Go to our Contact page for our office details.
The Department of Home Affairs has issued its draft guidance “Modern Slavery Act 2018: Draft Guidance for Reporting Entities” (Draft Guidance) for the new Modern Slavery Act 2018 (Cth) (the Act).
On Monday 25 March, the Government announced plans to reform Australia’s privacy laws, as well as a significant boost to funding for Australia’s privacy regulator, the Office of the Australian Information Commissioner (OAIC).
While the announcement appeared to be directed toward concerns regarding the behaviour of technology and social media companies, the reforms to the penalty and enforcement regime would apply generally to all entities subject to the Privacy Act.
The proposed reforms include:
In order to fund the expected increase in regulatory intervention by the OAIC under the revised regime, the Government also announced a $25 million increase to the OAIC’s funding over three years, to be announced in the forthcoming budget (in addition to the funding increase of $12.9 million the OAIC received in relation to the Consumer Data Right regime).
Monday’s announcement is consistent with global trends in privacy law reforms. Most notably, the 2018 introduction of the General Data Protection Regulation (GDPR) in Europe which raised the maximum penalties for privacy breaches to 2% of the annual global turnover of an offending company.
The introduction of an infringement notice regime is a noteworthy change as it would give the OAIC the ability to deter and financially punish breaches of the Privacy Act which do not amount to “serious or repeated” breaches, the relatively high threshold under existing rules.
New and increased penalties may do little to improve privacy practices, if the OAIC were to rarely seek their imposition. The increased funding to the OAIC and the proposed expansion to the OAIC’s powers suggest that the OAIC may be about to take a more aggressive stance when it comes to monitoring compliance with the Privacy Act – or at least that it will have more resources to do so.
Such a move would be in line with how other government regulators are altering how they utilise their powers and seek to fulfil their purposes. Following the Banking Royal Commission, regulators face increased scrutiny for regulatory failures and legislators have responded by handing out bigger sticks. Given the increasing volume, value and profile of data, it is unsurprising that attention has now turned to compliance in the technology and data spaces.
The proposed amendments to the Privacy Act follow increasing regulatory interest in the data economy. Both the preliminary findings of the ACCC’s world-first ‘Digital Platform’ inquiry (released 10 December 2018) which recommended greater resourcing for OAIC enforcement (among other changes) and the passage of the Government’s anti-encryption legislation in December 2018, have shown that regulating the digital frontier is front of mind for governments.
The Government has slated consultation for the proposed amendments in the second half of 2019, and noted that the draft legislation will include any final recommendations arising as a result of the ‘Digital Platforms’ inquiry due for release in June of this year.