Commonwealth floats increased penalties for privacy breaches

Consultation pencilled in for second half of 2019 -- on the other side of the upcoming federal election.
Written by Chris Duckett, Contributor

Attorney-General Christian Porter and Minister for Communications Mitch Fifield have said the Coalition government will increase the penalties within the Privacy Act, but consultation on the draft legislation will only begin in the second half of the year, after the upcoming federal election.

Under the proposed changes, the current maximum penalty for serious or repeat offenders would be raised from AU$2.1 million to the greater of AU$10 million; or three times the value of any benefit obtained through the misuse of information; or 10 percent of a company's annual Australian turnover.

It was also proposed that the Office of the Australian Information Commissioner (OAIC) would issue new infringement notices that carry penalties of up to AU$63,000 for corporate bodies, and AU$12,600 for individuals, as well as publish prominent notices about breaches and ensure breaches have third-party reviews.

Further, the proposed changes would allow Australians to request online platforms to stop the use or disclosure of their data, with stronger provisions if the person is a minor or deemed to be vulnerable.

"Existing protections and penalties for misuse of Australians' personal information under the Privacy Act fall short of community expectations, particularly as a result of the explosion in major social media and online platforms that trade in personal information over the past decade," Porter said.

"This penalty and enforcement regime will be backed by legislative amendments which will result in a code for social media and online platforms which trade in personal information. The code will require these companies to be more transparent about any data sharing and requiring more specific consent of users when they collect, use and disclose personal information."

Should the changes become law, OAIC would gain an additional AU$25 million in funding over three years to handle the changes. In February, Commissioner Angelene Falk was pressed by Senators to state that her office was understaffed, with the office having taken up to a year to deal with some of its workload. Falk said, however, the office needed to "work proactively" to handle its increased work.

Porter said the changes follow on from previous government changes such as the Online Safety Charter and Online Safety Research program, and the Consumer Data Right (CDR).

While consultation on the changes to the Privacy Act has been flagged as something to occur after the looming federal election, the legislation that will introduce the CDR is facing a rush against time to pass Parliament before it rises.

Critics of the CDR have said the legislation is rushed, and does not have sufficient privacy protection, but the Senate Economics Legislation Committee said last week it should still be passed.

"At the very least, it will improve on current arrangements; and it has the potential to protect and empower consumers and drive competition and innovation," the committee wrote. "The committee particularly welcomes the endorsement of the bill from innovative high technology companies."

Late last year, the Australian Competition and Consumer Commission flagged concerns about the lack of transparency surrounding how the tech giants use data.

"Companies with market power and often sensitive data are in a strong position to decide what to do with it and who to share it with. Questions obviously arise around the role government should play and what fundamental rights exist in relation to privacy and data," Sims said.

"It's important that government and regulators globally are alive to these issues to make sure regulations remain appropriate for the digital age."

Related Coverage

Quitting the five tech giants: Could you abstain from Apple?

This is it. Our fifth and final day looking at quitting the tech giants. So how did you do? Are you sticking it out with the Big Five, or will you dump any and go it on your own?

Senate Committee happy for Consumer Data Right Bill to be passed in current form

Despite hearing concerns around the Bill's ambiguity, lax privacy, and rushed nature, the Senate Economics Legislation Committee has still decided to recommend its passage.

Treasury rejects privacy and ambiguity concerns over Consumer Data Right

The Australian government department responsible for the Consumer Data Right says there is sufficient consideration given to privacy and that the legislation isn't being rushed through.

Australian consumer energy data to be open in early 2020

The ACCC is currently unsure, however, as to what energy-related information will be available under Australia's new data-sharing directive.

Public Service review calls for stable 'spine' of digital platforms

Common platforms would help the Australian Public Service operate more efficiently, a review led by former Telstra CEO David Thodey has said.

Editorial standards