Information Commissioner welcomes amendments to Privacy Act giving her new powers…now the test is whether they will be used
November 30, 2022 |
The Privacy Act 1988 remains a very flawed piece of legislation. Until 2014 there was no serious enforcement provisions available to the Commissioner. The insertion of section 13G permitted the Commissioner to commence civil penalty proceedings for serious or repeated inferences with privacy. Since 2014 there has been no civil proceeding prosecution commenced and brought to resolution. Not one in 8 years. The Information Commissioner commenced a proceeding under section 13G against Facebook in 2020 arising out of the alleged misuse of data by Cambridge Analytica which is slowly working its way through the Federal court system .The US and UK have long finished litigation against Facebook in relation to the same issue and similar facts.
Not surprisingly the Commissioner has welcomed the passage of the amendments. It will provide the Commissione with significantly more powers and more effective and efficient enforcement options. She can issue penalties. That is more in line with the Monetary Penalty Notices that the UK Information Commissioner has been issuing for years. A safe assumption is that the Commissioner will be more assertive and high profile in using these powers. There is a long overdue need for a change of culture by those who collect personal information. The Commissioner states that she hopes that the increased penalties will help incentivise compliance. Without some high profile cases occurring that is unlikely to be the case. The market has factored in the Commissioner being timid and more interested in talking compliance rather than taking enforcement action.
The Commissioner’s media release provides:
The Office of the Australian Information Commissioner (OAIC) welcomes the passing of the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, which enhances the OAIC’s ability to regulate in line with community expectations and protect Australians’ privacy in the digital environment.
The Bill introduces significantly increased penalties for serious and or repeated privacy breaches and greater powers for the OAIC to resolve breaches.
“The updated penalties will bring Australian privacy law into closer alignment with competition and consumer remedies and international penalties under Europe’s General Data Protection Regulation,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said.
“In addition, new information sharing powers will facilitate engagement with domestic regulators and our international counterparts to help us perform our regulatory role efficiently and effectively.”
Commissioner Falk said the Bill was a positive step ahead of the wider review of the Privacy Act 1988.
“The review presents an important opportunity to ensure that Australia’s Privacy Act empowers individuals, protects their data and best serves the Australian economy,” she said.
Commissioner Falk said the Bill’s increased civil penalties will help to incentivise compliance.
“In seeking penalties, or taking regulatory action, our approach will continue to be pragmatic, evidence-based and proportionate,” she said.
Commissioner Falk also noted the simplification of extraterritoriality provisions in the Bill.
“It will help ensure companies that carry on a business in Australia, while domiciled overseas, are required to comply with Australia’s privacy law,” she said.
“The simplification mitigates against overseas companies avoiding the jurisdiction based on complex structural and technical matters.”