New Law to Strengthen Privacy Safety in Australia

The Bill, which was passed by both Houses of Parliament on 29 November 2024, will implement key reforms with respect to personal privacy, promising enhanced privacy protections and greater transparency regarding how personal information is used and shared. As part of the Bill, there is mandate for the Office of the Australian Information Commissioner (OAIC) to develop and maintain a Children’s Online Privacy Code (Code), designed to better protect the personal information of minors in the digital space. An allowance of $3 million across 3 years has been allocated to the OAIC to support the development of the Code, which is designed to protect the use of children’s personal information for nefarious purposes such as manipulation and surveillance.

In addition to the mandate in relation to the development of the Code, the Bill also seeks to further protect the personal information of Australians in the following ways:

1. Expansion of the Information Commissioner’s Powers: The Bill grants the Information Commissioner broader authority to enforce privacy regulations and oversee compliance. This includes the ability to conduct public inquiries and develop new Australian Privacy Principles (APP) codes.
2. Emergency Information Sharing: The Bill facilitates information sharing during emergencies or following eligible data breaches, ensuring that necessary data can be accessed swiftly and securely.
3. Overseas Data Protection: New protections are introduced for the disclosure of personal information overseas, aiming to safeguard Australian data from misuse when transferred internationally.
4. Civil Penalties and Tort for Privacy Invasions: The legislation introduces new civil penalties for acts that interfere with privacy, even if they do not meet the threshold of ‘serious’ interference. Additionally, a statutory tort is established to provide redress for serious invasions of privacy.
5. Criminal Offences for Doxxing: Amendments to the Criminal Code Act 1995 include new offences targeting the release of personal information using a carriage service in a manner that is menacing or harassing, commonly known as ‘doxxing’.

For businesses, especially those handling large volumes of personal information, the new regulations will necessitate stricter compliance measures and potentially significant changes to data management practices.  If you have any questions or concerns about the data security of your business or the controls necessary to protect personal information, please contact SWS Lawyers.

The Privacy and Other Legislation Amendment Bill 2024 represents a robust effort by the Australian government to modernise and strengthen privacy laws in response to evolving digital landscapes and increasing concerns over data security. By expanding regulatory powers, introducing new protections, and establishing clear penalties for privacy breaches, the Bill aims to create a safer and more transparent environment for the handling of personal information.

This article was co-written by Rhiannon Cameron, Associate.

This article is not legal advice.  It is intended to provide commentary and general information only.  Access to this article does not entitle you to rely on it as legal advice.  You should obtain formal legal advice specific to your own situation.  Please contact us if you require advice on matters covered by this article.