By Cameron Abbott and Rebecca Gill
In light of concerns over how personal data is being used by social media platforms and tech companies, the Commonwealth Government has proposed amendments to the Privacy Act in order to more harshly penalise companies for privacy breaches. The new regime, which aims to update Australia’s privacy laws in line with increased social media use, will see tougher penalties for all entities that are subject to the Privacy Act, not just the headline companies like Google and Facebook.
The Commonwealth Government proposes to increase the penalties for serious or repeated breaches by such entities from $2.1 million to $10 million, or three times the value of any benefit obtained through the misuse of information, or 10 per cent of a company’s annual domestic turnover – whichever is the greater value.
Further, the Office of the Australian Information Commissioner (OAIC) will be given greater powers to pursue and impose penalties on such entities under these reforms. These include the power to issue infringement notices with penalties of up to $63,000 for bodies corporate and $12,600 for individuals for failure to cooperate with efforts to resolve minor breaches.
The OAIC will also employ other methods to address breaches effectively, such as third-party reviews and public notices advising of specific breaches. The OAIC could also direct social media and online platforms to stop using or disclosing an individual’s personal information upon request.
The OAIC has welcomed the proposed changes with open arms. The Commonwealth Government and the OAIC hope that these reforms will result in greater accountability and transparency from social media and online platforms without hindering innovation in the online world.
The Attorney-General, Mr Christian Porter, and the Minister for Communications and the Arts, Mr Mitch Fifield, will draft legislation for consultation in the second half of 2019. These reforms will have a wide impact and organisations should consider making submissions during the consultation period given the harsh penalties that can apply. The flood of privacy breaches makes these reforms a significant risk to all corporates.