Dreyfus said the Privacy Act, which came into force in 1988, has not “kept pace with” modern digital challenges. The Attorney-General’s review began in 2019. However, high-profile data breaches last year affecting major Australian companies. like Optus and Medibank, may have accelerated the process. “The large-scale data breaches of 2022 were distressing for millions of Australians, with sensitive personal information being exposed to the risk of identity fraud and scams,” the Attorney-General said in a press release. “The Australian people rightly expect greater protections, transparency and control over their personal information and the release of this report begins the process of delivering on those expectations,” Dreyfus added.
Right to be Forgotten, Opt-out of Targeted Ads
The Attorney-General’s proposals for individual rights include adding the right to erasure (right to be forgotten), and the right to opt-out of targeted advertising to the Privacy Act. Furthermore, the report proposes the right to de-indexing, which will de-index search results containing certain types of personal information. This includes an individual’s medical history, information about a child, excessive details such as home address, phone numbers, and inaccurate or misleading data. The report also proposes increasing organizations’ accountability and responsibilities. Organizations will have to “determine and record” the reasons for processing data before or at the time of processing. Furthermore, these entities will have to appoint a senior employee responsible for privacy compliance.
Stronger Privacy Protections Will Support Digital Innovation
The proposed reforms will focus on giving individuals more control over their information, and increasing obligations on entities that process personal data. The report said improved privacy protections would lead to digital innovation. It will also improve the country’s reputation as a trusted trading partner. This would allow Australia to meet the adequacy requirements for transferring EU data under the GDPR. The Australian public have until March 31 to send in their feedback on the proposal to the Attorney-General’s Department. “We are seeking your views to inform the Australian Government’s response to this report to ensure that any reforms the Australian Government implements are balanced and effective,” the Attorney-General’s Department website reads. Australia’s Attorney-General will present the final proposals as an amendment bill in Parliament after the consultation procedure. The country’s plan to crack down on invasive privacy practices could bear fruit in the near future. However, privacy regulation in many other parts of the world still do not protect individuals from harm. Even the most popular online services like Instagram, Facebook, and Youtube, get away with invasive privacy policies. If you are interested in learning more, check out our detailed article on the risks in privacy policies.