A new right to have personal information collected by companies erased and to ask search engines such as Google to delist results are among the key recommendations of a two-year sweeping review of the nation’s privacy laws.
Attorney-General Mark Dreyfus will embark on another round of consultations on the “right to request erasure” proposal and 115 other reforms put forward by his department in the review of the Privacy Act, commissioned by the former Morrison government.
Attorney-General Mark Dreyfus has received the findings of a two-year review into the Privacy Act.Credit:Alex Ellinghausen
The report is not government policy but lays the groundwork for the most comprehensive overhaul of privacy law since the act was introduced in 1988, but any changes could still be more than a year away.
The right-to-erasure proposal is modelled on the EU’s data protection regime, considered to be the strongest privacy and security law in the world, and would be subject to a number of exemptions including a public interest test and “where it would be technically impossible or unreasonable to comply with an individual’s request”.
If adopted, the changes would require small businesses to comply with the act, a major change from their current exempt status.
“The community expects that if they provide their personal information to a small business they will keep it safe,” the report states, noting further extensive consultation would be required to facilitate this process.
However, parties would be subject to new requirements that voters be given the ability to opt out of direct marketing or targeted advertising and that parties be prevented from targeting voters based on sensitive information or traits, such as racial origin, religious beliefs, sexual orientation, or health.
A key theme of the review was bringing Australia’s law into line with global standards of information privacy protection, with the report landing after the data of millions of Australians was stolen in cyberattacks on Optus and Medibank Private last year. In response to the hacks, the government increased fines for serious or repeated breaches of the Privacy Act from $2.2 million to $50 million.
Dreyfus said the act had not kept pace with rapid advancements in the digital world and would use the feedback on the report to determine the government’s next steps.
“The Australian people rightly expect greater protections, transparency and control over their personal information and the release of this report begins the process of delivering on those expectations,” Dreyfus said.
The Privacy Act is the key piece of legislation that restricts how government and industry can collect, use and disclose individuals’ personal information. The right to erasure was a key recommendation in the Australian Competition and Consumer Commission’s 2019 report into the regulation of digital platforms.
Cut through the noise of federal politics with news, views and expert analysis from Jacqueline Maley. Subscribers can sign up to our weekly Inside Politics newsletter here.
Most Viewed in Politics
From our partners
Source: Read Full Article