Calls for Industry Consultation into Privacy Review


The Tech Council of Australia says it supports key measures in Privacy Review and urges government to consult with industry on proposed legislation.

This comes following the release of the Privacy Review which commits to 38 out of 116 proposals in the Privacy Act Review Report and agreeing in principle to 68 measures.

Tech Council of Australia CEO Kate Pounder said, “We were pleased to see that many proposals put forward by the TCA have been accepted by the Government.”

“The Tech Council of Australia has consistently supported the need to modernise Australia’s outdated privacy laws to better reflect our increasingly interconnected and global digital economy.”

“We see privacy reform as a key pillar of a credible response to improve Australia’s ability to safely and responsibly develop and adopt AI, to improve cyber security resilience and to enable the continued growth of the tech sector.”

“We welcome the Government’s decision to release the final review report and consult further before developing legislation.”

Some key measures advocated by the TCA include:

  • The need for more harmonised and interoperable privacy laws aligned with international and domestic standards and frameworks, such as the GDPR.
  • The introduction of the concepts of data controllers and data processors.
  • Clearer definitions and tests for the fair and reasonable steps organisations are required to take to protect personal information.
  • A review of laws requiring retention of personal information.
  • The introduction of privacy impact assessments for activities with higher privacy risk, including Facial Recognition Technology.
  • The establishment of an ‘Australian link’ for the Privacy Act.
  • The ability of the OAIC to publish guidelines related to emerging technologies and privacy practice.

“Our first priority now is to consult with our member community on a number of areas that will require further thought and consultation on potential implementation risks and issues.”

“As such, we will reconvene our Privacy Working Group to help develop a comprehensive and constructive Tech Council response,” Ms Pounder said.
Areas for consultation include:

  • A right to erasure – which the TCA supports – but which should provide some flexibility in how an organisation implements it.
  • Transparency requirements for substantially automated decision-making, to ensure a clear definition of ‘substantially automated’ is determined, that any obligations are workable in a range of settings given the breadth of uses of AU, and that obligations do not compromise other public interest and safety objectives.
  • Clarifying the roles and responsibilities of data controllers and processors.
  • Consideration of removal of the small business exemption for privacy, which the TCA supports, recognising that good data practice is vital from both a privacy and cybersecurity perspective, but which needs to be designed in consultation with small businesses and should include support measures for them.
  • The proposals for a direct right of privacy and statutory tort of privacy, which we believe should only considered after the adoption and assessment of the effectiveness of other reform proposals to safeguard privacy.
  • The design of privacy and collection notices, which should provide flexibility in their format to recognise the range of organisations and situations in which they are used, and which need to be user-friendly to be meaningful and avoid consent fatigue.
  • The scope of direct marketing, targeting, and trading definitions, in particular the unqualified right to opt-out of marketing and advertising.
  • The introduction of a Children’s Online Privacy Code in a similar way to the UK’s Age-Appropriate Design Code.

Leave A Reply