Library of Congress

Law Library of Congress

The Library of Congress > Law Library > News & Events > Global Legal Monitor

Australia: New Privacy Law Comes into Effect

(Mar. 21, 2014) On March 12, 2014, substantial amendments to the Privacy Act 1988 (Cth) that resulted from a bill passed in 2012 came into effect in Australia. (Privacy Act 1988 (Cth); Privacy Amendment (Enhancing Privacy Protection) Act 2012, both COMLAW.) The reforms arose from a major review of privacy law conducted by the Australian Law Reform Commission (ALRC), which was completed in 2008 and resulted in 295 recommendations to the federal government. (See Kelly Buchanan, Australia: Federal Government to Reform Privacy Laws, GLOBAL LEGAL MONITOR (Oct. 22, 2009); Privacy Law and Practice, ARLC (last modified July 30, 2012).)

The Privacy Act now includes a single set of privacy principles, called the Australian Privacy Principles or APPs, that apply to the handling of personal information by government agencies and some private sector organizations. Previously, the Act contained two sets of principles that applied to the two different types of entities. The new principles contain some key developments, including in relation to the disclosure of information for direct marketing purposes, as well as cross-border information disclosure. (Privacy Law Reform, Office of the Australian Information Commissioner (last visited Mar. 14, 2014).)

Other significant changes include enhancements to the powers of the Office of the Australian Information Commissioner (OAIC) and changes to credit reporting laws. For example, the law will now allow the OAIC to accept enforceable undertakings from entities. This means that where an entity promises to take a specific action or to refrain from taking specified action in order to comply with the Privacy Act, the OAIC can enforce the terms of the undertaking in court if the entity does not comply. (Applying Privacy Law, OAIC (last visited Mar. 14, 2014).) It will also be able to seek injunctions to prevent conduct that would constitute a breach of the Act and apply to the courts for civil penalty awards against organizations in cases of serious or repeated breaches of privacy. (Id.)

Under the Act, entities can develop their own privacy codes and seek approval of these from the OAIC. The provisions related to developing and registering such codes have been substantially changed as a result of the reforms. (Privacy Codes, OAIC (last visited Mar. 14, 2014).) In addition, small business operators can choose to opt-in and be treated as an organization for the purposes of the Act and therefore be subject to the APPs. The OAIC keeps a register of organizations that opt-in. (Privacy Registers, OAIC (last visited Mar. 14, 2014).)

Following the passage of the amendment legislation in 2012, the ALRC published an issues paper on the prevention of and remedies for serious invasions of privacy in the digital era. A final report on this subject is expected to be provided to the Attorney-General by June 2014. (Serious Invasions of Privacy, ALRC (last visited Mar. 14, 2014).)