On 30 November 2023, the Digital ID Bill 2023 (Cth) and the Digital ID (Transitional and Consequential Provisions) Bill 2023 (Digital ID Bills) were introduced in the Australian Senate. Digital IDs are designed to provide individuals with a convenient way to verify their identity when completing certain online transactions and dealing with government and certain businesses. This acts as an alternative to repeatedly providing details or copies of personal and sensitive identification documents with third parties that may be vulnerable to cyber-attacks. [Read more…]
Privacy Law
Misinformation and Disinformation Bill 2023 – exposure draft
28 September 2023 by
The Communications Legislation Amendment (Combatting Misinformation and Disinformation) Bill 2023 (Cth) (Misinformation Bill) was announced by the Department of Infrastructure, Transport, Regional Development, Communication and the Arts (DITRDCA) in January 2023. The Misinformation Bill is aimed at restricting the flow of misinformation and disinformation by providing the Australian Communications and Media Authority (ACMA) with increased power to hold digital platforms accountable for allowing the dissemination of allegedly misleading information. [Read more…]
Privacy Act amended to increase penalties up to $50 Million
9 December 2022 by
The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 (Bill) was passed by both Houses of Parliament on the 28 November 2022 and now awaits Royal Assent. The Bill was passed with virtually no amendment.
New privacy bill to be put before commonwealth parliament
27 October 2022 by
The Federal Government announced on 22 October 2022 that it intends to introduce new legislation to strengthen certain provisions of the Privacy Act 1988(Cth). This legislative change was triggered by multiple data breaches that have occurred in the past weeks such as the Optus breach in September this year. This article discusses the proposed amendments and the implications for Australian privacy laws.
What should APP Entities include in a data destruction policy?
26 April 2022 by
The Australian Privacy Principles (APPs) contained at Schedule 1 of the Privacy Act 1988 (Cth) (Act) requires APP Entities to destroy or deidentify personal or sensitive information (Protected Information) as soon as reasonably practicable.[1] Having a data destruction policy (DDP) in place means that everyone in the company knows what information is Protected Information, and when and how it is to be destroyed or deidentified. [Read more…]
7-Eleven customer survey: do privacy policy terms equal consent?
22 December 2021 by
In 2020 the 7-Eleven Stores Pty Ltd ACN 005 299 427 (7-Eleven) chain launched a customer feedback mechanism nationwide which prompted customers to complete a voluntary survey about their experience in store on a tablet device. When a customer completed the survey, a digital image was taken of the customer which was shared with two (2) Application Programming Interfaces (API) to assess and record certain information about the customer.
On 29 September 2021 the Office of the Australian Information Commissioner (OAIC) recently declared that 7-Eleven breached Australian Privacy Principles with these actions.[1]
Government surveillance bill passed by Parliament
30 September 2021 by
On 25 August 2021 Federal Parliament passed the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021 (Bill). The Bill modifies various acts, including the Surveillance Devices Act 2004 (Cth) (SDA) and the Crimes Act 1914 (Cth) (CA), to enhance the law enforcement powers of the Australian Federal Police and the Australian Criminal Intelligence Commission in respect of serious online crime.[1] The Bill introduces three (3) new warrants:
- data disruption warrants;
- network activity warrants; and
- account takeover warrants.
Uber breaches Australian privacy laws
31 August 2021 by
The recent decision by the Australian Information Commissioner and Privacy Commissioner, Angele Falk, (Commissioner) in Commissioner Initiated Investigation into Uber Technologies, Inc. & Uber B.V. (Privacy) [2021] AICmr 34 (Uber) has provided further guidance as to exactly who is bound by the Privacy Act 1988 (Cth) (Act) though the ‘Australian link’ set out in subsections 5B(2)-(3) (Australian Link). A full breakdown of what amounts to an Australian Link can be viewed in another article here. This article discusses the Australian Privacy Principles (APPs) that were breached by Uber and what was decided the ride-sharing entity was to do in response to non-compliance with the Act. [Read more…]
Ransomware Payments Bill 2021 (Cth)
23 August 2021 by
Ransomware is a type of software which maliciously denies an organisation access to their own IT systems and often threatens to release information within such a system subject to the payment of a ransom. The government believes ransomware attacks are Australia’s largest cyber threat.[1] The Ransomware Payments Bill 2021 (Cth) (Bill) intends to establish mandatory reporting requirements for all of Commonwealth entities, State or Territory agencies, corporations and partnerships who make ransomware payments pursuant to a ransomware attack. The Bill would see such organisations provide notice to the Australian Cyber Security Centre (ACSC). [Read more…]
The Australian Cyber Law Map
24 June 2021 by
The Australian Cyber Law Map (Map) is a collaborative guide intended to help legal practitioners navigate through the detailed and complicated legal landscape of Australian cyber-related legislation and case law. Within the Map, the ever-evolving area of cyber law has existing principles and new development categorises. The Map and the categories it focuses on can be easily understood via the following visualisation. [Read more…]
