29 November 2022

The Office of the Australian Information Commissioner (OAIC) welcomes the passing of the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, which enhances the OAIC’s ability to regulate in line with community expectations and protect Australians’ privacy in the digital environment.

The Bill introduces significantly increased penalties for serious and or repeated privacy breaches and greater powers for the OAIC to resolve breaches.

“The updated penalties will bring Australian privacy law into closer alignment with competition and consumer remedies and international penalties under Europe’s General Data Protection Regulation,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said.

“In addition, new information sharing powers will facilitate engagement with domestic regulators and our international counterparts to help us perform our regulatory role efficiently and effectively.”

Commissioner Falk said the Bill was a positive step ahead of the wider review of the Privacy Act 1988.

“The review presents an important opportunity to ensure that Australia’s Privacy Act empowers individuals, protects their data and best serves the Australian economy,” she said.

Commissioner Falk said the Bill’s increased civil penalties will help to incentivise compliance.

“In seeking penalties, or taking regulatory action, our approach will continue to be pragmatic, evidence-based and proportionate,” she said.

Commissioner Falk also noted the simplification of extraterritoriality provisions in the Bill.

“It will help ensure companies that carry on a business in Australia, while domiciled overseas, are required to comply with Australia’s privacy law,” she said.

“The simplification mitigates against overseas companies avoiding the jurisdiction based on complex structural and technical matters.”