Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Australia: Privacy and Other Legislation Amendment Bill receives Royal Assent
On December 10, 2024, the Privacy and Other Legislation Amendment Bill 2024 received Royal Assent.
The Act amends the Privacy Act (as amended) to strengthen the enforcement powers of the Office of the Australian Information Commissioner (OAIC) and introduce provisions related to children's online privacy, automated decision-making, and data breaches. The Act also establishes a statutory tort for serious invasions of privacy and amends the Criminal Code Act to create new privacy-related criminal offenses.
What are the main provisions of the Act?
The Act, among other things:
- requires the OAIC to develop a Children's Online Privacy Code which will apply to social media and other internet services that are likely to be accessed by children;
- introduces provisions allowing organizations to share personal information during emergencies or following data breaches to prevent harm;
- grants the OAIC enhanced powers to investigate potential privacy breaches, including search and seizure powers under warrant;
- empowers courts to order compensation to individuals for loss or damage suffered due to privacy breaches;
- introduces a mechanism to allow the transfer of personal information across borders to countries with substantially similar privacy protections to Australia; and
- requires organizations that use automated decision-making systems that significantly affect individuals to disclose in their privacy policies how personal data is used in these decisions.
Privacy offenses
Notably, the Act introduces a statutory tort for serious invasions of privacy, such as unauthorized surveillance, physical intrusion, or the misuse of personal information. However, the Act provides specific exemptions from liability under tort, including for journalism, enforcement bodies, and intelligence agencies. The Act also makes it a criminal offense to publish personal data in a manner intended to harass or menace a practice defined as 'doxxing.' For doxxing, the Act imposes a penalty of up to six years imprisonment, or up to seven years if the doxxing targets individuals based on attributes such as race, religion, or sexual orientation.
Next steps
The Act came into effect after receiving Royal Assent, except for the provisions creating a statutory tort which will come into effect on a date fixed by proclamation, or if no such date is fixed, six months after December 10, 2024.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
