituting law on the legal tests for what constitutes a valid consent are introduced, using existing guidance from the privacy regulator.

Let us turn to a few highlights sent by friends from Down Under.

A good starting point is consent which, it has been agreed, must be voluntary, informed, specific, and current, and requires an ‘unambiguous indication through clear action.’ I am particularly impressed by the proposed re-draft of the definition of ‘personal information’, which recognises technical data, online identifiers, indirect identification, and the notion of ‘singling out.’ Similar interest is evoked by the ‘fair and reasonable’ limits on the collection, use, and disclosure of information, which is in addition to the purpose of limitation and the requirement of necessity.

Another area of interest for all our members would be how the discussion paper poses a question on the best way to regulate higher-risk practices: self-management or risk management? Whereas self-management hinges on individual consent, risk management would require an entity to conduct privacy impact assessments or take other steps to identify and mitigate the risks posed by their practices.

The Privacy Act currently sets some slightly tougher tests for handling certain categories of data known as “sensitive information,” such as information about an individual’s health or disability, ethnicity, religion, and sexuality. However, the discussion paper seeks to extend this idea to include a notion of restricted acts, which will entail adherence to higher standards. What is potentially within its scope is not just the handling of sensitive information but also additional types of data, such as location data or information about children, and particular types of practices, such as direct marketing and automated decision-making with legal or significant effects.

As expected, the Australian government is trying to ensure that the Privacy Act is more in line with the GDPR to secure for the country an adequacy decision from the European Commission. Potential increase in penalties, improved access to justice, the right to erasure, and the right to object are clear indicators of this intent.

Several other countries like India are also reforming their privacy laws. Will 2022/23 see the focus of various law-makers shift from COVID to privacy? I eagerly await next steps and robust discussions across the globe on this front. COVID has highlighted the digital divide as also many other challenges and realities of the digital economy. Now, technology law needs to take a more contemporary shape worldwide.

I wish you a very happy year-end and a safe and healthy new year.

Warm regards,
Sajai Singh
Chair, IBA Technology Law Committee
([email protected])

Your web browser doesn’t have a PDF plugin.Instead you can click here todownload the Newsletter. 

 

POST TAGS
Sajai Singh Partner

Sajai's broad-based practice focuses on Mergers, Acquisitions, Joint Ventures, strategic alliances, restructurings and financings (whether debt or equity), with particular emphasis on cross- border transactions.

MORE ARTICLES BY THE AUTHOR

Article ESG-focussed Reform for International Investment Agreements: A Potential Solution
Article Challenges of change and judiciary: Key learnings from SC judgement in GIB case
Article Year in review: cartels and leniency in India
 

Search

Popular Posts

Articles & Publications

  • Article
  • May 1, 2024

ESG-focussed Reform for International Investment Agreements: A Potential Solution
  • Article
  • April 25, 2024

Challenges of change and judiciary: Key learnings from SC judgement in GIB case
  • Article
  • April 24, 2024

Year in review: cartels and leniency in India
  • Article
  • April 23, 2024

GenAI and IP infringement – Indemnity challenges
  • Article
  • April 22, 2024

Courts worldwide increasingly recognise climate action as a human right
  • Article
  • April 18, 2024

Final Frontier - SPACE Laws
View More