The Australian Information Commissioner’s Office (OAIC) has called for more data accountability measures at all levels in light of the Attorney General’s Department (AGD) requesting consultation for its review of the Data Protection Act. the protection of personal information.
The AGD began its review of the country’s privacy law in late 2020 as part of the Commonwealth’s response to the Australian Competition Commission’s digital platforms inquiry and Consumer Affairs (ACCC), which found that laws needed to be updated to adequately protect consumers and their data. .
Among them measures [PDF] recommended by the OAIC is a central obligation to collect, use and disclose personal information fairly and reasonably for entities under the Australian Privacy Principles (APP). OAIC envisions that this would involve providing consumers with the right to erasure, meaningful consent requiring that they be properly and clearly informed of how their personal information will be processed, and the right to be notified when their information personal information is collected.
Information Commissioner Angelene Falk said introducing such accountability measures would raise the level of data processing to help prevent harm and ease the privacy burden on consumers.
“Establishing a positive obligation for organizations to handle personal information fairly and reasonably will require them to take a proactive approach to meeting their obligations, as they are best equipped to consider the impacts of flows and practices information processing complexities of their business,” she said. noted.
The OAIC also recommended that APP entities be prohibited from taking steps to re-identify information they have collected in an anonymous state, except for research involving cryptology, information security and data analysis.
Regarding when entities should notify consumers when their personal information is being collected, OAIC recommends that this should occur in the event of unauthorized access or unauthorized disclosure of anonymized information, or loss of anonymized information, or when information is re-identified.
The commissioner also wants practices such as profiling, online personalization and behavioral advertising that use children’s personal information to be prohibited, the inappropriate monitoring or control of an individual via the audio or video functionality of their mobile phone or other personal devices, commercial use of biometric identification systems and the collection of personal information on online platforms.
With respect to the enforcement of these measures, the OAIC has stated that it wants its regulatory powers to be expanded by creating several types of civil penalties. The agency explained that an expanded range of penalties would mean that there is more likely to be an appropriate penalty for an offense, regardless of the extent of its seriousness.
“We have recommended changes to the Privacy Act enforcement framework to provide the OAIC with a greater range of effective tools to enforce the law and respond to emerging threats in a proportionate and pragmatic,” said Commissioner Falk.
“This can happen through a streamlined civil penalty regime, backed by notices of infringement as a quick and cost-effective way to deter non-compliant behavior without the need for court proceedings.
In recommending additional civil penalties, he also wants to review how OAIC obtains civil penalty orders when it comes to cases of serious or repeated invasion of privacy by an entity. According to the OAIC, the current Privacy Act imposes unnecessary thresholds that the OAIC must demonstrate before civil penalty orders can be made by the courts.
He also recommended that the Federal Court be given express power to make any order it deems appropriate with respect to breaches of the Privacy Act.
“Allow the Court to make the same orders as the Commissioner under section 52 [of the Privacy Act] will promote clarity and certainty for PPA entities and allow the Commissioner to pursue, and the Federal Court to order, tailored remedies that are more appropriate for a particular case,” the OAIC said.
AGD’s consultation is taking place alongside its other consultation on the Exposure Draft of the Online Privacy Bill. The Online Privacy Bill aims to introduce a binding online privacy code for social media and certain other online platforms, as well as tougher penalties and enforcement measures.
Clamping down on technology has been high on the federal government’s agenda lately, with the prime minister saying three months ago that social media platforms were a ‘coward’s palace’ and would be considered as editors if they did not want to identify users who posted mistakes. and offensive content.
The interim report comes following Australia’s announcement of various initiatives over the past few months to address issues around social media platforms and cyber. In December alone, Australia announced the creation of the Youth Online Safety Advisory Council, passed “Magnitsky-style” cyberattacks and critical infrastructure laws, and proposed anti-trolling laws.