Australia’s Attorney-General has submitted the first draft of a new Online Privacy Bill that contains striking reforms over existing privacy laws.
The goal of the new bill is to modernize the legislative context that underpins online data protection and security and make new laws tight enough to enforce data handling practices by Internet entities.
Four main pillars of reform
The first draft of the Online Privacy Bill includes the following four main objectives:
- Development of an OP Code that will determine which entities are subject to the legislation and precisely how they are expected to apply its provisions.
- Enforce the Privacy Act, and more specifically ‘Section 13G’, which prohibits online entities from breaching the privacy rights of their users.
- Enable law enforcement bodies, the state, and foreign privacy regulators to request information and/or documents from online platforms.
- Enforce all of the above on extra-territorial entities that are not incorporated in Australia but carry business in the country.
The OP code will be applicable to organizations that provide social media services, data brokerage, and any online platform that has had over 2,500,000 unique visitors from Australia in the past year.
The enforcement of the Privacy Act increases the penalty for privacy violations from AU$2.2 million to AU$10,000,000 ($7.5 million).
Alternatively, the violating entity will pay three times the value of the benefit obtained from confirmed data privacy violations, or 10% of their annual turnover from the previous year.
A year in review
The discussion paper contains several other changes in its 200+ pages, like broadening the definition of personal information to include technical data like unique identifiers and removing the employee records exemption.
All reform proposals need to be be submitted to the Attorney General by January 10, 2022, so there’s over a year left for stakeholders to express their opinion on the matter.
From the first draft, though, it is clear that Australia plans on bolstering the protection of users’ data online. However, there is plenty of time for online entities to lobby for fewer protections, weakening the proposed privacy changes.