Australia's 2012 Privacy Act Revisions: Weaker Principles, More Powers

Waters, Nigel; Greenleaf, Graham

Download This Paper

Open PDF in Browser

Add Paper to My Library

Australia's 2012 Privacy Act Revisions: Weaker Principles, More Powers

Privacy Laws & Business International Report, Issue 121, February 2013, 12-13

UNSW Law Research Paper No. 2013-27

3 Pages Posted: 18 Apr 2013

See all articles by Nigel Waters

Nigel Waters

University of New South Wales (UNSW) - UNSW Law & Justice

Graham Greenleaf

Macquarie University - Macquarie Law School (Sydney, Australia)

Date Written: April 15, 2013

Abstract

The Australian Government’s Privacy Amendment (Enhancing Privacy Protection) Act 2012 was enacted on 29 November 2012 but will not commence until March 2014. It contains the first significant amendments to the Privacy Act 1988 since 2001. The whole process took nearly seven years since the Australian Law Reform Commission (ALRC) started work on its privacy reform reference. This article focusses on those aspects of the law which have been changed, for better or worse. We have previously analysed the deficiencies of the Bill in articles http://ssrn.com/abstract=2129626 and submissions http://ssrn.com/abstract=2134838 and the Bill was enacted with none of those deficiencies removed.

The most positive aspect of the Amendment Act is the additional enforcement powers given to the Privacy Commissioner, including powers to direct remedial actions; power to make determinations following ‘own motion’ investigations; civil penalty provisions; powers to require Privacy Impact Assessments; and a new function to conduct ‘assessments’, replacing audit powers.

The addition of a right of appeal to the Administrative Appeals Tribunal against determinations by the Commissioner, while very desirable, do not deal directly with the key problem of the Act: complainants cannot require the Commissoner to make determinations when they are dissatisfied with mediation and disagree with the Commissioner’s view that a complaint has been successfully resolved.

Although one unified set of privacy principles in the Act is desirable, unfortunately none of the thirteen new Australian Privacy Principles (APPs) is an overall improvement, and 8 of the 13 APPs are worse for privacy protection. The most controversial new principle is APP 8, which abandons a ‘border protection’ approach in favour of ‘accountability’. The dangers of this approach are outlined. Changes to the credit report and direct marketing are also outlined.

Suggested Citation: Suggested Citation

Waters, Nigel and Greenleaf, Graham, Australia's 2012 Privacy Act Revisions: Weaker Principles, More Powers (April 15, 2013). Privacy Laws & Business International Report, Issue 121, February 2013, 12-13, UNSW Law Research Paper No. 2013-27, Available at SSRN: https://ssrn.com/abstract=2252569