Search for:
The Australian Government confirms its agreement to make significant amendments to Australia’s privacy laws, and to progress additional reforms through further consultation

In brief

The Australian Government has released its much-anticipated response (“Response“) to the Commonwealth Attorney-General Department’s report (“Report“) on its review of the Privacy Act 1988 (Cth) (“Privacy Act“). The Report recommended wholesale amendments to Australia’s principal privacy legislation and contained 116 proposals for consideration by the government (for a detailed look at the Report, and the background to the review of the Privacy Act, see our previous alert here).


The Response is largely receptive to the Report’s proposals, indicating positive support for a majority of the recommendations, with none rejected outright. However, the government has only “agreed” to the development of specific legislation for 38 of the proposals, which for the most part relate to less contentious changes focused on strengthening Australia’s existing privacy regime. These include:

  • Regulating information used in automated decision-making and clarifying information security requirements
  • Developing a Children’s Online Privacy Code to apply to online services likely to be accessed by children
  • Introducing new mid-tier and low-tier civil penalty provisions to allow for targeted regulatory responses, alongside enhanced enforcement powers for the privacy regulator and the courts

A further 68 proposals are “agreed-in-principle“, but will be subject to further consultation to explore whether and how they may be implemented so as to balance privacy safeguards with other key concerns, such as the burden on regulated entities. These include a number of the more controversial proposals, such as:

  • The introduction of a maximum 72-hour period to notify the regulator upon becoming aware that there are reasonable grounds to believe there has been an eligible data breach
  • The introduction of new individual rights (including enhanced control over personal information and a “right to be forgotten”) and a statutory tort for serious invasion of privacy
  • Certain changes to how data collection and data breaches are managed
  • The removal of existing exemptions for small businesses and employee records, and the introduction of additional safeguards relating to the journalism exemption

The 10 remaining “noted” proposals, which include recommendations relating to the protection of deidentified information, are flagged for potential further consideration by the government. The Response indicates that the government agrees with the broad intention of a majority of such recommendations, but not necessarily the specific approach put forward.

The government has indicated there will be opportunities for further consultation but will introduce legislation in 2024. There will be a transition period for any changes. For a more detailed look at some of the key proposals that have been agreed, agreed-in-principle, and noted, read our full alert.

Author

Paul Forbes is a partner in the Dispute Resolution group at Baker McKenzie, Sydney.

Author

Ryan Grant is a litigation partner with over 12 years' experience. Ryan has acted for national and international technology and media companies in relation to disputes in the areas of misleading or deceptive conduct, data protection, data breach, copyright, defamation, including online defamation, and general commercial disputes. Many of these disputes involve issues that have never been litigated in Australia. Ryan also holds a Bachelor of IT majoring in Software Engineering and Internet Technology and worked as a software developer prior to becoming a lawyer.

Author

Adrian Lawrence is the head of the Firm's Asia Pacific Technology, Media & Telecommunications Group. He is a partner in the Sydney office of Baker McKenzie where he advises on media, intellectual property and information technology, providing advice in relation to major issues relating to the online and offline media interests. He is recognised as a leading Australian media and telecommunications lawyer.

Author

Toby Patten is a partner in Baker McKenzie's Technology and Healthcare teams in Melbourne. He joined the Firm in March 2005.

Author

Anne has been with Baker McKenzie since 2001. Prior to that, she spent four years with the Australian Attorney-General's Department/Australian Government Solicitor mostly working on large IT projects.
In her time at Baker McKenzie, Anne has spent 18 months working in London (2007-2008) and, more recently, three years working in Singapore (2017-2020).

Author

Caitlin Whale is a partner in the Technology, Communications and Commercial team. She advises on technology, outsourcing and commercial law issues. Caitlin advises on technology and rights-specific issues in large corporate and commercial transactions, and has experience in managing multi-territory licensing and divestments for multi-national clients. She has extensive experience in advising on a range of commercial arrangements, including licence and software agreements, research and development and collaboration agreements, supply agreements and distribution agreements. Caitlin has experience in rights management and enforcement, advising on the ownership, registration, exploitation and protection of copyright, trade marks and designs. She has represented rights-owners and users and has particular experience in relation to online infringement issues.

Author

Jarrod Bayliss-McCulloch is a special counsel in the Information Technology & Commercial department at the Melbourne office of Baker McKenzie and advises on major technology-driven transactions and regulatory issues spanning telecommunications, intellectual property, data privacy and consumer law with a particular focus on digital media and new product development. Jarrod joined the Firm in 2009 and his prior experience includes working in strategy consulting and development economics.

Author

Simone Blackadder is a special counsel in Baker McKenzie's IP Tech team in Sydney.
Simone has been with Baker McKenzie since 2010. In her time at Baker McKenzie, Simone has spent 3 years working in London (2017-2020).

Author

Sally Pierce is a special counsel in the Technology, Data and Commercial team. Sally has a broad commercial practice with particular focus on issues in the technology and defence industries. Sally spent a 13-month secondment in a global professional services company that specialises in information technology services and consulting and six months with a leading defence technology company working on defence technology transactions.