The Federal Government last year released the terms of reference for a proposed review of the Privacy Act 1988 (Cth) (the Act). The Australian Information Commissioner and Privacy Commissioner, Angelene Faulk, has praised the proposed review as a “landmark opportunity” to update Australia’s privacy landscape and ensure it is equipped to respond to the “new challenges in the digital environment”.
The terms of reference outline the purpose and scope of the Privacy Act Review Issue Paper, published by the Attorney-General’s Department, includes consideration of:
- the scope and application of the Act
- whether the Act effectively protects personal information and provides a practical and proportionate framework for promoting good privacy practices
- whether individuals should have direct rights of action to enforce privacy obligations under the Act
- whether a statutory tort for serious invasions of privacy should be introduced into Australian law
- the impact of the notifiable data breach scheme and its effectiveness in meeting its objectives
- the effectiveness of enforcement powers and mechanisms under the Act and how they interact with other Commonwealth regulatory frameworks
- the desirability and feasibility of an independent certification scheme to monitor and demonstrate compliance with Australian privacy laws.
Of note is the consideration of changes to the current privacy enforcement framework. Namely, the Attorney General’s Department are contemplating the creation of a statutory tort and a direct right of action.
The current enforcement framework involves making a complaint to the Commissioner who then has the power to conduct investigations and make enforceable determinations.
The creation of a tort of privacy would allow individuals to sue for a breach of privacy. A direct right of action would also allow individuals to bring litigation for a breach of privacy.
These proposed enforcement mechanisms would increase the ability of individuals to enforce privacy obligations and increase the remedies available as a result of a breach. For example, it would be possible for individuals to receive compensation for serious breaches of their privacy.
Any such amendments would be a significant shake up to the current privacy framework.
A discussion paper is due to be released this year allowing further feedback on this important review.
We will continue to provide updates regarding the proposed amendments.