Proposed reforms to Australia’s privacy regime should focus on targeted regulation, strategic enforcement and more direct avenues of redress for individuals, according to the Office of the Australian Information Commissioner (OAIC).
Australian Information Commissioner and Privacy Commissioner Angelene Falk said the AGD’s discussion paper was well-considered and provided a sound basis for a national privacy reform agenda. For reform efforts to be effective, however, she added that her agency needed a greater range of powers to address privacy risks and regulatory action.
“This can occur through a simplified civil penalty regime, supported by infringement notices as a quick and cost-effective way to deter non-compliant behaviour without the need for court proceedings,” Falk said.
“These changes should be supported by the introduction of a direct right of action and statutory tort of privacy that would give individuals access to additional options to protect their privacy rights.”
In the commissioner’s view, an upgraded privacy framework is needed to reinforce trust and security as more consumers and businesses participate in the digital economy.
The OAIC has suggested creating a positive duty on organisations to handle personal information responsibly as one way to strengthen the framework, as well as legislative amendments that put fairness and accountability at the centre of the Privacy Act.
A new law that establishes a positive duty on business will ensure a proactive approach is taken to meet their privacy law obligations. The commissioner also noted this approach would mean those who are best placed to understand the complex flows of information handling specific to their businesses would consider the impact of the framework themselves.
“Just as with safety laws, preventing privacy harms upfront gives greater protection without relying on reactive action by the regulator,” Falk said.
“This central obligation would provide a new baseline for privacy practice giving the community confidence when we provide our personal information that – like a safety standard – privacy protection has been built in.”
The OAIC also recommended organisations have additional accountability measures to show how they are upholding privacy in the use and collection of personal information. This will further serve to protect consumers while promoting the digital economy.
“Our personal information is increasingly being handled in complex ways that individuals may not expect,” Falk said.
“It is unrealistic to expect individuals to consider and evaluate whether every collection of their personal information is reasonable, and to take steps to protect themselves from all privacy harms,” she added.
The OAIC’s response to the discussion paper further called for new consumer rights, additional transparency requirements. The updated privacy framework should also support global interoperability, the response said, to protect personal information wherever it flows in the global economy.