1. News
  2. Submission: to AGD re Privacy Act Review
Orange coloured texture

Submission: to AGD re Privacy Act Review

Thu 06 April 2023

The Hub has made a submission on the Privacy Act Review Report 2022.

The main points of this submission focus on:

  • Careful consideration for introducing a criminal offence for malicious re-identification of deidentified personal information;
  • Encouraging standardisation that would make privacy policies ‘machine-readable’;
  • Ensuring that privacy-by-default guidance captures web cookies;
  • Stronger OAIC intervention powers in relation to identified high privacy risks;
  • Taking a more technology-neutral approach to the problems said to be associated with automated decision-making;
  • Reconsidering the consequences associated with a child's consent and retaining the exception to prohibiting targeting children;
  • The benefits of one civil penalty provision for all interferences with privacy over the proposed tiers of civil penalty provisions;
  • Reconsidering the introduction and application of infringement notices to the Privacy Act;
  • The need for up-to-date OAIC guidance on identification and mitigation of reasonably foreseeable risks or losses to individuals from an interference with privacy, so that as additional steps develop they are adopted as part of best practice;
  • APP entities should receive credit in the form of reduced penalties for pro-active steps for identifying and mitigating foreseeable risks’
  • The need for legislation to provide examples of particular orders that may be made by courts after a civil penalty provision relating to an interference with privacy has been established;
  • The importance of sufficient funding for the Australian public to have an effective privacy regulator;
  • Further consideration of the circuitous route contained in the design elements for a Direct Right of Action;
  • Addressing the co-existence of multiple routes to compensation under a direct right of action, within the Privacy Act and other legislation;
  • Adding a statutory compensation model for minor losses and to encourage compliance;
  • Expanding the Notifiable Data Breaches (NDB) scheme;
  • Harmonising cyber security regulation, including privacy law.

A pdf copy of the submission is here

Further background information on the submission is here