Submissions

11 December 2020

Part 11: Statutory tort 11 December 202057. Is a statutory tort for invasion of privacy needed?58. Should serious invasions of privacy be addressed through the criminal law or through a statutory tort?11.1 The OAIC supports the proposal to enhance Australia’s privacy framework by including additional remedies for invasions of privacy. ...

11 December 2020

Part 13: Interaction between the Act and other regulatory schemes 11 December 202066. Should there continue to be separate privacy protections to address specific privacy risks and concerns?67. Is there a need for greater harmonisation of privacy protections under Commonwealth law?a. If so, is this need specific to certain types ...

11 December 2020

Part 12: Notifiable Data Breaches scheme – impact and effectiveness 11 December 202063. Have entities’ practices, including data security practices, changed due to the commencement of the NDB Scheme?64. Has the NDB Scheme raised awareness about the importance of effective data security?65. Have there been any challenges complying with the ...

11 December 2020

Part 8: Overseas data flows 11 December 20208.1 Today’s global digital economy relies on data being able to flow securely and efficiently across borders.[180] According to the Export Council of Australia, Australia's digital exports were worth around $6 billion in 2017, equivalent to Australia's fourth largest export sector, and this ...

11 December 2020

Part 1: Objectives of the Privacy Act 11 December 20201. Should the objects outlined in section 2A of the Act be changed? If so, what changes should be made and why?Putting the Privacy Act in context1.1 Privacy is a fundamental human right recognised in Article 12 of the UN Declaration ...

11 December 2020

Part 7: Organisational accountability requirements for entities 11 December 20207.1 Accountability is globally recognised as a key building block for effective privacy regulation and management.[163] While the concept of ‘accountability’ can mean different things in different contexts, for the present purposes, it can be described broadly as the different actions ...

11 December 2020

Part 9: Enforcement powers under the Privacy Act and role of the OAIC 11 December 202053. Is the current enforcement framework for interferences with privacy working effectively?54. Does the current enforcement approach achieve the right balance between conciliating complaints, investigating systemic issues, and taking punitive action for serious non-compliance?55. Are ...

11 December 2020

Part 6: Fairness and reasonableness requirements for entities 11 December 202040. Should there be some acts or practices that are prohibited regardless of consent?42. Should reforms be considered to restrict uses and disclosures of personal information? If so, how should any reforms be balanced to ensure that they do not ...

11 December 2020

Part 5: Notice and consent 11 December 202020. Does notice help people to understand and manage their personal information?21. What matters should be considered to balance providing adequate information to individuals and minimising any regulatory burden?26. Is consent an effective way for people to manage their personal information?5.1 Notice and ...

11 December 2020

Part 3: Flexibility of the APPs in regulating and protecting privacy 11 December 20206. Is the framework of the Act effective in appropriately balancing flexibility to cater for a wide variety of entities, acts and practices, while ensuring sufficient clarity about protections and obligations?3.1While the definition of personal information sets ...