Australian government opens public consultation on changes to its Privacy Act

The Australian government has opened a consultation on potential changes to privacy legislation.

Following the Attorney-General’s announcement in December last year of a review of the Privacy Act 1988, the government is seeking feedback from the public on the “potential issues relevant to reform” outlined in a 68-question Issues Paper.

The Australian government adds that it will meet with stakeholders on specific issues and consider research and reports on privacy issues.

The review will look at:

  • the scope and application of the act
  • whether the act effectively protects personal information and provides a practical and proportionate framework for promoting good privacy practices
  • whether individuals should have direct rights of action to enforce privacy obligations under the act
  • whether a statutory tort for serious invasions of privacy should be introduced into Australian law
  • the impact of the notifiable data breach scheme and its effectiveness in meeting its objectives
  • the effectiveness of enforcement powers and mechanisms under the act and how they interact with other Commonwealth regulatory frameworks
  • the desirability and feasibility of an independent certification scheme to monitor and demonstrate compliance with Australian privacy laws.


Sinead Lynch, Senior Foreign Legal Counsel at DLA Piper, said key provisions of the Act up for review are: the strengthening of consumer consent and notification requirements; overseas data flow arrangements; broadening the definition of personal information to include online identifiers and other technical data, as well as reviewing the Act’s small business exemption.

As it stands, “Australian laws do not provide individuals with specific statutory rights for a breach of privacy,” she says. “But the increased litigation-funding industry and heightened awareness ofprivacy issues among consumers here, herald that inevitable change is on its way.”

The deadline for submissions is 29 November 2020, with a second consultation on specific outcomes from the preliminary review expected to take place early next year.

Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place today and gain access to the entire event free of charge. With all sessions available to view live or on-demand, you can build a personalised agenda based on your key focus topics and make the event fit around your work schedule.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.