One consistent message that seems to resonate from legislature to legislature across the world is the recognition of the fact that data - especially personal data - is both a weapon and a vulnerability, and in the quickly-evolving digital landscape of today the task of safeguarding it effectively becomes more and more difficult. The Australian legislature seeks to update its current privacy laws, which are based on both the original 1988 Privacy Act, and its later update from 2000, to reflect the rapid technological advancements that took place in the early 21st century in data collection, data storage and data analysis.
Recent spate of data breaches driving change
As reported in this article published 10/24/22, Australia has confirmed an incoming legislative change will significantly strengthen its online privacy laws following a spate of data breaches in recent weeks — such as the Optus telco breach this Sept. “Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate. It’s not enough for a penalty for a major data breach to be seen as the cost of doing business,” said its attorney-general, Mark Dreyfus, in a statement. “We need better laws to regulate how companies manage the huge amount of data they collect, and bigger penalties to incentivize better behavior.” The changes will be made via an amendment to the country’s existing privacy laws, following a long process of consultation on reforms.
Bringing Australia privacy laws closer to EU standards
The primary aims of overhauling the legal framework are to introduce more clarity into what constitutes personal information, create a more effective consent system that puts more power in the hands of individuals using online systems, and create a clear and transparent penalty system that would significantly incentivize safeguarding customer data for various businesses dealing with it.
Some commentators note that one of the policy objectives behind the tightened regulations may be to bring Australia closer to securing an adequacy ruling from EU with respect to GDPR. Such a decision by the European Commission would streamline data transfer between Australia and EU and reduce barriers to trade and international business. Although only a handful of countries so far have been granted that elusive status, Japan and South Korea – two of top 5 Australia’s trading partners are among them. In light of that, Australia’s efforts to bring their data protection framework up to GDPR levels can further be lauded for helping standardize data protection regulations across the Asia-Pacific region.