In 2023 the Attorney-General’s Department released the “Privacy Act Review Report” (Review Report), which considered whether the Australian Privacy Act 1988 (Cth) and its enforcement mechanisms are fit for purpose in an environment where Australians now live much of their lives online and their information is collected and used for a myriad of purposes in the digital economy.
The Review Report contained 116 recommendations, of which the Government in its Response ultimately either agreed, or agreed-in-principle, to 106 of them.
Although the Privacy Act and Australian Privacy Principles (APPs) under it were drafted to be ‘technology-neutral,’ the sheer scale and ingenuity of technology-driven collection and use of personal information, and the ease with which personal information can be collected, distributed, and used, leave a perception that the Privacy Act is not suitable for the digital age. We hear time and again from our regulators that individuals’ data is collected when it doesn’t need to be, routinely held for longer than necessary, and too often not appropriately secured.
While the nature of the Review Report and Government’s Response leave a level of vagueness as to the exact timeline and content that might be expected of the proposed reforms, there’s enough for those with long experience in this area to read between the lines and make some educated guesses.