The government will also begin consultation on updating and broadening the definition of “personal information” in the Privacy Act, strengthening platforms’ obligations to notify users about data collection, requiring platforms to set pro-consumer defaults in data collection settings and introducing direct action for consumers whose privacy is breached.
In its response the government said it supported these reforms in principle but would need to avoid unreasonable regulatory burdens on industry and “notification or consent fatigue” for users.
Following consultation those reforms will be introduced to parliament in next year. A review of the need for broader changes to the Privacy Act will also commence next year, to be completed in 2021.
The review will consider the impact on freedom of speech, industry and law enforcement of a potential right for users to have personal information erased on request, and will also evaluate the potential of a statutory tort for serious invasions of privacy.
John Stanton, CEO of telecommunications industry body Communications Alliance, said in a release that the reforms should leverage experience gained from Europe’s introduction of similar measures with its General Data Protection Regulation.
“It is important that Australia’s privacy framework be fit-for-purpose in the digital age, but equally vital that any overhaul of the Privacy Act be underpinned by a full analysis of the economy-wide impact of proposed reforms; not just the impact on digital platforms,” he said.
“If the review pushed to include communications metadata as part of the definition of ‘personal information’ under privacy laws, for example, it must be demonstrated that this would create an actual benefit for consumers, and that this benefit would outweigh the enormous potential costs involved.”