17 November 2022

Opening statement by Australian Information Commissioner and Privacy Commissioner Angelene Falk

Check against delivery

The OAIC welcomes the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 as a positive step towards updating Australia’s privacy laws, to ensure we have a regulatory framework that empowers individuals, ensures entities protect personal information and best serves the Australian economy.

In a digital world where data knows no borders, our privacy law must protect Australian’s personal information wherever it flows. That’s why I support the simplification of the extraterritoriality provision in section 5B. It will help ensure companies that carry on a business in Australia, while domiciled overseas, are required to comply with Australia’s privacy law. The simplification mitigates against overseas companies avoiding the jurisdiction based on complex structural and technical matters.

Across the world and domestically, we see higher penalties for privacy breaches and consumer protection type contraventions.

To incentivise investment in compliance with privacy laws in Australia, we need a multifaceted approach. This includes the OAIC continuing to provide guidance, advice, conducting assessments and identifying risks. And it also includes having the ability to take court action for higher penalties in appropriate cases. Any decisions to do so will be proportionate and transparent, in line with our published regulatory action policy and guide.

We also need information gathering powers and consequences for non-compliance. This ensures we have all relevant information to assess and help mitigate harms to individuals. We support additional information gathering powers and infringement notices for non-compliance.

Another key feature of our regulatory environment is the need for multiple domestic regulators across domains, to collaborate and coordinate. Recent data breaches have made this all the more apparent.

The enhanced information sharing provisions will ensure we can work together cohesively in the public interest, with clarity and certainty.

That is also the case for international cooperation. The enhanced information sharing will ensure we have a clear framework for joint action and coordination with international regulators, to ensure Australian’s personal information is protected wherever it flows.

Together the provisions of the Bill will enhance the OAIC’s ability to undertake our regulatory functions in an efficient and effective manner in the interests of the community.