Business & Commercial law

Overhaul of Australia’s privacy laws

The Federal Government has agreed to an overhaul of Australia’s privacy laws, in light of a number of significant data breaches in recent years, which have affected millions of Australians. The proposed reforms will include giving Australians:

  • the right to opt out of advertising, and
  • the right ‘to be forgotten’ (requesting organisations delete or de-identify their personal information).

Importantly, the changes will also remove the exemptions for small businesses from the Privacy Act 1988 (Cth) (the Act), meaning that small business will need to comply with the Act. If the proposed changes are implemented, they would impose a complex and costly burden on small businesses, that have not yet put in place policies, procedures and infrastructure to deal with their obligations and who have less resources to implement change.

In total there are 116 proposed changes. It is important to note that these changes are just proposed at the moment, and they will take some time to be worked through prior to implementation. In the meantime, it is vital that businesses understand what these changes are and the implications they could have on your business operations. If implemented, they will be the most significant changes to privacy laws in Australia since the Act was brought into effect in 1988.

What are the implications of the proposed changes?

If the changes are passed into law, it is likely that they will impact on any business’:

  • Privacy policies,
  • Processes and practices that involve customer data or personal information, and
  • Advertising practices.

When will these changes take place?

We don’t yet know for certain, but we do know they are a high priority for the Federal Government. The Privacy Review Report was released in February 2023, so steps are already underway to take action on the report’s recommendations. The Attorney-General said that the Government hopes to introduce the legislation sometime in 2024.

What should we do now?

Although the reforms have not yet been implemented, it makes sense to get ready. Here are some things you might consider looking at now:

  • Simplifying the ‘opt out’ (or unsubscribe) options for your business. Make it easy for your customers, to keep them on side with your brand.
  • Keep reading and learning about these privacy changes, and how they might apply to your business. Knowledge is power.
  • Consider what steps you could implement in your business to easily and properly erase personal information if requested.
  • If you are a small business, you should seek advice about what impact there might be on your business, with the new obligation to comply with privacy laws. You might need to put into operation a new privacy policy or review your existing privacy policy/ies, and train your staff to have an understanding of the new obligations.

Get in touch!

If you have any questions or would like any advice on the proposed privacy law changes or what steps you can take now to prepare, get in touch with our Business & Commercial law team here or contact the author Lauren Roberts at (08) 8205 1222 or