On 30 October 2020 the Morrison Government committed to a review following the Australian Competition and Consumer Commission’s Digital Platforms Inquiry in 2019. Several recommendations from that Inquiry – which the Government has already agreed to in principle – are to be considered as part of the review (available here).
These include expanding the scope of the Privacy Act to cover technical data and other online identifiers; and strengthening privacy notice and consent requirements.
A copy of our submissions on the Enforcement powers under the Privacy Act and role of the OAIC are available here
f
f
f
Submission Summary
Given Australians currently have limited ability to litigate breaches of their Privacy in the court system, the OAIC is the only realistic avenue open for Australians to enforce breaches of Privacy.[1]
This causes a number of problems, as taking action against every breach may not always align with the responsive regulatory approach adopted by the OAIC.[2]
In our submission, the OAIC currently has too many roles in the enforcement of Privacy breaches, including acting as an External Dispute Resolution body (EDR), an enforcement body and a final determinative body offering guidance on the interpretation of the Act.
In other areas, for example financial law, these areas would normally be dealt with by 3 separate bodies (in the case of financial breaches, these may be dealt with by either AFCA (the EDR body), ASIC (the enforcement body) or the courts (the final determinative body offering guidance on interpretation).
We submit that the OAIC is unable to perform all these functions adequately, as the need for targeted enforcement action is not always in congruence with providing fair and balanced outcomes for all complainants who are potentially wronged.
[1]Australian Competition and Consumer Commission, Digital Platforms Inquiry (Final Report, June 2019), 473.
[2] Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice (Report No 108, May 2008) vol 2, 1517.