Australia’s privacy watchdog wants to adopt a more strategic and proactive role as part of sweeping reforms to the Privacy Act, calling for more resourcing and powers as part of this process.
In its submission to government, the Office of the Australian Information Commissioner (OAIC) also backed calls to end the Privacy Act exemption for small businesses and political parties and the proposal to make its office industry-funded through a new levy.
The Attorney-General’s Department is currently conducting a wide-ranging review of the Privacy Act and is expected to recommend significant reforms. Submissions on the government’s discussion paper closed last week.
In its submission, the OAIC called for a major change in its role to make it more effective in protecting the privacy of Australians.
The privacy watchdog recommended it be given the power to make binding codes without industry input, additional enforcement powers and a shift to being a “regulator focused on addressing systemic privacy issues in the economy”.
“A more enforcement-orientated approach will require the Commissioner to take on more complex investigations and enforcement, aimed at addressing systemic privacy issues associated with new and emerging data-driven business models, often by large and well-resourced multinational corporations,” the OAIC submission said.
“The proposals in the discussion paper that contemplate a different structure for the OAIC and the complaints handling system under the Privacy Act also provide an important signal about the need for a shift in regulatory posture for the OAIC.”
The government has also floated making the OAIC industry-funded through a new levy on companies operating in Australia.
This has been supported by the OAIC, so long as it is also “supported by appropriate supplementary budget appropriations for functions and activities not funded by a levy”.
A key discussion point from the Privacy Act review has been whether the exemptions given to small businesses and political parties from the Act should remain.
The federal government did not put forward recommendations to this effect in the discussion paper, instead saying that further feedback is needed.
But the OAIC said the government should move to strip small businesses and political parties from these exemptions.
The privacy office said it is “no longer appropriate given the increased privacy risks posed by small businesses in the online environment and the regulatory uncertainty created by the application of the exemption”.
The office also backed the end of the political party exemption.
“Changes to the volume and granularity of personal information collected, together with rising incidents of data breaches, create diverse and complex risks to personal and sensitive information in the current political landscape, and demonstrates the need for political parties, acts and practices to be regulated under the Privacy Act,” the submission said.
The government should also consider the benefits of creating a federal privacy Ombudsman to work together with the OAIC, the agency said.
The OAIC also threw its support behind the introduction of a direct right of action for privacy breaches and a statutory tort of privacy, key elements of the reforms.
Do you know more? Contact James Riley via Email.