New penalties aim to protect online privacy
A new penalty regime designed to boost online protection for Australians has been announced by the federal government.
The regime under the Privacy Act aims to ensure that major social media companies take action to protect the information they collect about Australians — especially children.
"Existing protections and penalties for misuse of Australians' personal information under the Privacy Act fall short of community expectations, particularly as a result of the explosion in major social media and online platforms that trade in personal information over the past decade," said Attorney-General, Christian Porter.
"What the Morrison government is doing today is outlining a new regime of protections for Australians and penalties for those who misuse Australians' personal information. This regime will update our privacy laws without impeding the continued innovation and development of companies working in the online space."
Minister for Communications and the Arts Mitch Fifield said it was clear the Australian community enjoyed using social media and technology platforms, but was increasingly concerned about how personal data is captured, analysed and shared. This was particularly the case for children and members of other vulnerable community segments.
"The tech industry needs to do much more to protect Australians' data and privacy," Fifield said.
"Today we are sending a clear message that this government will act to ensure consumers have their privacy respected and we will punish those firms and platforms who defy our norms and our laws."
The amendments to the Privacy Act will:
- Increase penalties for all entities covered by the Act, which includes social media and online platforms operating in Australia, from the current maximum penalty of $2.1 million for serious or repeated breaches to $10 million or three times the value of any benefit obtained through the misuse of information or 10% of a company's annual domestic turnover — whichever is the greater.
- Provide the Office of the Australian Information Commissioner (OAIC) with new infringement notice powers backed by new penalties of up to $63,000 for bodies corporate and $12,600 for individuals for failure to cooperate with efforts to resolve minor breaches.
- Expand other options available to the OAIC to ensure breaches are addressed through third-party reviews, and/or publish prominent notices about specific breaches and ensure those directly affected are advised.
- Require social media and online platforms to stop using or disclosing an individual's personal information upon request.
- Introduce specific rules to protect the personal information of children and other vulnerable groups.
"This penalty and enforcement regime will be backed by legislative amendments which will result in a code for social media and online platforms which trade in personal information. The code will require these companies to be more transparent about any data sharing and requiring more specific consent of users when they collect, use and disclose personal information," the Attorney-General said.
"We will also be requiring platforms to implement a mechanism to ensure they can take all reasonable action to stop using an individual's personal information if a user requests them to do so and have even stronger regimes to address these issues when the user is a child or other vulnerable person."
The OAIC will be provided with an additional $25 million over three years to give it the resources it needs to investigate and respond to breaches of individuals' privacy and oversee the online privacy rules.
Legislation will be drafted for consultation in the second half of 2019.
"This new regime builds on other government initiatives to improve online safety and provide Australians with greater control over their personal data, including the Online Safety Charter and Online Safety Research program, and the Consumer Data Right," the Attorney-General said.
"The draft legislation will also incorporate any relevant findings of the current Digital Platforms inquiry by the Australian Competition and Consumer Commission, which is due to issue its final report in June 2019. Whilst focused on the impact of large digital media platforms on competition in news media, it is also touching on privacy-related issues and, in its interim report late last year, recommended the tougher penalty regime being outlined today by the Morrison government."
Australia was the eighth most targeted country in the world for credential stuffing attacks from...
Intelligence officials reportedly consider China to be the key suspect in the ANU data breach,...
The Australian National University has disclosed a data breach affecting 19 years' worth of...